LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   SAMBA Configuration - Cannot access SAMBA Shares (https://www.linuxquestions.org/questions/linux-newbie-8/samba-configuration-cannot-access-samba-shares-938362/)

Gyrogypsy 04-05-2012 04:52 PM

SAMBA Configuration - Cannot access SAMBA Shares
 
Good Evening,

After some help yesterday, I am now having issues with SAMBA in FC16. I have followed every guide out there, and still cannot connect my Win7 machine to my FC16 SAMBA share. I am using KDE, Dolphin, and have updated.

Here is where I am:
> Share created (Right click, Properties, Share, Share with Samba and named the share)
> Allowed SAMBA as Trusted through Firewall
> Added User with Password
> Added share in Samba Server Configuration
> Checked smb.conf for correct share entry
> Changed to allow NTLMv2 in Windows Network Security

I have disabled firewall, modified smb.conf with several recommendations, and I still cannot get my Win 7 machine to map the Samba share.

If anybody has had the same issue or knows where I am going wrong, would appreciate you help.

Many thanks
Simon

catkin 04-05-2012 10:16 PM

How are you trying to map the drive on the W7 computer and what symptoms do you see? Can the same W7 computer map shares on any other computer?

Are the samba daemons running? ps -ef | egrep '[sn]mbd' will show.

Are there any error messages in the /var/log/samba/* files?

Please post the smb.conf.canonical file generated by running testparm smb.conf > smb.conf.canonical in the /etc/samba directory (press Enter when testparm prompts for it).

deep27ak 04-06-2012 07:30 AM

Quote:

Originally Posted by Gyrogypsy (Post 4645836)
Good Evening,

After some help yesterday, I am now having issues with SAMBA in FC16. I have followed every guide out there, and still cannot connect my Win7 machine to my FC16 SAMBA share. I am using KDE, Dolphin, and have updated.

Here is where I am:
> Share created (Right click, Properties, Share, Share with Samba and named the share)
> Allowed SAMBA as Trusted through Firewall
> Added User with Password
> Added share in Samba Server Configuration
> Checked smb.conf for correct share entry
> Changed to allow NTLMv2 in Windows Network Security

I have disabled firewall, modified smb.conf with several recommendations, and I still cannot get my Win 7 machine to map the Samba share.

If anybody has had the same issue or knows where I am going wrong, would appreciate you help.

Many thanks
Simon

I think it would be helpful if you post your smb.conf and iptables rule so that we can figure out the problem

Gyrogypsy 04-06-2012 04:55 PM

Hi - Thanks for the reply and the help!

Here is the result of
Code:

ps -ef | egrep '[sn]mbd'
Code:

root@FC16 Documents]# ps -ef | egrep '[sn]mbd'
root      825    1  0 22:36 ?        00:00:00 /usr/sbin/nmbd
root      846    1  0 22:36 ?        00:00:00 /usr/sbin/smbd
root      851  846  0 22:36 ?        00:00:00 /usr/sbin/smbd

So the daemons are running.

Looking at the log files, I see something interesting. It seems that my Win7 machine is attemmpting to connect (Win7 machine is SHMAIN2), and when I view the log.shmain2 I get a load of entries exactkly the same (with different date stamps). The share I am attempting to connect to is MediaStore. The network is on 172.16.0.xxx

Code:

[2012/04/05 21:11:47.264158,  0] smbd/service.c:1022(make_connection_snum)
  canonicalize_connect_path failed for service MediaStore, path /mnt/PERC_R
AID/MediaStore

Here is the Canonical file>>>

Code:

[root@FC16 samba]# more smb.conf.canonical
[global]
        workgroup = MYGROUP
        server string = Samba Server Version %v
        log file = /var/log/samba/log.%m
        max log size = 50
        idmap config * : backend = tdb
        cups options = raw

[homes]
        comment = Home Directories
        read only = No
        browseable = No

[printers]
        comment = All Printers
        path = /var/spool/samba
        printable = Yes
        print ok = Yes
        browseable = No

[MediaStore]
        path = /mnt/PERC_RAID/MediaStore
        read only = No
        guest ok = Yes

However, here is my full smb.conf

Code:

[root@FC16 samba]# more smb.conf
# This is the main Samba configuration file. For detailed information about
 the
# options listed here, refer to the smb.conf(5) manual page. Samba has a hu
ge
# number of configurable options, most of which are not shown in this examp
le.
#
# The Official Samba 3.2.x HOWTO and Reference Guide contains step-by-step
# guides for installing, configuring, and using Samba:
# http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
#
# The Samba-3 by Example guide has working examples for smb.conf. This guid
e is
# generated daily: http://www.samba.org/samba/docs/Samba-Guide.pdf
#
# In this file, lines starting with a semicolon (;) or a hash (#) are
# comments and are ignored. This file uses hashes to denote commentary and
# semicolons for parts of the file you may wish to configure.
#
# Note: Run the "testparm" command after modifying this file to check for b
asic
# syntax errors.
#
#---------------
# Security-Enhanced Linux (SELinux) Notes:
#
# Turn the samba_domain_controller Boolean on to allow Samba to use the use
radd
# and groupadd family of binaries. Run the following command as the root us
er to
# turn this Boolean on:
# setsebool -P samba_domain_controller on
#
# Turn the samba_enable_home_dirs Boolean on if you want to share home
# directories via Samba. Run the following command as the root user to turn
 this
# Boolean on:
# setsebool -P samba_enable_home_dirs on
#
# If you create a new directory, such as a new top-level directory, label i
t
# with samba_share_t so that SELinux allows Samba to read and write to it.
Do
# not label system directories, such as /etc/ and /home/, with samba_share_
t, as
# such directories should already have an SELinux label.
#
# Run the "ls -ldZ /path/to/directory" command to view the current SELinux
# label for a given directory.
#
# Set SELinux labels only on files and directories you have created. Use th
e
# chcon command to temporarily change a label:
# chcon -t samba_share_t /path/to/directory
#
# Changes made via chcon are lost when the file system is relabeled or comm
ands
# such as restorecon are run.
#
# Use the samba_export_all_ro or samba_export_all_rw Boolean to share syste
m
# directories. To share such directories and only allow read-only permissio
ns:
# setsebool -P samba_export_all_ro on
# To share such directories and allow read and write permissions:
# setsebool -P samba_export_all_rw on
#
# To run scripts (preexec/root prexec/print command/...), copy them to the
# /var/lib/samba/scripts/ directory so that SELinux will allow smbd to run
them.
# Note that if you move the scripts to /var/lib/samba/scripts/, they retain
# their existing SELinux labels, which may be labels that SELinux does not
allow
# smbd to run. Copying the scripts will result in the correct SELinux label
s.
# Run the "restorecon -R -v /var/lib/samba/scripts" command as the root use
r to
# apply the correct SELinux labels to these files.
#
#--------------
#
#======================= Global Settings ==================================
===

[global]

# ----------------------- Network-Related Options -------------------------
#
# workgroup = the Windows NT domain name or workgroup name, for example, MY
GROUP.
#
# server string = the equivalent of the Windows NT Description field.
#
# netbios name = used to specify a server name that is not tied to the host
name.
#
# interfaces = used to configure Samba to listen on multiple network interf
aces.
# If you have multiple interfaces, you can use the "interfaces =" option to
# configure which of those interfaces Samba listens on. Never omit the loca
lhost
# interface (lo).
#
# hosts allow = the hosts allowed to connect. This option can also be used
on a
# per-share basis.

# hosts deny = the hosts not allowed to connect. This option can also be us
ed on
# a per-share basis.
#
        workgroup = MYGROUP
        server string = Samba Server Version %v

;        netbios name = MYSERVER

;        interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
;        hosts allow = 127. 192.168.12. 192.168.13.

# --------------------------- Logging Options -----------------------------
#
# log file = specify where log files are written to and how they are split.
#
# max log size = specify the maximum size log files are allowed to reach. L
og
# files are rotated when they reach the size specified with "max log size".
#

        # log files split per-machine:
        log file = /var/log/samba/log.%m
        # maximum size of 50KB per log file, then rotate:
        max log size = 50

# ----------------------- Standalone Server Options -----------------------
-
#
# security = the mode Samba runs in. This can be set to user, share
# (deprecated), or server (deprecated).
#
# passdb backend = the backend used to store user information in. New
# installations should use either tdbsam or ldapsam. No additional configur
ation
# is required for tdbsam. The "smbpasswd" utility is available for backward
s
# compatibility.
#

        security = user
;        passdb backend = tdbsam


# ----------------------- Domain Members Options ------------------------
#
# security = must be set to domain or ads.
#
# passdb backend = the backend used to store user information in. New
# installations should use either tdbsam or ldapsam. No additional configur
ation
# is required for tdbsam. The "smbpasswd" utility is available for backward
s
# compatibility.
#
# realm = only use the realm option when the "security = ads" option is set
.
# The realm option specifies the Active Directory realm the host is a part
of.
#
# password server = only use this option when the "security = server"
# option is set, or if you cannot use DNS to locate a Domain Controller. Th
e
# argument list can include My_PDC_Name, [My_BDC_Name], and [My_Next_BDC_Na
me]:
#
# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
#
# Use "password server = *" to automatically locate Domain Controllers.

;        realm = MY_REALM

;        password server = <NT-Server-Name>

# ----------------------- Domain Controller Options -----------------------
-
#
# security = must be set to user for domain controllers.
#
# passdb backend = the backend used to store user information in. New
# installations should use either tdbsam or ldapsam. No additional configur
ation
# is required for tdbsam. The "smbpasswd" utility is available for backward
s
# compatibility.
#
# domain master = specifies Samba to be the Domain Master Browser, allowing
# Samba to collate browse lists between subnets. Do not use the "domain mas
ter"
# option if you already have a Windows NT domain controller performing this
 task.
#
# domain logons = allows Samba to provide a network logon service for Windo
ws
# workstations.
#
# logon script = specifies a script to run at login time on the client. The
se
# scripts must be provided in a share named NETLOGON.
#
# logon path = specifies (with a UNC path) where user profiles are stored.
#
#

;        domain master = yes
;        domain logons = yes

        # the following login script name is determined by the machine name
        # (%m):
;        logon script = %m.bat
        # the following login script name is determined by the UNIX user us
ed:
;        logon script = %u.bat
;        logon path = \\%L\Profiles\%u
        # use an empty path to disable profile support:
;        logon path =

        # various scripts can be used on a domain controller or a stand-alo
ne
        # machine to add or delete corresponding UNIX accounts:

;        add user script = /usr/sbin/useradd "%u" -n -g users
;        add group script = /usr/sbin/groupadd "%g"
;        add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M
-d /nohome -s /bin/false "%u"
;        delete user script = /usr/sbin/userdel "%u"
;        delete user from group script = /usr/sbin/userdel "%u" "%g"
;        delete group script = /usr/sbin/groupdel "%g"


# ----------------------- Browser Control Options -------------------------
---
#
# local master = when set to no, Samba does not become the master browser o
n
# your network. When set to yes, normal election rules apply.
#
# os level = determines the precedence the server has in master browser
# elections. The default value should be reasonable.
#
# preferred master = when set to yes, Samba forces a local browser election
 at
# start up (and gives itself a slightly higher chance of winning the electi
on).
#
;        local master = no
;        os level = 33
;        preferred master = yes

#----------------------------- Name Resolution ----------------------------
---
#
# This section details the support for the Windows Internet Name Service (W
INS).
#
# Note: Samba can be either a WINS server or a WINS client, but not both.
#
# wins support = when set to yes, the NMBD component of Samba enables its W
INS
# server.
#
# wins server = tells the NMBD component of Samba to be a WINS client.
#
# wins proxy = when set to yes, Samba answers name resolution queries on be
half
# of a non WINS capable client. For this to work, there must be at least on
e
# WINS server on the network. The default is no.
#
# dns proxy = when set to yes, Samba attempts to resolve NetBIOS names via
DNS
# nslookups.

