LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 07-24-2011, 08:25 PM   #1
artomason
LQ Newbie
 
Registered: Jul 2011
Posts: 1

Rep: Reputation: Disabled
Exclamation [Help] Unable to access Samba shares.


First off a little history of me lol. I'm not completely a Linux noobie, but I'm not the most advanced user either. With that said I have a few interesting problems with Samba.

First off I can see the NetBios name under Windows Networking (Windows 7), however everytime I try to connect to it I get an Access Denied and/or "Incorrect Password/Username" error. I have gone into secpol.msc and changed the values that other posts have suggested. Both the server and the workstation are located under the same group, and I have used the smbpasswd -a <username>. The server is not configured to be a Primary Domain Controller so.. I'm lost. Infact my brain hurts from 3 days of this. I have posted my SMB.CONF file to see if that helps. Hum.. Maybe I'm just trying to access a file share that isn't there..

\\"NetBios Name"\"Share Name"\

Respectfully

Distro: Debian Squeeze

# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options most of which
# are not shown in this example
#
# Some options that are often worth tuning have been included as
# commented-out examples in this file.
# - When such options are commented with ";", the proposed setting
# differs from the default Samba behaviour
# - When commented with "#", the proposed setting is the default
# behaviour of Samba but the option is considered important
# enough to be mentioned here
#
# NOTE: Whenever you modify this file you should run the command
# "testparm" to check that you have not made any basic syntactic errors.

## Global Settings ##

[global]

## Browsing/Identification ###

# Change this to the Workgroup/NT-Domain name your Samba Server will
# provide services too. All computers on the network should be set to this.
workgroup = WORKGROUP

# Server string is the equivalent of the NT Description field. Users that
# connect to the server will see this name.
server string = %h SMB-Server

# WINS Support tells the NMBD component of Samba to enable its WINS Server,
# but this is only useful if you are running an actual WINS Server.
; wins support = yes

# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# however, Samba can be either a WINS Server, or a WINS Client, but NOT both.
; wins server = w.x.y.z

# This will prevent nmbd from searching for NetBIOS names through DNS. Note
# that the maximum length for a NetBIOS name is 15 characters, so the DNS
# name, or DNS Alias, can likewise only be 15 characters long.
dns proxy = no

# This lists what naming service and in what order they should be used
# to resolve host names to their respective IP addresses.
; name resolve order = lmhosts host wins bcast

# Windows operating systems require that this be defined in order to
# furnish the client with a recognizable network path name.
NetBios name = Samba Server

## Networking ##

# Specific set of interfaces that Samba should bind to. This can be either be
# the interface name or an IP address and netmask.
interfaces = eth0

# Only bind to the named interfaces and/or networks specified above. You must
# use the 'interfaces' option above to use this. It is recommended that you enable
# this feature if Samba is not protected by a firewall or is a firewall itself.
# However, this option cannot handle dynamic or non-broadcast interfaces correctly.
bind interfaces only = yes

## Debugging/Accounting ##

# This tells Samba to use a separate log file for each machine that connects rather
# than clustering all the log information into one log.
log file = /var/log/samba/log.%m

# This option caps the size of the individual log files (in KiB) to provent an
# unintention DDoS attack due to a log flooding.
max log size = 1000

# If you want Samba to only log through syslog then set the following
# parameter to 'yes'. It is highly recommended that you do not set this
# option to 'yes' as it will further clutter/flood your syslog.log file.
syslog only = no

# We want Samba to log a minimum amount of information to syslog. Everything
# should go to /var/log/samba/log "smbd,nmbd" instead. If you want to log
# through syslog you should set the following parameter to something higher.
syslog = 0

# E-mail the System Administrator when Samba crashes with a backtrace of
# what might have happened. If you do not have mail services setup on you
# server it is suggested that this should be commented out to prevent Samba
# from filling the admins mailbox since it won't be delivered anyway.
# panic action = /usr/share/samba/panic-action %d

## Authentication ##

# Setting this option to "user" is always a good idea. This will require a Unix
# account on this server for every user accessing Samba. Other options include
# setting this to "server" will cause Samba to try and authenticate the user
# by passing the job of authentication to another Samba Server. Alternatively
# you can set this to "share" as well, but please note that when setting this
# option to "share" there is a bug in WfWg that may make it impossible for the
# user to access Samba Shares from their computer.
security = user

# Password encryption controls whether encrypted passwords will be negotiated
# with the client. This option has no effect on Samba unless you have compiled
# in the necessary DES libraries and encryption code.
encrypt passwords = true

