samba newbie driven crazy
I've posted about my problem before but still not fixed. Never posted my conf files so I'll try that this time. I have a home network of W2K Pro PC, XP Pro PC, XP Home laptop, W2K Server (no AD), and RedHat9 box that already runs SFTP/SSH, all connected to Internet DSL line via a Linksys router. IP scheme of 10.1.1.x/24.
Trying to get Samba working on the RH9 box and have tried configuring thru smb.conf, RH9's built-in Samba utility, and SWAT, all of which have failed to make this work. At first I wanted to be prompted for RH9 login info when connecting from any Windows box (no matter what Windows username), but now would just be happy to connect at all! I enter \\server\share in Windows' Run dialog and then prompted for login info, but rejects info I know is right. Then thru some miracle, the RH9 box now actually appears in Windows' My Network Places. But upon clicking it, error basically says "inaccessible; might not have permissions." Below are my smb.conf and smbusers files. FWIW, all the computers listed above are entered with respective IPs in the lmhosts file, also in /etc/samba. And smbpasswd file only contains 'mike' account info. [global] workgroup = BINY (<-- matches Windows boxes) netbios name = HOMER server string = samba server security = SHARE encrypt passwords = Yes obey pam restrictions = Yes (<-- havent done anything with pam) pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* username map = /etc/samba/smbusers log file = /var/log/samba/%m.log max log size = 10 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = No dns proxy = No wins support = Yes guest account = mike hosts allow = 10.1.1. 127. printing = cups [homes] comment = Home Directories valid users = %S read only = No create mask = 0664 directory mask = 0775 browseable = No [printers] (<-- dont care about printing) comment = All Printers path = /var/spool/samba printable = Yes browseable = No [mike] path = /home/mike username = mike read only = No create mask = 0750 guest ok = Yes ---------------------------------------------------- --SMBUSERS file--- root=administrator root=admin root=root nobody=guest nobody=pcguest nobody=smbguest mike="agent smith" (<-- login account on XP laptop) mike=administrator mike=mike Since it's my home directory I want to access, do I even need to specify the share "mike"? Also, does NMBD need to run? Do I need to have the Windows and RH9 usernames match (tried that too but still failed)? Are there any other files or configurations I might want to check outside of the Samba-specifics that might be preventing this from working on a broader level? FYI, when I first installed RH9, I selected "No Firewall." Thanks a ton in advance!!! p.s. Maybe this would shed light: cant seem to access http://homer:901 from Windows machines to access SWAT, even though Apache is running. No rejection of any kind - just times out. But I can successfully SFTP/SSH to it. Indication of anything? |
Configuring Samba ==> refer this link
Code:
http://rapidshare.de/files/2631299/Samba_configuration.pdf.html |
Well, I appreciate your response, but I've already checked out what seems like a ton of generic Samba configuration guidelines. This one didn't seem to quite fit my situation (no domain) but I still tried a couple things from it. Now, I can't even see the RH9 box in WinXP's My Network Places anymore! Argh! Help is much appreciated...
|
Re: samba newbie driven crazy
Quote:
|
Firstly, you can make your hosts allow line read
hosts allow = 10.1.1. to allow your entire subnet to access the machine. Not sure if you were trying to do that or not. Secondly, your smbusers should look like this: root = administrator admin root nobody = guest pcguest smbguest mike="agent smith" mike I don't think having administrator as both root and mike works. The point here is that multiple mappings to the same users name should be [have to?] be on the same line, delimited by spaces. Thirdly, for the [homes] share, you probably would like permissions more like: create mask = 0644 directory mask = 0755 Or, as I prefer, do a 0600 and a 0700. That one's up to you. Also, there is no need to share [mike] directly; you can connect to the homes share by calling it the username. For instance, both \\homer\homes and \\homer\mike will map to /home/mike as long as you use the login mike [or anything that maps to mike, such as agent smith]. Finally, make sure you've given your users Samba passwords. They're maintained separately due to Samba's need to do LM and NTLM challenge-responce authentication. The command to add a Samba user is: smbpasswd -a mike Which will prompt you for his new password. After that, to simply change his password, just run smbpasswd mike. It looks like Samba will [attempt to] update your PAM password at the same time. Note that I have never been able to get this to work, but maybe you'll have more luck. Let me know if you need any more help. Good luck to you. |
well, the RH9 box is back in the My Network Places folder on the XP machine (thank you), but after following your instructions, trying to map a network drive still results in rejected password-like behavior. i try to map to \\homer\homes, \\Homer\homes, \\homer\mike, and \\Homer\mike, and all throw me back to the login prompt as if i've entered a wrong password. is there maybe a log file on the RH9 box i can check to verify or refute this? Security log mentions nothing.
