LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 02-16-2015, 07:42 AM   #1
hack3rcon
Senior Member
 
Registered: Jan 2015
Posts: 1,432

Rep: Reputation: 11
Thumbs down Can't read Samba Share on Linux and Windows.


Hello Folks.
I joined my CentOS 7 server into Windows Domain and My Goal is that share My linux Directories and apply permission to them via Windows Active Directory Users. My Samba Config is :

[global]
workgroup = JASONDOMAIN
security = ADS
realm = JASONDOMAINI.JJ
netbios name = printmah

dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
server string = Samba 4 Client %h
##
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
##
username map = /etc/samba/user.map

##

winbind enum users = no
winbind enum groups = no
winbind use default domain = yes
winbind expand groups = 4
winbind nss info = rfc2307
winbind refresh tickets = Yes
winbind offline logon = yes
winbind normalize names = Yes

## map id's outside of domain to tdb files.
idmap config *:backend = tdb
idmap config *:range = 2000-9999
## map ids from the domain the ranges may not overlap !
idmap config JASONDOMAIN : backend = rid
idmap config JASONDOMAIN : range = 10000-999999

wins server = 172.30.9.1, 172.20.1.2, 172.20.1.48

domain master = no
local master = no
preferred master = no
os level = 20
map to guest = bad user
host msdfs = no
# user Administrator workaround, without it you are unable to set
privileges
username map = /etc/samba/user.map

# For ACL support on member server
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes

# Share Setting Globally
unix extensions = no
reset on zero vc = yes
veto files = /.bash_logout/.bash_profile/.bash_history/.bashrc/
hide unreadable = yes
template shell = /bin/sh
template homedir = /home/%U
#
name resolve order = lmhosts wins bcast host

[test]
path = /home/jason/Desktop/photo
read only = no
browseable = yes




I can't browse share in Linux and Windows and it show me an error about permission. I also disable Firewall.

How can I solve it?
 
Old 02-16-2015, 11:10 AM   #2
zafar_dandoti
Member
 
Registered: Dec 2005
Location: India
Distribution: centos
Posts: 178

Rep: Reputation: 13
What are the directory permissions of the share are they writeable to users?
Code:
# ls -l /home/jason/Desktop
One more thing, is selinux enforcing?
Code:
# sestatus
 
Old 02-17-2015, 12:21 AM   #3
hack3rcon
Senior Member
 
Registered: Jan 2015
Posts: 1,432

Original Poster
Rep: Reputation: 11
# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28

and

drwxr-xr-x. 2 root root 6 Feb 17 01:14 Desktop


Is it because of "root" ?

I login to Linux via AD user and create a Directory and Permissions are below :

drwxr-xr-x. 2 jason domain_users 6 Feb 17 01:24 test

But can't browse!!!!

Last edited by hack3rcon; 02-17-2015 at 12:34 AM.
 
Old 02-17-2015, 02:43 AM   #4
zafar_dandoti
Member
 
Registered: Dec 2005
Location: India
Distribution: centos
Posts: 178

Rep: Reputation: 13
Swith to selinux to permissive mode
Code:
setenforce 0
Try connecting to share if u can access to that folder then u have to add selinux file context
Code:
chcon -tR samba_share_t /path/to/share
Code:
setenforce 1
 
Old 02-17-2015, 02:59 AM   #5
hack3rcon
Senior Member
 
Registered: Jan 2015
Posts: 1,432

Original Poster
Rep: Reputation: 11
Thank you.
The correct Syntax is :

chcon -t samba_share_t -R /path/to/share

---------- Post added 02-17-15 at 03:59 AM ----------

Thank you.
The correct Syntax is :

chcon -t samba_share_t -R /path/to/share
 
Old 02-17-2015, 07:52 AM   #6
hack3rcon
Senior Member
 
Registered: Jan 2015
Posts: 1,432

Original Poster
Rep: Reputation: 11
I have another problem. I can't change or add permissions and it show me I can't access.I use administrator account in Windows too but I has problem.
I used "jason" user for create directory and "jason" and "administrator" on windows can add or remove Folders but can't change permissions.
I read "https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_Windows_ACLs" and did all steps in "Setup share permissions" section but problem not solved

Any idea?
 
Old 02-18-2015, 06:32 AM   #7
hack3rcon
Senior Member
 
Registered: Jan 2015
Posts: 1,432

Original Poster
Rep: Reputation: 11
Hello.
I changed my "smb.conf" as below :

[Demo]
path = /srv/samba/demo/
read only = no
force user = %U
force group = "JASONDOMAIN.JJ+domain users"
force create mode = 0666
force directory mode = 2777
force directory security mode = 0777
valid users = @"JASONDOMAIN.JJ+domain users"

Then I use below command to change owner :

# chgrp -R "domain users" demo/
# chmod -R g+rw demo/

# ls -l
total 0
drwxrwxr-x. 2 root domain_users 6 Feb 18 05:38 demo

But When I want to open the "demo" directory it ask me my username and password and when I enter my username and password it ask me again
I also have same problem with change permission too.

How can I solve it? It is emergency.

Thank you.

