Samba conf, samba4
It's rare for me to post on LQ, but in these rare occasions when I am completely running out of ideas for a particular problem, I try to go and seek some advice. This case, I have a problem with Samba conf that I am banging my head against a wall for several days now.
I have a wireless (encrypted) LAN for a small group of people, and all users (using Win7, winXP, Win8, Mac, Android, and god-knows-what-else-we-have), share an internet connection from a tethered mobile phone via USB to a Fedora 18 x64 box that we all share access to. That's working fine.
The problem is getting samba on the Fedora box to work; we want to use it for file sharing, web testing/hosting, viewing very legal movies and other Jazz. I want the folder /home/shares shared, without any authentication requests whatsoever. Not very secure, but then again, all users on the LAN are considered trustworthy, and will be in the future. I want all users to have full read/write access on this share, and that's where the problem starts.
I have created a smbpasswd -an nobody user, but I prefer if all files created/modified/added were managed at the filesystem level using the registered user seib, whose shared login password all people know about anyway.
For the record, The box has i5, 4GB ram, eth 1000Gb to the wifi router. Os is Fedora 18 beta x64, using ip 10.42.0.1, and acts as a dhcp server. I am aware that Fedora 18 is beta, but I don't think that's the problem, because samba was installed using sudo yum install samba, and I had similar unsolved problems before fedora 18. I am testing from Win7, and it either asks for a user/pass, doesn't show the contents of /home/shares/, and has never allowed creating a new folder/file from Win7 over the network.
I plainly think it is a smb.conf problem that I am nog capturing. I have read a lot of posts and tried many things from google, removed and restarted many smb.conf files, but after six days, here I am. Please do help. What am I missing?
workgroup = WORKGROUP
server string = Samba Server Version %v
guest account = nobody
# guest account = seib
map to guest = bad user
force user = seib
# log files split per-machine:
log file = /var/log/samba/log.%m
# maximum size of 50KB per log file, then rotate:
max log size = 50
load printers = yes
cups options = raw
netbios name = Seib-PC
hosts allow = 127. 192.168. 192.168. 10.42.
#create mode = 664
security = SHARE
usershare allow guests = yes
comment = Public Shares
browsable = yes
path = /home/shares/
public = yes
writable = yes
write list = seib
guest ok = yes
#create mask = 0644
#directory mask = 2777
I am posting this in the server forum, because I noticed the new samba 4 server. Is this better? Is this what I need, especially considering the Win8 that we recently bought? I am sorry if someone already posted perhaps the solution in another thread, but then again, I have tried a lot of other posts already...
For share level security, all users are mapped to the guest account. Since you want all users mapped to "seib", make seib the guest account in your share definition:
Guest Account = seib
Samba 4 is better if you want to run a network with Active Directory.
I have already tried 'Guest Account = seib' before, with no luck or difference... I am now using security = user, which, on the Win7, at least gives me a list of all the available shares. But when I view one of the shares, it doesnt let me view the folder contents, nor does it let me edit or create something in them (error pops up), nor does it ask for my user/pass though. In dos, it does give me a list of the available shares too with 'net view //seib-pc'
Actually, per coincidence, I didn't realize, but trying out smbstatus reveals that I have Samba version 4.0.0 running. It does give me the error:
Failed to initialize session_global: NT_STATUS_ACCESS_DENIED
I am using the following conf for all this so far:
An update, current shares folder is:
- What does 'DENY_DOS' in samba mean?
- How does Samba give permissions to Win users?
Don't use force user root. Go back to seib or nobody.
Do the files show up in Win XP? I had a problems at work with Win7 shares not showing up on a Win 2008 server. (I had to turn off the "home group" stuff and change the number of bits used for encryption to fix it) Test on the XP, Win7 will present too many variables. Then you will know if it's Samba or Windows.
What do the samba logs say when you try to open a samba share? Try to access one, then check the log. I once discovered an apparmor access problem from the smbd log.
Make sure seib is a samba user. Use the smbpasswd program to add the user.
The seib user needs access to the directories. Check the directory permissions, the firewall ports (including UDP).
If a user might be authenticated as themselves, then they need permissions as well, either via global permissions (o=rwx), or using Linux file acls.
Look at the "Samba 3 by Example" book. You can download it from the samba.org site. Many Linux distros have a samba-docs package that supplies it as well. If you start with a close model, such as the library example, and get that to work, you may discover if there is a Windows problem.
I looked up DENY_DOS. It is a file locking mode.
Hello all, I solved it!
And guess what the error was? I couldn't think of it for all these days. SELinux.
Stupidly, it was just right there in my face, the description for SELinux in fedora was all over the original config, which I too quickly moved for a trial config, without checking/reading the contents. Why would one..
Now everything works, no passwords, logins, very basic. I'll leave the info so hopefully someone in the future will find this very useful!
My current smb.conf:
A few further tips that have helped me a tremendous lot. It is worth reading about these basic SELinux tools, 'man semanage', 'man setsebool'. Also, for non-SELinux OS, you learn a lot about low-level tools using the following PDF, to troubleshoot Samba if it goes wrong. It was VERY informative (In my case, I read all the way to level 5, where looking up the logs, which were flabbergastingly empty, and then it just daunted on me smbd never was accessed because of something low-level security. Boom. SELinux.):
Also, for SELinux specifically, 'sudo yum install policycoreutils-gui' will install the tool system-config-selinux, which gives a very nice oversight of what SELinux is doing.
May time be on your side.
Thanks for your post.
I needed to define a Samba user. pdbedit lists out the Samba users. If you do not get any users listed, you have not defined any Samba users.
I made up this convenient alias.
alias rs='sudo systemctl restart nmb.service;sudo systemctl restart smb.service;sleep 8;sudo systemctl enable nmb.service;sudo systemctl enable smb.service;'
|All times are GMT -5. The time now is 01:12 PM.|