Small Samba Question!
 

Hey all, Well i set up samba today, I got most of it working except one thing. I can see the samab server under my workgroup (WORKGROUP) However, I can't not write to it. Can't transfer files, and not sure why. Heres my smb.conf


(Samba is running of a FreeBSD 5.1 Server)


============SAMBA CONF===========


This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not many any basic syntactic errors.
#
#======================= Global Settings =====================================
[global]

# workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4
workgroup = WORKGROUP

# server string is the equivalent of the NT Description field
server string = Samba Server

# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
; hosts allow = 192.168.1. 192.168.2. 127.

# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
load printers = yes

# you may wish to override the location of the printcap file
; printcap name = /etc/printcap

# on SystemV system setting printcap name to lpstat should allow
# you to automatically obtain a printer list from the SystemV spool
# system
; printcap name = lpstat

# It should not be necessary to specify the print system type unless
# it is non-standard. Currently supported print systems include:
# bsd, sysv, plp, lprng, aix, hpux, qnx
; printing = bsd

# Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user "nobody" is used
; guest account = pcguest

# this tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/log.%m

# Put a capping on the size of the log files (in Kb).
max log size = 50

# Security mode. Most people will want user level security. See
# security_level.txt for details.
security = user
# Use password server option only with security = server
; password server = <NT-Server-Name>

# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
; encrypt passwords = yes

# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
; include = /usr/local/etc/smb.conf.%m

# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
socket options = TCP_NODELAY

# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list them
# here. See the man page for details.
; interfaces = 192.168.12.2/24 192.168.13.2/24

# Browser Control Options:
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
; local master = no

# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
; os level = 33

# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
; domain master = yes

# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
; preferred master = yes

# Use only if you have an NT server on your network that has been
# configured at install time to be a primary domain controller.
; domain controller = <NT-Domain-Controller-SMBName>

# Enable this if you want Samba to be a domain logon server for
# Windows95 workstations.
; domain logons = yes

# if you enable domain logons then you may want a per-machine or
# per user logon script
# run a specific logon batch file per workstation (machine)
; logon script = %m.bat
# run a specific logon batch file per username
; logon script = %U.bat

# Where to store roving profiles (only for Win95 and WinNT)
# %L substitutes for this servers netbios name, %U is username
# You must uncomment the [Profiles] share below
; logon path = \\%L\Profiles\%U

# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
; wins support = yes

# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
; wins server = w.x.y.z

# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one WINS Server on the network. The default is NO.
; wins proxy = yes

# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The built-in default for versions 1.9.17 is yes,
# this has been changed in version 1.9.18 to no.
dns proxy = no

# charset settings
; display charset = ASCII
; unix charset = ASCII
; dos charset = ASCII

#
#============================ Share Definitions ==============================
[homes]
comment = Home Directories
browseable = no
writeable = yes

# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
; comment = Network Logon Service
; path = /usr/local/samba/lib/netlogon
; guest ok = yes
; writeable = no
; share modes = no


# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;[Profiles]
; path = /usr/local/samba/profiles
; browseable = no
; guest ok = yes


# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
# Set public = yes to allow user 'guest account' to print
guest ok = no
writeable = no
printable = yes

# This one is useful for people to share files
;[tmp]
; comment = Temporary file space
; path = /tmp
; read only = no
; public = yes

# A publicly accessible directory, but read only, except for people in
# the "staff" group
;[public]
; comment = Public Stuff
; path = /home/samba
; public = yes
; writeable = yes
; printable = no
; write list = @staff

# Other examples.
#
# A private printer, usable only by fred. Spool data will be placed in fred's
# home directory. Note that fred must have write access to the spool directory,
# wherever it is.
;[fredsprn]
; comment = Fred's Printer
; valid users = fred
; path = /homes/fred
; printer = freds_printer
; public = no
; writeable = no
; printable = yes

# A private directory, usable only by fred. Note that fred requires write
# access to the directory.
;[fredsdir]
; comment = Fred's Service
; path = /usr/somewhere/private
; valid users = fred
; public = no
; writeable = yes
; printable = no

# a service which has a different directory for each machine that connects
# this allows you to tailor configurations to incoming machines. You could
# also use the %U option to tailor it by user name.
# The %m gets replaced with the machine name that is connecting.
;[pchome]
; comment = PC Directories
; path = /usr/pc/%m
; public = no
; writeable = yes

# A publicly accessible directory, read/write to all users. Note that all files
# created in the directory by users will be owned by the default user, so
# any user with access can delete any other user's files. Obviously this
# directory must be writeable by the default user. Another user could of course
# be specified, in which case all files would be owned by that user instead.
;[public]
; path = /tmp
; public = yes
; only guest = yes
; writeable = yes
; printable = no

# The following two entries demonstrate how to share a directory so that two
# users can place files there that will be owned by the specific users. In this
# setup, the directory should be writeable by both users and should have the
# sticky bit set on it to prevent abuse. Obviously this could be extended to
# as many users as required.
;[myshare]
; comment = Mary's and Fred's stuff
; path = /usr/somewhere/shared
; valid users = mary fred
; public = no
; writeable = yes
; printable = no
; create mask = 0765



---Some of the config I don't understand, so i left it default.

okay, you need to edit your smb.conf to set the valid users and whatnot - I presume that you're trying to write to the home directories, yes? If I were you, I'd use SWAT to configure it, but that's just because I'm lazy ;)

Alright, I thought SWAT was the GUI interface for samba? If so, this server doesn't have X installed, just a command line heh.

(Unless I can use SWAT in windows, and connect to my server?)

yes, swat is the gui interface for samba. You need to be running samba as inetd not as a daemon as far as i remember to use swat. However, it can be accessed remotely. the point is that swat is a *web-based* interfaces, so you just point your browser at http://whatever:10000/ from *anywhere* [I can't remember what the exact port number was.
So no gui required.

See man 5 smb.conf for configuration help.
.......
Now create hand edit the smbusers file to map the windows usernames to the accounts in your account . And use smbpasswd to administer the smb passwords for the local usernames you intend to use.

Alright all, heres the run down. I got samba working, I can see the shares from all XP machines. However, when I enable guest mode, I can see all the files but can not write to the dir. Now, I am very confused how the users work. (I have been useing SWAT to set all this up) In swat, theres a box that says USERNAME under the shares section, now, I thought if i put one of the user names thats on the freebsd box in, it would use that password too (thought I read that some where) However, when I click the share, I can not edit the USERNAME feild it just says NETBIOS NAME/Guest (in this case Lust\Guest) Now, how do you add users and permissions?! I am also a little confused as to what the above poster said about users. Thanks in advanced!

-- I have tryed the smbpasswd program to add my self, but it says invalid password. Also when I look at the active connections in swat it says

Share User Group PID Client Date
IPC$ nobody nobody 2188 envy Sun Aug 10 10:17:35 2003


- nobody is the default guest account name. Now I am totaly confused Heh =D

----Sorry Heh, I keep Editing. In the smbpasswd file, it lists my user (envy) and its encrypted password. However it also lists the default Guest user nobody and next to his encrypted password it says UNPRILVIGED! =/ Still wondering why I can't edit the username feild when I click a share

/bump

/bump bump de bump bump =(

Kith,

Kith,

Are you using Windows ME or older to connect to the share? If so, your network/Samba usernames and passwords are stored in the c:\windows directory as xxxx.pwl (replace xxx with your username. Or for a quick fix, open up a command prompt and type:

del c:\windows\*.lwp

This will delete the saved password file. Been a while since I've used windows, but if I recall, this will also wipe out any logon screen and screen saver passwords as well.

--Eric

Useing Windows XP

Give it a shot and let me know how it goes.... BTW, what version of Windows?

Kith, what do you have in your /etc/smb/smbusers file?

I have root - shows encrytped password a user called nobody, which i thikn is the default guest. and then the main user envy with the encrytped password, yet none of the passwords I try work

Kith, when you log onto windows (not over the network, but actually into Windows), what is your username? if it's not envy (or whatever) then it's probably gonna be guest. When you first log into windows be sure your not just pressing escape to get past the login screen..you should be typing envy and your password. If your not getting prompted for any of this when logging into Windows then you need to go to your Network Properties and make sure that the Default/Primary login is set to "Client for Microsoft Networks", and then reboot. I think your Samba host is working fine, it seems to me that the problem is with your windows box.