;        wins support = yes
;        wins server = w.x.y.z
;        wins proxy = yes

;        dns proxy = yes

# --------------------------- Printing Options ----------------------------
-
#
# The options in this section allow you to configure a non-default printing
# system.
#
# load printers = when set you yes, the list of printers is automatically
# loaded, rather than setting them up individually.
#
# cups options = allows you to pass options to the CUPS library. Setting th
is
# option to raw, for example, allows you to use drivers on your Windows cli
ents.
#
# printcap name = used to specify an alternative printcap file.
#

;        load printers = yes
        cups options = raw

;        printcap name = /etc/printcap
        # obtain a list of printers automatically on UNIX System V systems:
;        printcap name = lpstat
;        printing = cups

# --------------------------- File System Options -------------------------
--
#
# The options in this section can be un-commented if the file system suppor
ts
# extended attributes, and those attributes are enabled (usually via the
# "user_xattr" mount option). These options allow the administrator to spec
ify
# that DOS attributes are stored in extended attributes and also make sure
that
# Samba does not change the permission bits.
#
# Note: These options can be used on a per-share basis. Setting them global
ly
# (in the [global] section) makes them the default for all shares.

;        map archive = no
;        map hidden = no
;        map read only = no
;        map system = no
;        store dos attributes = yes


#============================ Share Definitions ===========================
===

[homes]
        comment = Home Directories
        browseable = no
        writable = yes
;        valid users = %S
;        valid users = MYDOMAIN\%S

[printers]
        comment = All Printers
        path = /var/spool/samba
        browseable = no
;        guest ok = no
;        writable = No
        printable = yes

# Un-comment the following and create the netlogon directory for Domain Log
ons:
;        [netlogon]
;        comment = Network Logon Service
;        path = /var/lib/samba/netlogon
;        guest ok = yes
;        writable = no
;        share modes = no

# Un-comment the following to provide a specific roving profile share.
# The default is to use the user's home directory:
;        [Profiles]
;        path = /var/lib/samba/profiles
;        browseable = no
;        guest ok = yes

# A publicly accessible directory that is read only, except for users in th
e
# "staff" group (which have write permissions):
;        [public]
;        comment = Public Stuff
;        path = /home/samba
;        public = yes
;        writable = yes
;        printable = no
;        write list = +staff

[MediaStore]
        path = /mnt/PERC_RAID/MediaStore
        read only = no
;        browseable = yes
        guest ok = yes

I hope this helps.. and once again I appreciate your help!!

Simon

jschiwal 04-06-2012 07:36 PM

I don't see a "Security = ..." line in your smb.conf file. The default is "security = user". It usually is accompanied with "map to guest = bad user".
From the smb.conf manpage:
Quote:

Originally Posted by smb.conf manpage
Bad User - Means user logins with an invalid password are rejected, unless the username does not exist, in which case it is treated as a guest login and mapped into the guest account.

Also, check if selinux is restricting smbd access to it's own files. At home, I had samba problems, and noticed error messages in the logs due to AppArmor restrictions.

Make sure that users in windows have corresponding samba entries (smbpasswd -a). Especially for "Security = User" model. Maybe that is what you did, which you described as "Added User with Password".

If you have problems with browsing to shares, check the firewall settings. Make sure the the UDP ports are also open

catkin 04-06-2012 10:40 PM

Does /mnt/PERC_RAID/MediaStore exist and does it have read and write (and the directories, execute) access for the user running samba (normally root)?

Gyrogypsy 04-09-2012 02:57 PM

Quote:

Originally Posted by catkin (Post 4646867)
Does /mnt/PERC_RAID/MediaStore exist and does it have read and write (and the directories, execute) access for the user running samba (normally root)?

Hi. Yes it does exist and I can read/write as normal to that directory and sub directory.

There is an entry

Code:

security = user
and I have added the "bad user" entry now also.

Does anybody have any other ideas?

deep27ak 04-09-2012 10:47 PM

Quote:

Originally Posted by Gyrogypsy (Post 4645836)
> Added User with Password
> Added share in Samba Server Configuration

Are you not at all able to connect to the samba share or you get the prompt for username and password?

As I don't see any place where you have mentioned the valid users who have the privilage to connect your samba share

have you added this option in samba share
Code:

valid users = abc xyz
Code:

#smbpasswd -a abc
assign a new password

uncomment these lines and make an entry of your interface and hosts IP range in smb.conf
Code:

hosts allow = 127. 192.168.12. 192.168.13.
interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24

restart your samba

post your iptables rule on server and check the firewall of windows which might be creating problems


All times are GMT -5. The time now is 04:13 PM.