|
well
I think the basic problem is that you are using security = share when you should be using security = user so that users are autheticated on a per connection basis. Share level security does allow for this. It's a simple mechanism to share folders without security. also your file /etc/samba/smbusers is formatted incorrectly. If you want to map more than one user name to the same unix username you should use seprate windoze user names on the same line as directed above. Anyway, this is completly pointless as this file is only valid if you use server or domain security. Which requires a windows password server (i.e a PDC or PDC emulator under AD). Basically you want to use user level security. With no usermap - this is not needed. And use the unix logon mike to get access to shares. make sure mike is a unix user and use smbpasswd -a to add him as a samba user. [global] workgroup = BINY netbios name = HOMER server string = samba server security = user encrypt passwords = Yes log file = /var/log/samba/%m.log max log size = 10 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = No dns proxy = No [homes] comment = Home Directories read only = No create mask = 0664 directory mask = 0775 browseable = No [mike] path = /home/mike valid users = mike read only = Yes create mask = 0750 guest ok = Yes write list = mike I would suggest this as a smb.conf file. Make sure to run testparm on it. I think you have not understood some of the concepts such as security levels etc.... |
ok mpeg4codec, i did the changes you suggested, like verifying 10.1.1. was in the 'hosts allow' line, reworked the smbusers file's lines, edited the permissions, and verified smbpasswd was set right. restarted smb service. still same ol' re-prompting from XP box upon login attempt. so then, satinet, i tried your suggestions: changed (back) to security = user, verified 'mike' as a unix and samba user set with passwords (using same), made your bolded changes in smb.conf but kept my old smb.conf file, and confirmed with testparm (everything OK). restarted smb service. but sadly, same result: samba share login attempt from XP kicks back to login window like i'm entering wrong info. then i replaced my smb.conf file (backed up first though) with only the things you had in your sample conf file (also added 'hosts allow' line) - and restarted smb service - but still didnt work. then removed 'hosts allow' line, restarted smb service, - still didnt work. back to testparm, should i post the dump? as mentioned in original post, i even tried SWAT awhile back - is there something still in there that might be causing this to still not work?
thanks for your continued help... |
I wouldn't worry about host allow. The default (e.g, if you don't mention it) is to allow any hosts to connect. You could try unecrypted passwords.
It may seem stupid but are you entering the user's samba password rather than his unix password? That is the correct way. You might needs these lines in: obey pam restrictions = Yes (<-- havent done anything with pam) pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* But i don't use them on HP-UX or SCO unix so I can't say. But the password ones are needed in Debian i believe. Again not sure about Red Hat though. What i said about share level security is correct. btw. So don't use that..... |
good thought on unencrypted passwords thing, eliminating any crazy algorithm incompatibilities! but alas, it didnt save the day.
actually, the unix and samba pwds happen to match. is that not ok? just to be sure, i reset the samba password to something else, restarted smb, tried from XP box, still failed. but that brings up a question: if i'm supposed to be entering the unix password, where does the link between the two passwords come in? i mean, how does the system even know about the samba passwds if you're entering the unix one? this may be a fundamental samba concept... i added in those lines too (no, i havent done anything with pam, mainly cuz i'm still not quite sure what 'she' is!), wrote to conf file, restarted smb, ran testparm. still didnt do the trick. thanks again for your patience and help. fyi, here's what the smb.conf file looks like now: ------------------------------------------------------------------ # Samba config file created using SWAT # from homer (127.0.0.1) # Date: 2005/06/29 00:41:21 # Global parameters [global] workgroup = BINY netbios name = HOMER server string = samba server security = user encrypt passwords = No log file = /var/log/samba/%m.log max log size = 10 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = No dns proxy = No obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* [homes] comment = Home Directories valid users = %S read only = No create mask = 0644 directory mask = 0755 browseable = No [mike] path = /home/mike valid users = mike read only = Yes create mask = 0750 guest ok = Yes write list = mike ------------------------------------------------------------------ |
You should be using the samba password.
hmm, i think you should use encryption on passwords. I see no reason why it wouldn't work otherwise..... in /var/log/samba/ does it give any useful information....???? try adding a new samba user and seeing what happens |
yes, am using samba passwd.
gone back to encrypting passwds. strangely, now i cant even get a login prompt! XP says "network path cannot be found." so set to unencrypt again, and... still not found. ugh. i can't help but think i've been messing with and tweaking this so much that i've messed it up bigtime. would uninstalling samba from the RH9 CD and reinstalling wipe the slate clean or would settings remain and reappear after reinstall? adding a new user exhibited same behavior. -- /var/log/samba -- (fyi, each of these were all done using 'cat' command, and are showing the latest entries) log.nmbd had this: [2005/08/09 04:02:15, 0] nmbd/nmbd.c: process(502) Got SIGHUP dumping debug info. [2005/08/09 04:02:15, 0] nmbd/nmbd_workgroupdb.c:dump_workgroups(289) dump_workgroups() dump workgroup on subnet 10.1.1.4: netmask= 255.255.255.0: BINY(1) current master browser = UNKNOWN HOMER 40009a03 (samba server) [2005/08/11 23:31:22, 0] nmbd/nmbd.c:main(794) Netbios nameserver version 2.2.7a started. Copyright Andrew Tridgell and the Samba Team 1994-2002 log.smbd repeats only this below but with different timestamps: [2005/08/11 23:51:45, 0] smbd/server.c:main(707) smbd version 2.2.7a started. Copyright Andrew Tridgell and the Samba Team 1992-2002 smbd.log states: [2005/08/07 04:02:35, 0] smbd/server.c: open_sockets(238) Got SIGHUP [2005/08/09 04:02:15, 0] smbd/server.c: open_sockets(238) Got SIGHUP nmbd.log says: [2005/08/11 23:31:20, 0] nmbd/nmbd.c:terminate(59) Got SIGTERM: going down... weird about that last one. just from using 'cat'? thanks again for any help, mike |
ah interesting.
yes, maybe it's time to download the latest samba packages rather than re-install the old redhat ones. I think you should set local master = yes as it seems to be moaning about this.... |
Here is a samba server smb.conf I have had running for about 2 years.
Code:
[global] As for your setup I would try and simplify things a bit. 1. Windows 2000 & XP require encrypted passwords. 2. nmbd is your Quote:
3. Remove the PAM stuff. 4. Remove the hosts allow You should work from simple to complex if your having trouble. Hope this helps |
I posted this thread a while back and it helped the OP. Scroll down to my post and see if it helps.
http://www.linuxquestions.org/questi...hreadid=319720 |
All times are GMT -5. The time now is 02:41 AM. |