# If you are using encrypted passwords, Samba will need to know what password
# database type you are using.
passdb backend = tdbsam

# This boolean parameter tells Samba that it needs to adhear to the policies
# that are set by the PAM modules. Further privileges can be set by making
# changes to the appropriate PAM modules.
obey pam restrictions = yes

# This boolean parameter controls whether Samba will or will not attempt to
# sync the Unix password with the SMB password when the encrypted SMB password
# in the passdb is changed. This option is useful for when users are strictly
# samba users and never connect via SSH, however some Administrators may want
# the user to have seperate passwords for security reasons.
unix password sync = yes

# For Unix password sync to work on a Debian GNU/Linux system, the following
# parameters must be set in or properly sync the two password databases.
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\sNew\s*\sPassword:* %n\n *Retype\sNew\s*\sPassword:* %n\n *Your\spassword\shas\sbeen\supdated\ssuccessfully* .

# This boolean controls whether or not PAM will be used for password changes
# when requested by an Samba Client instead of the program listed in the
# 'passwd program' boolean. The default is 'no'.
pam password change = yes

## Domains ##

# This setting allows the server to authenticate users. Both Primary Domain
# controller and Backup Domain Controller must have this setting enabled. If
# you are the BDC you must change the 'domain master' setting to no.
; domain logons = yes

# The following setting only takes effect if 'domain logons' is set. It will
# specify the location of the user's profile directory from the clients point
# of view. The following require that a [profiles] share is present and setup
# on the Samba Server. See below to configure [profiles].
; logon path = \\%N\profiles\%U

# Another common choice is to store the profile in the User's Home Directory
# for example: /home/'user'/profile. This allows Administrators to quickly
# enable and disable Samba access by simply locking the users account with
# the passwd <username> -l command.
logon path = \\%N\%U\profile

# The following setting only takes effect if 'domain logons' is set. This
# boolean specifies the location of a user's home directory from the client
# point of view. It also creates a default share of the user's home directory.
; logon drive = Z:
; logon home = \\%N\%U

# The following setting only takes effect if 'domain logons' is set. This will
# specify the script to run during logon. The script must be stored in the
# [netlogon] share. The script must be store in 'DOS' file format convention.
; logon script = logon.cmd

# This allows Unix users to be created on the domain controller via the SAMR
# RPC pipe. The example command creates a user account with a disabled Unix
# password. Please adapt this to your needs.
; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u

# This allows machine accounts to be created on the domain controller via the
# SAMR RPC pipe. The following assumes a "machines" group exists on the system.
; add machine script = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u

# This allows Unix groups to be created on the domain controller via the SAMR
# RPC pipe.
; add group script = /usr/sbin/addgroup --force-badname %g

## Printing ##

# If you want to automatically load your printer list rather than setting them
# up individually then you'll need to set this to 'yes'.
; load printers = yes

# lpr(ng) printing. You may wish to override the location of the PrintCap file.
; printing = bsd
; printcap name = /etc/printcap

# This boolean enables CUPS printing over Samba. Comment these out to disable.
; printing = cups
; printcap name = Cups

# Network Printing Configuration
; [printers]
; comment = Printers
; browseable = no
; path = /var/spool/samba
; printable = yes
; guest ok = no
; read only = yes
; create mask = 0700

# Windows clients look for this as a source of downloadable printer drivers.
; [print$]
; comment = Printer Drivers
; path = /var/lib/samba/printers
; browseable = yes
; read only = yes
; guest ok = no

# Uncomment to allow remote administration of Windows print drivers. You may
# need to replace 'lpadmin' with the name of the group your admin users are
# members of. Please note that you also need to set appropriate Unix permissions
# to the drivers directory for these users to have write privilages.
; write list = root, @lpadmin

## Misc ##

# Using the following line enables you to customize your configuration on a per
# machine basis. The %m gets replaced with the netbios name of the machine that
# is connecting to the Samba Server.
; include = /home/samba/etc/smb.conf.%m

# Most people will find that this option gives better over all performance. You
# may want to add the following on a Linux system:
SO_RCVBUF=8192 SO_SNDBUF=8192
socket options = TCP_NODELAY

# The following parameter is useful only if you have the LinPopup package on the
# server installed. The Samba Maintainer and the LinPopup Maintainer are working
# to ease installation and configuration of LinPopup and Samba.
; message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' &

# Domain Master specifies Samba to be the Domain Master Browser. If this Samba
# Server will be configured as a Backup Domain Controller, you must set this
# to 'no', other wise if this server will be configured as the Primary Domain
# controller than you must set this to 'yes'. Optionally you can set this to
# 'auto' as this is the default setting.
domain master = auto

# Some default UID and GID settings for winbind. Ensure that you are not using
# these ranges for anything else, as it may cause a security hole.
; idmap uid = 10000-20000
; idmap gid = 10000-20000
; template shell = /bin/bash

# The following was the default behaviour in Debian Sarge, but Samba upstream
# reverted the default because it might induce performance issues in large
# organizations. See Debian bug #368251 for some of the consequences of *not*
# having this setting and smb.conf(5) for details.
; winbind enum groups = yes
; winbind enum users = yes

# Setup usershare options to enable non-root users to share folders
# with the net usershare command.

# Maximum number of usershare. 0 (default) means that usershare is disabled.
usershare max shares = 0

## Share Definitions ##

# By default, the home directories are exported read-only. Change the next
# parameter to 'no' if you want to be able to write to them.
read only = no

# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
create mask = 0755

# Directory creation mask is set to 0700 for security reasons. If you want to
# create dirs. with group=rw permissions, set next parameter to 0775.
directory mask = 0775

# By default, "\\server\username" shares can be connected to by anyone with
# access to the Samba Server. The following parameter makes sure that only
# "username" can connect to "\\server\username". This might need tweaking when
# using an external authentication scheme
valid users = %S

# Un-comment the following and create the netlogon directory for Domain
# Logons. You will need to configure Samba to act as a domain controller in
# order for this and domain logons to work.
; [netlogon]
; comment = Network Logon Service
; path = /home/%U/netlogon
; guest ok = no
; browseable = no
; read only = yes
; share modes = no

# Un-comment the following and create the profiles directory to store users
# profiles in. You will also need to configure Samba to act as a domain controller
# in order for this to work. The path below should be writable by all users so
# that their profile directory may be created the first time they log on.
;[profiles]
;comment = User Profiles
;path = /home/%U/
;guest ok = no
;browseable = no
;create mask = 0600
;directory mask = 0700

# By default, all users associated with the Samba Server will have access to
# the below defined shares. To disable one or all of the shares, just comment
# out their configuration below.
[Public-SMB]
comment = Public-SMB
path = /home/public/
guest ok = no
create mask = 0700
directory mask = 0700
valid users = %U
writeable = yes

# Define user specific Samba shares.
[Private-SMB]
comment = Private-SMB
path = /home/%U/private/
read only = no
guest ok = no
create mask = 0700
directory mask = 0700
valid users = <USERNAME> <-- Entry Changed
writeable = yes

[Website SMB]
comment = Website-SMB
path = /home/%U/www/
read only = no
guest ok = no
create mask = 0700
directory mask = 0700
valid users = <USERNAME> <-- Entry Changed
writeable = yes

Last edited by artomason; 07-24-2011 at 08:30 PM. Reason: Correct some wrong information
 
Old 07-24-2011, 10:18 PM   #2
frankbell
Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Mageia, Mint
Posts: 8,259

Rep: Reputation: 1570Reputation: 1570Reputation: 1570Reputation: 1570Reputation: 1570Reputation: 1570Reputation: 1570Reputation: 1570Reputation: 1570Reputation: 1570Reputation: 1570
I'm going to recommend Samba by Example as a reference. It starts with very simple situations and moves to very complex ones. I found what I needed by page 20.

I'm also going to suggest that you trim down your posting of the smb.conf file to only the lines that are not remarked out. It will help people read it.
 
Old 07-24-2011, 11:10 PM   #3
alonersir
LQ Newbie
 
Registered: Nov 2009
Posts: 6

Rep: Reputation: 1
i suggest use a simple conf for test

example:

security = user
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Debian 5.0.5 AMD64 unable to access Windows 7 shares via Samba/cifs csterling Linux - Server 4 06-07-2011 07:31 AM
Unable to see shares on samba server - no authentication access desired (open access) neoelf Linux - Networking 1 06-14-2009 04:18 PM
can not access samba shares from a VIRTUAL samba server using smb4k nass Fedora 0 12-13-2008 05:39 AM
Unable to browse to samba shares bigman51 Linux - Software 3 07-12-2007 02:01 PM
Unable to access shares on FAT volumes jkhg Linux - Networking 2 02-07-2006 10:58 PM


All times are GMT -5. The time now is 09:09 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration