I've recently installed Red Hat 9.0 with the 2.4.20.8 kernel. I've never played with Linux before and now I boot into Windows only to play games. I love Linux, but I am THIS close to removing RH and going with a different distro. Nvidia drivers are hard to load, MP3 support has to be added, ntfs support has to be loaded and Samba doesn't work correctly.

I've solved all but one of my problems by searching these forums. Excuse me. All of my LINUX problems. I was getting locking file problems and I was unable to automount a Windoze share at boot. I upgraded Samba from two point something to the latest release and that got rid of those two problems, but I still have one left with Samba. I have something going on at boot, but that will come later.

My windoze box cannot access the Linux box. I keep getting an access denied error.

The two machines are hooked together with a hub and are the only two machines on the subnet. The windoze box has two NIC's and acts as a gateway & firewall. Yes, I plan on changing that situation later.

There are smb users with passwords created and I've even tried using the net command in the console mode with no luck. Still, access denied. The share directory has been shared to the world and still access denied. Yes, I can see my Linux box in Network Neighborhood, I just can't access it.

Any thoughts and/or suggestions would be greatly appreciated.

v/r
Russ

Smb.conf:

[global]
workgroup = MSHOME
server string = Server
printcap name = /etc/printcap
load printers = yes
log file = /var/log/samba/log.%m
max log size = 50
security = share
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = no
dns proxy = no
guest only = yes
[printers]
comment = All Printers
path = /var/spool/samba
browseable = yes
guest ok = yes
printable = yes
[tmp]
comment = Temporary file space
path = /tmp
read only = no
public = yes
[fs]
comment = File Server
path = /fs
public = yes
writeable = yes
guest ok = yes

You will probably need to use 'smbpasswd -a your_username', with which you can add and set passwords inside the /etc/samba/smbpasswd user accounts file, which acts similarly to /etc/passwd, only it's specific to samba. You will need to add a normal shell account with the same name ('useradd') for this to work. Make sure that if your using NT/2000/XP on your windows machine that the account you log in with matches this account (this will prevent you from having to authenticate manually everything from Windows, aka Administrator).

To save yourself headaches from switching back and forth between Linux and Windows for testing, use:

smbclient -L '\\Server' -U 'your_username'

(This is the same as clicking on the server in My Network Places, if you get access denied here, you'll get access denied everywhere else)

Usually the easiest out-of-the-box secure configuration is to use the default [Homes] shares, especially since you're at home with two computers and not a member of an NT domain or anything. The fs share you've defined is great, but has no security associated with it.

Yes, I've done that already. When I try to use the window's net command (net use z: \\linux\fs password /USER:shunter /PERSISTENT:NO) it comes back with command completed successfully and the Z: drive shows up in My Computer, but when I click on it, I get Access is Denied.

<edit> Yes, I have a user 'shunter' in the smbpasswd file and 'shunter' is the login name on the win box.

Russ

You should set security = user

Your guest only declaration will not work without also setting the allow guests = yes. If you are setting up accounts there is really no point in guest and or share level access anyway.

Remove all lines referring to guest in the global and share sections. Set security to user and you should be good to go.

Adding browseable = yes to all you shares (not just printers) is necessary to be able to see the share from network neighborhood in windows.

Tom

Access is still denied. Is there a way I can do a loopback test?

Russ

If you are getting the drive mapped, all the user account information stuff is working. The problem is the permissions of the local file system, i.e. /fs. Make sure your 'shunter' user has some kind of permissions to the directory you're exporting, /fs. Try chmod 775 /fs; chgrp shunter /fs.

Unfortunately, that did not work either. I have been doing a lot of research online about this and although I haven't found a solution for my problem, I did find a solution to a problem that a lot of people are having, so I'll start a new thread on that.

Because of my online reading, I have seriously modified my smb.conf file, but it hasn't fixed anything. I did however find out something interesting. If I try to connect to myself with smbclient as root, it works fine, but if I try that as shunter, it fails ("tree connect failed: Call returned zero bytes (EOF)") . I googled that message and the only thing I could find was about the smb.conf file not allowing 127.0.0.1, but I do have that allowed.

Here is my "new" smb.conf that still doesn't work

Russ


[global]
# Required to support Windows 98 or above
encrypt passwords = yes

# Files that have UNIX permissions that prohibit access are hidden from users
hide unreadable = yes

# We don't have any OS/2 clients
lm announce = no

# We log all activity to a single file for regular review
log file = /var/log/samba.log

# We want a minimum level of logging
log level = 1

# What NetBIOS name does our server call itself?
netbios name = FileServer

# We rely on username/password access methods
security = user

# What description should be shown in the share list?
server string = "Samba Server"

# These options are appropriate for most LAN's
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192

# We never want Samba to decide for us where to put the user & password file
smb passwd file = /etc/samba/smbpasswd
username map = /etc/samba/smbusers

