LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-07-2008, 02:11 PM   #1
Seventh
Member
 
Registered: Dec 2003
Location: Boston, MA
Distribution: Redhat / Debian
Posts: 269

Rep: Reputation: 30
Question Samba login/user permisssion problems with fresh install.


Hello all,

I'm trying to configure a new server running Debian Etch - it's a fileserver that I'm having a bit of a hard time configuring.

Here's my smb.conf:

Quote:
[global]
workgroup = LAB
security = user
server string = %h server
map to guest = Bad User
obey pam restrictions = Yes
passdb backend = tdbsam
encrypt passwords = yes
#passwd program = /usr/bin/passwd %u
#passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\sp\
assword:* %n\n *password\supdated\ssuccessfully* .
log level = 2
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
dns proxy = No
wins server = eth2:129.83.25.3, eth2:129.83.25.1, eth2:128.29.155.50, e\
th2:128.29.239.2
panic action = /usr/share/samba/panic-action %d
invalid users = root
#include = /etc/samba/dhcp.conf

[homes]
comment = Home Directories
path = /knox/bitbucket/profiles/%u
valid users = %S
#valid users = %u
create mask = 0700
directory mask = 0700
browseable = No
read only = No

[vault]
comment = Vault
path = /knox/vault
read only = No
create mask = 0770
directory mask = 0770
guest ok = No

[Maps]
comment = Map Depot
path = /knox/vault/Maps
read only = Yes
create mask = 0770
directory mask = 0775
Read only = Yes
guest ok = Yes

[share]
comment = Share
path = /knox/bitbucket/share
read only = No
create mask = 0774
directory mask = 0775
#guest only = Yes
guest ok = Yes
#admin users = @samba

[public]
comment = Public Storage
path = /knox/bitbucket/public
read only = No
create mask = 0777
directory mask = 0777
guest only = Yes
guest ok = Yes
I have a few shares, and here's what I'm trying to accomplish:

\share - no auth required
\public - same
\vault - requires auth
\maps - no auth, read only

The problem I'm running into right now is that if I create a fresh user, add them to the samba group and db, I'm getting prompted for a login if I just hit the root \\server.domain.com. In previous setups, hitting just the root of the server would always show me the available shares, and only prompt me to login if I tried to access any of the password protected areas.

If anyone could take a peek and perhaps tell me why I'm being prompted for a login when trying to get at anything, I'd really appreciate it.

Thanks!
 
Old 09-07-2008, 04:46 PM   #2
Woodypecker
Member
 
Registered: Mar 2006
Location: Austria
Distribution: Mandriva/Debian
Posts: 104

Rep: Reputation: 17
obey pam restrictions (G)
When Samba 3.0 is configured to enable PAM support (i.e. --with-
pam), this parameter will control whether or not Samba should
obey PAM's account and session management directives. The default
behavior is to use PAM for clear text authentication only and to
ignore any account or session management. Note that Samba always
ignores PAM for authentication in the case of encrypt passwords =
yes. The reason is that PAM modules cannot support the chal‐
lenge/response authentication mechanism needed in the presence of
SMB password encryption.

This snippet from man smb.conf should make clear why "obey pam restrictions" is not a good idea here.
 
Old 09-09-2008, 08:37 AM   #3
Seventh
Member
 
Registered: Dec 2003
Location: Boston, MA
Distribution: Redhat / Debian
Posts: 269

Original Poster
Rep: Reputation: 30
Thanks for the reply.

I turned pam restrictions off, but it didn't seem to really do anything. I also removed "invalid users = root" which made my public share work. The biggest problem (of my many, hah) that I have right now is that this share:

Quote:
[Maps]
comment = Map Depot
path = /knox/vault/Maps
read only = Yes
create mask = 0770
directory mask = 0775
guest ok = Yes
Still doesn't let anyone in - neither guests, or authenticated users. I just want to make it a simple share that's available read-only to everyone. I tried 777ing the folder and chown/grping it to both root and samba, and still no dice.
 
Old 09-09-2008, 09:35 AM   #4
Seventh
Member
 
Registered: Dec 2003
Location: Boston, MA
Distribution: Redhat / Debian
Posts: 269

Original Poster
Rep: Reputation: 30
Here's the log error that I get when trying to access the maps share.

Quote:
[2008/09/09 10:33:17, 0] auth/auth_util.c:create_builtin_administrators(785)
create_builtin_administrators: Failed to create Administrators
[2008/09/09 10:33:17, 2] auth/auth_util.c:create_local_nt_token(899)
create_local_nt_token: Failed to create BUILTIN\Administrators group!
[2008/09/09 10:33:17, 0] auth/auth_util.c:create_builtin_users(751)
create_builtin_users: Failed to create Users
[2008/09/09 10:33:17, 2] auth/auth_util.c:create_local_nt_token(926)
create_local_nt_token: Failed to create BUILTIN\Users group!
[2008/09/09 10:33:17, 0] smbd/service.c:make_connection_snum(920)
'/knox/vault/maps' does not exist or permission denied when connecting t
o [Falconview] Error was Permission denied
kursk:/var/log/samba#
The path is correct so it's definitely not the "does not exist" part of it. It pops up a login box and regardless of credentials doesn't let me in. Directory is 777 and owned by root.
 
Old 09-10-2008, 05:29 AM   #5
Woodypecker
Member
 
Registered: Mar 2006
Location: Austria
Distribution: Mandriva/Debian
Posts: 104

Rep: Reputation: 17
1. you did do the "smbpasswd -a $USER" for your users wanting to connect?
2. you may need to do the same for "nobody" with a empty password
3. what are the filesystem permissions for the /knox/vault/maps directory, in particular
does the group it belongs to, match one of the groups the users are in? (you may simply change group to nogroup for "nobody" access ...)
4. "read only = yes" and "create mask" won't stick together, but that shouldn't matter ...
5. from the log, and the multiple wins servers you specified, I wonder is the samba server (trying to be) member of a domain?
6. even when the smb.conf looks perfectly valid, do run testparm.
In particular, is "Server role" standalone or anything else?
 
  


Reply

Tags
samba


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Fresh 12.1 Install. X Starts in Root, not as user bowie Slackware 5 07-14-2008 09:38 PM
assign user with root privilege and permisssion to access system files eyt Linux - General 6 07-27-2007 12:02 PM
Fresh Install of FC6: Can't login! Anthony903 Fedora 9 01-28-2007 03:49 PM
Error w/ Root Login - Slackware Fresh Install Zvakin Slackware - Installation 2 08-21-2005 05:54 PM
login problem on fresh install mobouser Mandriva 4 01-29-2005 03:02 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 05:31 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration