LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   SMB Shares dont work when SMB is run as a service! CentOS 6 (https://www.linuxquestions.org/questions/linux-networking-3/smb-shares-dont-work-when-smb-is-run-as-a-service-centos-6-a-907954/)

finnsloss 10-13-2011 08:24 AM
SMB Shares dont work when SMB is run as a service! CentOS 6
 
Hello,

I have hit a strange problem with SMB on CentOS 6.
The SMB shares will only work if I run "smbd" from the command line (as root).
The SMB shares do not work if i run "service smb start".

When SMB is run on the command line, I can browse the server from Windows XP and access any of the shares defined. If I run SMB as a service, browsing the server just gives a password box, whicch rejects any username/password combination you throw at it.

I have configured Kerberos and successfully run kinit.
I have joined the linux machine to the AD domain.
I have configured smb.conf with the domain and ADS security.

Here is my smb.conf:
Code:
[global]
        workgroup = mydomain
        server string = Network Server

        security = ads
        passdb backend = tdbsam
        realm = MYDOMAIN.LOCAL

        winbind use default domain = yes
        winbind nested groups = yes

        idmap uid = 10000-40000
        idmap gid = 10000-40000

        template shell = /bin/bash

        load printers = yes
        cups options = raw

#============================ Share Definitions ==============================
       
[homes]
        comment = Home Directories
        browseable = no
        writable = yes
        valid users = %S
;        valid users = MYDOMAIN\%S
       
[files]
        path = /files
        writeable = yes
        guest ok = yes
Can anyone shed any light on the situation please?

Thanks,
Finn

finnsloss 10-14-2011 09:33 AM
It looks like the problem is two-fold, time difference between the server and the windows machine, and SELinux!

The time difference meant that all usernames and passwords were rejected. Setting the time more accurately allows the browsing of the server and the available shares.

The shares were still not accessible however, due to SELinux permissions.
Applying the following commands to my /files folder has brought SMB to life!

Code:
# chcon -R -t samba_share_t /files
The -R recursively sets permissions, the -t samba_share_t lets SELinux know you want to share the files.
In order to mark newly created files with the correct type you also need to set the default file context:

Create or edit:
/etc/selinux/targeted/contexts/files/file_contexts.local

Add the line:
Code:
/files(/.*)? system_u:object_r:samba_share_t
Useful commands (run as root):
Code:
sestatus - Check how strict SELinux is (enforcing = block anything without permission, permissive = only produce warnings)
setenforce permissive - Allow all services to run unrestricted, only produce warnings in the log file.
setenforce enforcing - Block all undefined services.
As far as my original problem goes, it now doesn't matter if SMB is run from the command line, or if it starts as a service, SMB Shares are accessible from Windows fine.

I'm still not convinced of the exact problem that ment running "smbd" on the command worked and running "service smb start" didn't work. I guess it will just be one of those mysteries!

Hope this helps others running either CentOS or RHEL (or any distro that has SELinux).

Cheers,
Finn


All times are GMT -5. The time now is 07:11 AM.