--Eric

Can you access your SMB share from your own box while logged on as the windows user in question?

These commands should return without an error. (Provide envy's password when prompted and substitute with your sharename )

I would backup this file first and remove every line but the one for the user 'envy' from the original, just to keep it clean for the time being.

Once you've determined that your share is working the way it is supposed to be, you would want to try JRandom's directions to logon 'properly' to the win box and then try accessing the share.

Ah my windows user (the only user on this box) is simplex however when i am prompted for a password and login, I the username feild is grayed out

Kith,

The "simplex" username on the windows box would seem to be the problem.

Edit your smb.conf file and uncomment the following line (or add it):

username map = /etc/samba/smbusers

and create the /etc/samba/smbusers file with the following line:

envy = simplex

Restart Samba....


Hope this helps!
--Eric

My previous post assumes you have a Unix user account called "envy"

--Eric

Under which parameter? Shares? Also, what if i change the user name on the windows box to envy? I acutally tryed this and still doesn't seem to work..

Kith,

I'd put the username map declaration under [global].

If you want to change the Windows box username to envy...that would a great way to test this.

--Eric

Kith,

Looked over your smb.conf. You also need to uncomment the line:

encrypt passwords = yes

But if you had an encrypted password in the smbusers file, you must have already done this, right?

--Eric

It wouldn't matter that I don't have a password for user envy/simplex on the xp box would it?

Ok let me explain something. The Freebsd server thats running samaba is called Envy, that is the hostname of the box. the primary user of the box is also called envy. Now, the win XP box hostname is mistakenly called envy also. and the user is Simplex. Client for Microsoft windows is running, there is no password for this box. Now I can see the shares, I have tryed adding the envy = simplex to my smbconfig and it still did not work.

Ah, XP. Home or professional? As far as network shares go..it shouldn't care at all. XP will give the option to enter a username and password. Odd that your's is grayed out.

Next step. In XP, go to Start->Control Panel->User Accounts.
Click on your username (simplex)
In the upper left, go to manage my network passwords.
Delete any relating to the samba share.
Reboot XP.

Try again!

--Eric

Oh!

You can't have both boxes called 'envy'. Add this to your smb.conf.


netbios name = envybsd (or something besides envy)

restart Samba.

On the XP box connect to \\envybsd\envy and give it a whirl...

I think when you type \\envy your logging on to your XP box!

--Eric

Nothing was in the network passwords box...

- Note, not that this matters, but I don't have a /etc/samba dir, most of my samba files are elseware, like my smb.conf is in /usr/local/etc/smb.conf -- I don't think that matters tho

Yeah, sorry, I use FreeBSD too. when I say smb.conf, edit you main in /usr/local/etc/smb.conf

--Eric

I forgot to mention, I did change the netbios name.. its Envy Samba serv

Jran, Do you have Aim, think it would be easier hehe -- eam404 is my sn

Kith,

It has to be one word. I don't think XP likes spaces.

Also, see I can change the config to allow quests, I can see inside my bsd box but obiviously can't write to it because i am a quest

Could you re-post your smb.conf with all modifications?

--Eric

alright will try one word then

Sure!


SIMPLE VIEW !!!! - Just to make it easier =D


# Samba config file created using SWAT
# from 192.168.1.100 (192.168.1.100)
# Date: 2003/08/12 01:22:46

# Global parameters
[global]
netbios name = ENVYBSD
security = SHARE
encrypt passwords = Yes

[Envy (Home)]
comment = Envy's Home Dir
path = /usr/home/envy
read only = No
only user = Yes
status = No








COMPLEX VIEW:



--------------------------------------------------------------------------------

Current Config


# Samba config file created using SWAT
# from 192.168.1.100 (192.168.1.100)
# Date: 2003/08/12 01:22:12

# Global parameters
[global]
coding system =
client code page = 850
code page directory = /usr/local/etc/codepages
workgroup = WORKGROUP
netbios name = ENVYBSD
netbios aliases =
netbios scope =
server string = Samba 2.2.8a
interfaces =
bind interfaces only = No
security = SHARE
encrypt passwords = Yes
update encrypted = No
allow trusted domains = Yes
hosts equiv =
min passwd length = 6
map to guest = Never
null passwords = No
obey pam restrictions = No
password server =
smb passwd file = /usr/local/private/smbpasswd
root directory =
pam password change = No
passwd program = /usr/bin/passwd
passwd chat = *\n*ew\spassword* %n\n *ew\spassword* %n\n *updating\sthe\sdatabase...\npasswd:\sdone\n
passwd chat debug = No
username map =
password level = 0
username level = 0
unix password sync = No
restrict anonymous = No
lanman auth = Yes
use rhosts = No
ssl = No
ssl hosts =
ssl hosts resign =
ssl CA certDir =
ssl CA certFile =
ssl server cert =
ssl server key =
ssl client cert =
ssl client key =
ssl egd socket =
ssl entropy file =
ssl entropy bytes = 256
ssl require clientcert = No
ssl require servercert = No
ssl ciphers =
ssl version = ssl2or3
ssl compatibility = No
admin log = No
log level = 0
syslog = 1
syslog only = No
log file =
max log size = 5000
timestamp logs = Yes
debug hires timestamp = No
debug pid = No
debug uid = No
protocol = NT1
large readwrite = Yes
max protocol = NT1
min protocol = CORE
read bmpx = No
read raw = Yes
write raw = Yes
acl compatibility =
nt smb support = Yes
nt pipe support = Yes
nt status support = Yes
announce version = 4.9
announce as = NT
max mux = 50
max xmit = 16644
name resolve order = lmhosts host wins bcast
max ttl = 259200
max wins ttl = 518400
min wins ttl = 21600
time server = No
unix extensions = No
change notify timeout = 60
deadtime = 0
getwd cache = Yes
keepalive = 300
lpq cache time = 10
max smbd processes = 0
max disk size = 0
max open files = 10000
name cache timeout = 660
read size = 16384
socket options = TCP_NODELAY
stat cache size = 50
use mmap = Yes
total print jobs = 0
load printers = Yes
printcap name = /etc/printcap
disable spoolss = No
enumports command =
addprinter command =
deleteprinter command =
show add printer wizard = Yes
os2 driver map =
strip dot = No
mangling method = hash
character set =
mangled stack = 50
stat cache = Yes
domain admin group =
domain guest group =
machine password timeout = 604800
add user script =
delete user script =
logon script =
logon path = \\%N\%U\profile
logon drive =
logon home = \\%N\%U
domain logons = No
os level = 20
lm announce = Auto
lm interval = 60
preferred master = Auto
local master = Yes
domain master = Auto
browse list = Yes
enhanced browsing = Yes
dns proxy = Yes
wins proxy = No
wins server =
wins support = No
wins hook =
kernel oplocks = Yes
lock spin count = 3
lock spin time = 10
oplock break wait time = 0
ldap server = localhost
ldap port = 636
ldap suffix =
ldap filter = (&(uid=%u)(objectclass=sambaAccount))
ldap admin dn =
ldap ssl = Yes
add share command =
change share command =
delete share command =
config file =
preload =
lock dir = /var/lock
pid directory = /var/run
utmp directory =
wtmp directory =
utmp = No
default service =
message command =
dfree command =
valid chars =
remote announce =
remote browse sync =
socket address = 0.0.0.0
homedir map =
time offset = 0
NIS homedir = No
source environment =
panic action =
hide local users = No
host msdfs = No
winbind uid =
winbind gid =
template homedir = /home/%D/%U
template shell = /bin/false
winbind separator = \
winbind cache time = 15
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = No
comment =
path =
alternate permissions = No
username =
guest account = nobody
invalid users =
valid users =
admin users =
read list =
write list =
printer admin =
force user =
force group =
read only = Yes
create mask = 0744
force create mode = 00
security mask = 0777
force security mode = 00
directory mask = 0755
force directory mode = 00
directory security mask = 0777
force directory security mode = 00
force unknown acl user = 00
inherit permissions = No
inherit acls = No
guest only = No
guest ok = No
only user = No
hosts allow =
hosts deny =
status = Yes
nt acl support = Yes
profile acls = No
block size = 1024
max connections = 0
min print space = 0
strict allocate = No
strict sync = No
sync always = No
write cache size = 0
max print jobs = 1000
printable = No
postscript = No
printing = bsd
print command = lpr -r -P%p %s
lpq command = lpq -P%p
lprm command = lprm -P%p %j
lppause command =
lpresume command =
queuepause command =
queueresume command =
printer name =
use client driver = No
default devmode = No
printer driver =
printer driver file = /usr/local/etc/printers.def
printer driver location =
default case = lower
case sensitive = No
preserve case = Yes
short preserve case = Yes
mangle case = No
mangling char = ~
hide dot files = Yes
hide unreadable = No
delete veto files = No
veto files =
hide files =
veto oplock files =
map system = No
map hidden = No
map archive = Yes
mangled names = Yes
mangled map =
browseable = Yes
blocking locks = Yes
csc policy = manual
fake oplocks = No
locking = Yes
oplocks = Yes
level2 oplocks = Yes
oplock contention limit = 2
posix locking = Yes
strict locking = No
share modes = Yes
copy =
include =
exec =
preexec close = No
postexec =
root preexec =
root preexec close = No
root postexec =
available = Yes
volume =
fstype = NTFS
set directory = No
wide links = Yes
follow symlinks = Yes
dont descend =
magic script =
magic output =
delete readonly = No
dos filemode = No
dos filetimes = No
dos filetime resolution = No
fake directory create times = No
vfs object =
vfs options =
msdfs root = No

[Envy (Home)]
comment = Envy's Home Dir
path = /usr/home/envy
read only = No
only user = Yes
status = No

Getting closer....try this:

Change:
[Envy (Home)]
comment = Envy's Home Dir
path = /usr/home/envy
read only = No
only user = Yes
status = No

to read:

[Envy]
comment = Envy's Home Dir
path = /usr/home/envy
read only = no
writeable = yes
browseable = yes


Also, make sure unix 'envy' has write permissions to /usr/home/envy. I'm not sure about the () in XP, so I changed the declaration. Also, if this doesn't work edit the 'username map' variable and put back in the path to the file. Remember to restart samba. Also does 'testparm' return anything?

-_Eric

/usr/home/envy is envy's home dir, so ya it has write permissions. And no, that didn't work. When i click the share the xp logon box pops up but the username feild is still grayed out with Envybsd/Guest and when I try envy's password (unix) doesn't work


You mean with username map add the envy = simplex?

This problem is with XP for sure now. In XP, is the envy user a guest user. Start->Control panel->Users. Under 'envy', what does it say? Computer administrator or something else?

ok, I changed envy back to Simplex. Simplex is the only user on the account who has Administrator access. Only one on this box, Guest isn't even enabled. Also I can change Simplex ot whatever I want, envy, or whatever.

Also, the share name is more thne 8 chars long... an? has spaces, ya think that has something to do with it?


I can recreate the share if need be

Are you on a domain? Let's find out.

On your keyboard, hold down the Windows key and press Pause/Break. Then click on the "Computer Name" tab. Click the change button at the bottom. Make Sure that "Workgroup" is selected and that the workgroup name matches your workgroup.

Also, click on the 'Advanced' tab, then on 'Settings' under user profiles. Make sure that the type is set to local and not roaming.

If you change anything XP will need a reboot.

-Eric

This seems like XP to me. I've never had it gray out the username box before. Too weird.

Also do a 'more /usr/local/private/smbpasswd' on the BSD box and make sure the user envy is still in there....

--Eric

Everything you told me to do is set correctly. (By the way, I didn't know about the Windows Key + Pause will bring up that window, also didn't raelize I could change the computer name...

^^bump^^

Doh

In smb.conf, set security = user, not security = share. Also do a 'more /usr/local/private/smbpasswd' on the BSD box and make sure the user envy is still in there....

Ah HAH! Envy has seemed to disappear, however that default guest is still there called nobody.. do i need to do a smbpasswd -a envy ? Oh also root is there obiviosuly too..

Yes yes yes! Getting closer!

Also why not security share? (Thanks so much for all this help by the way...)

IIRC, security=share is only good for Win95, we want user authentication.

Do I need to add envy as a user?

#> smbpasswd -a envy ???