---------- Post added 02-18-15 at 07:32 AM ----------

Hello.
I changed my "smb.conf" as below :

[Demo]
path = /srv/samba/demo/
read only = no
force user = %U
force group = "JASONDOMAIN.JJ+domain users"
force create mode = 0666
force directory mode = 2777
force directory security mode = 0777
valid users = @"JASONDOMAIN.JJ+domain users"

Then I use below command to change owner :

# chgrp -R "domain users" demo/
# chmod -R g+rw demo/

# ls -l
total 0
drwxrwxr-x. 2 root domain_users 6 Feb 18 05:38 demo

But When I want to open the "demo" directory it ask me my username and password and when I enter my username and password it ask me again
I also have same problem with change permission too.

How can I solve it? It is emergency.

Thank you.
 
Old 02-23-2015, 09:53 AM   #8
hack3rcon
Senior Member
 
Registered: Jan 2015
Posts: 1,432

Original Poster
Rep: Reputation: 11
It is very Vital for me, Any idea?
 
Old 02-27-2015, 04:11 AM   #9
hack3rcon
Senior Member
 
Registered: Jan 2015
Posts: 1,432

Original Poster
Rep: Reputation: 11
"testparm -s" show me below error :

[root@printmah ~]# testparm -s
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
params.c:Parameter() - Ignoring badly formed line in configuration file: privileges
Processing section "[test]"
Processing section "[Demo]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER


How can I fix it?

Last edited by hack3rcon; 03-04-2015 at 10:19 AM.
 
Old 03-28-2015, 06:03 AM   #10
hack3rcon
Senior Member
 
Registered: Jan 2015
Posts: 1,432

Original Poster
Rep: Reputation: 11
I used :

smbclient //localhost/Demo -U JASONDOMAINI\\jason -d 3

and the result is :

esolve_lmhosts: Attempting lmhosts lookup for name localhost<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name localhost<0x20>
Connecting to 127.0.0.1 at port 445
Doing spnego session setup (blob length=96)
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178@please_ignore
Got challenge flags:
Got NTLMSSP neg_flags=0x60898215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088215
Domain=[JASONDOMAINI] OS=[Unix] Server=[Samba 4.1.1]
tree connect failed: NT_STATUS_ACCESS_DENIED
 
Old 03-29-2015, 12:28 AM   #11
zafar_dandoti
Member
 
Registered: Dec 2005
Location: India
Distribution: centos
Posts: 178

Rep: Reputation: 13
the name localhost is not resolved by the server.
Code:
cat /etc/hosts
Try connecting the share by ip address
Code:
smbclient //127.0.0.1/Demo -o user=JASONDOMAIN\jason
U should be prompted to enter password for user jason.
 
Old 03-31-2015, 02:56 AM   #12
hack3rcon
Senior Member
 
Registered: Jan 2015
Posts: 1,432

Original Poster
Rep: Reputation: 11
My "hosts" file was correct and the commands result is :

[root@printmah ~]# cat /etc/hosts
172.30.9.1 printmah.jasondomain.jj printmah
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6



[root@printmah ~]# smbclient //127.0.0.1/Demo -o user=JASONDOMAINI\\jason
params.c:Parameter() - Ignoring badly formed line in configuration file: privileges
Domain=[JASONDOMAINI] OS=[Unix] Server=[Samba 4.1.1]
tree connect failed: NT_STATUS_ACCESS_DENIED
 
Old 03-31-2015, 03:52 AM   #13
zafar_dandoti
Member
 
Registered: Dec 2005
Location: India
Distribution: centos
Posts: 178

Rep: Reputation: 13
add in smb.conf file in global section
Code:
client ntlmv2 auth = yes
restart samba
try connecting
Code:
 smbclient //127.0.0.1/Demo -o sec=ntlmv2 username=jason@JASONDOMAINI

Last edited by zafar_dandoti; 03-31-2015 at 03:59 AM. Reason: smbclient code entered wrongly
 
Old 03-31-2015, 05:32 AM   #14
hack3rcon
Senior Member
 
Registered: Jan 2015
Posts: 1,432

Original Poster
Rep: Reputation: 11
Thanks.
Add it but Got same error:

Domain=[JASONDOMAINI] OS=[Unix] Server=[Samba 4.1.1]
tree connect failed: NT_STATUS_ACCESS_DENIED

In "smb.conf" my share setting is :

[Demo]
path = /srv/samba/demo/
read only = no
valid users = +JASONDOMAINI\linux +JASONDOMAINI\local admins
writable = yes
#inherrit owner = yes
#inherit permissions = yes
force group = JASONDOMAINI\linux


"linux" is the name of group that I created in AD and "jason" is member of it.
 
Old 03-31-2015, 06:43 AM   #15
zafar_dandoti
Member
 
Registered: Dec 2005
Location: India
Distribution: centos
Posts: 178

Rep: Reputation: 13
What are the directory permissions of /srv/samba/demo?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Samba share can't write in linux, can in Windows xmrkite Linux - Software 1 09-17-2012 12:14 PM
creating files from windows on a samba share gives read-only permissions. lievendp Linux - General 5 12-17-2008 10:55 AM
Access linux SAMBA share from windows pengu Linux - Software 6 02-17-2007 11:55 AM
samba - accessing windows share in linux mikeotieno Linux - Software 7 07-28-2006 06:12 AM
samba: linux mounted share = choppy playback, windows mounted share = smooth kleptophobiac Linux - Software 2 04-10-2005 08:23 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 10:06 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration