[SOLVED] SMB Shares dont work when SMB is run as a service! CentOS 6

finnsloss · 10-13-2011, 08:24 AM

Hello,

I have hit a strange problem with SMB on CentOS 6.
The SMB shares will only work if I run "smbd" from the command line (as root).
The SMB shares do not work if i run "service smb start".

When SMB is run on the command line, I can browse the server from Windows XP and access any of the shares defined. If I run SMB as a service, browsing the server just gives a password box, whicch rejects any username/password combination you throw at it.

I have configured Kerberos and successfully run kinit.
I have joined the linux machine to the AD domain.
I have configured smb.conf with the domain and ADS security.

Here is my smb.conf:

Code:

[global]
	workgroup = mydomain
	server string = Network Server

	security = ads
	passdb backend = tdbsam
	realm = MYDOMAIN.LOCAL

	winbind use default domain = yes
	winbind nested groups = yes

	idmap uid = 10000-40000
	idmap gid = 10000-40000

	template shell = /bin/bash

	load printers = yes
	cups options = raw

#============================ Share Definitions ==============================
	
[homes]
	comment = Home Directories
	browseable = no
	writable = yes
	valid users = %S
;	valid users = MYDOMAIN\%S
	
[files]
	path = /files
	writeable = yes
	guest ok = yes

Can anyone shed any light on the situation please?

Thanks,
Finn

finnsloss · 10-14-2011, 09:33 AM

It looks like the problem is two-fold, time difference between the server and the windows machine, and SELinux!

The time difference meant that all usernames and passwords were rejected. Setting the time more accurately allows the browsing of the server and the available shares.

The shares were still not accessible however, due to SELinux permissions.
Applying the following commands to my /files folder has brought SMB to life!

Code:

# chcon -R -t samba_share_t /files

The -R recursively sets permissions, the -t samba_share_t lets SELinux know you want to share the files.
In order to mark newly created files with the correct type you also need to set the default file context:

Create or edit:
/etc/selinux/targeted/contexts/files/file_contexts.local

Add the line:

Code:

/files(/.*)? system_u:object_r:samba_share_t

Useful commands (run as root):

Code:

sestatus - Check how strict SELinux is (enforcing = block anything without permission, permissive = only produce warnings)
setenforce permissive - Allow all services to run unrestricted, only produce warnings in the log file.
setenforce enforcing - Block all undefined services.

As far as my original problem goes, it now doesn't matter if SMB is run from the command line, or if it starts as a service, SMB Shares are accessible from Windows fine.

I'm still not convinced of the exact problem that ment running "smbd" on the command worked and running "service smb start" didn't work. I guess it will just be one of those mysteries!

Hope this helps others running either CentOS or RHEL (or any distro that has SELinux).

Cheers,
Finn