# We support the NET TIME syntax from workstations
time server = yes

# We will provide NetBIOS name resolution (WINS) support for clients
wins support = yes

# This is our domain/workgroup name
workgroup = MSHOME

# Reduce the overhead that Samba uses to scan for timeouts
change notify timeout = 300

# Open files with no connections are closed after 15 minutes
deadtime = 15

# Files that have UNIX permissions that prohibit access are hidden from users
hide unreadable = yes

# We only allow access from these hosts
hosts allow = 192.168.0.1 127.0.0.1

# All other hosts are denied access
hosts deny = ALL

# The root user is not allowed access
invalid users = root

# All our computers are Windows XP
lanman auth = no

# Again, all our clients are Windows XP
min protocol = NT1

# We don't want to compete for browse master elections - we win always
os level = 255

# We want to initiate a browse master election (probably unnecessary)
preferred master = yes

[template]
# We use a template so that we can repeat some of these values across multiple shares
# Testparm complains if this section has no path, so we give a default dummy path
path = /dev/null

# Many times a user will ask us who last changed a file and when. This allows us to
# record this information in the UNIX filesystem despite being anti-POSIX
dos filetimes = yes

# By default, all write access is created with the following mask. Note:
# The use of 7 instead of 6 is intentional -- the extra bit is used by Windows
# clients - go figure!
force create mode = 0774

# All directory creation is made with this UNIX mask.
force directory mode = 0775

# Regardless of the UNIX group a user is in, all file activity is done as this user
force group = +shunter

# The following files are hidden by default from the client
# In this case, any Windows XP preview files for icons are hidden for cosmetic reasons only
hide files = /Thumbs.db/

[fs]
path = /fs
writeable = yes
valid users = shunter
# Copy the values from the above template section
copy = template

copy = template looks like trouble - your path defined for the fs share is going to be both /dev/null and /fs! Also, in the interest of keeping it simple, I'd comment out the force group = +shunter group and valid users. Make sure you have not added any mappings /etc/samba/smbusers, as long as shunter in the Samba world matches shunter in the UNIX world in both password files, you will be all set.

Please show a listing of the permissions on /fs please. ls -lD /fs

By default, a user authenticating who has a valid password in /etc/passwd (/etc/shadow), /etc/samba/smbpasswd, and at *least* read permissions to the service they're connecting to (i.e. /fs being drwxr-xr-x root.root) will again access.

Why don't you try something simple to get you connected and add all the bells and whistles later, it looks like this is either a home network or very small; I assume single homed?

[global]
workgroup = mshome
netbios name = fileserver
server string = Samba Server
security = user
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
socket options = SO_KEEPALIVE TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
hosts allow = 192.168.0.0/255.255.255.0
log file = /var/log/samba/samba.%m
log level = 1
max log size = 2048
[public]
path = /fs
writable = yes
browseable = yes

Check your permissions on your share directory as bents said. chmod 777 /fs

Get this thing connected then harded as you feel necessary. I glanced through this thread and did not see (may have overlooked) where firewall has been eliminated as cause. If your box was or is showing up in network neighborhood that wont be a problem.

Good luck
Tom

When I look at permissions, I get:

[shunter@Linux fs]$ ls -lD /fs
total 0
-rw-rw-r-- 1 root root 0 May 1 09:09 hello
-rw-rw-r-- 1 shunter shunter 0 May 4 16:37 hello.again
//DIRED// 68 73 132 143
//DIRED-OPTIONS// --quoting-style=literal
[shunter@Linux fs]$

I chmod'ed with 777 and got:

[root@Linux fs]# ls -lD
total 0
-rwxrwxrwx 1 root root 0 May 1 09:09 hello
-rwxrwxrwx 1 shunter shunter 0 May 4 16:37 hello.again
//DIRED// 68 73 132 143
//DIRED-OPTIONS// --quoting-style=literal
[root@Linux fs]#


but still no access. I then tried Tom's smb.conf file and still.... no access

I tried to smbclient locally, but I only get a listing of the shares:

[root@Linux /]# smbclient -L //fileserver/public -U shunter
Password:
Domain=[FILESERVER] OS=[Unix] Server=[Samba 3.0.3]

Sharename Type Comment
--------- ---- -------
public Disk
IPC$ IPC IPC Service (Samba Server)
ADMIN$ IPC IPC Service (Samba Server)
Domain=[FILESERVER] OS=[Unix] Server=[Samba 3.0.3]

Server Comment
--------- -------

Workgroup Master
--------- -------
MSHOME FILESERVER
[root@Linux /]#


and still.... no access

Russ

What are your permisions for the directory you are sharing? You checked permissions on directory contents only when you ld -l /fs ------- Try ls -l / and see what the permissions are on /fs. I just set up a net environment just like yours, I assume you are using xp since you have that nice little net use /user switch. I set up a share /fs with rwx------ and when i clicked on it in network neighborhood I got a not accessible error. I changed /fs to rwxr-xr-x and it allowd me to open but not create folders. I chmod 777 /public and I had total access. If you can map the drive from windows it has to be permissions set on your /fs directory.

Try this:

su - root

enter root password

cd /

chmod 777 fs

exit

now share files

Tom

I'm using Fedora Core with Samba and had a similar problem accessing Linux shares through Windows, it ends up it was the Fedora (Red Hat?) firewall application blocking access to the Linux box. All I had to do was enable access through eth0 in the firewall. I'm new to Linux, so I don't know the console commands for the Linux firewall.

Also, is there any way to tell my Linux firewall to only allow access from my Windows PC and not just opening up eth0?