|
Cannot connect to smb server even from Linux box
I keep getting errors when I try to logon:
Code:
root@MediaMadness:/etc/samba# smbclient -L mediamadness -U mcman -W mshomeCode:
mcdizz@MediaMadness:/var/log/samba$ smbclient -L localhostHere is my smb.conf: Code:
[global]Any ideas? |
Quote:
First you should check if the service is running: ps aux | grep <nameOfSambaProcess> If it is not running. Start it. Do an nmap scan on the host where samba is running. Then try it on the host you are connecting to. Then try to list the shares and look if the ones that you want to access is actually there. Then try to connect. Be shure your syntax is good. But you tell me you can't see the shares. So the service is probably not started or the firewall blocks it. |
Well the processes smnb and nmbd are running, so thats not a problem. Can you elaborate on the firewall? I have read some people talk about using iptables to open some ports, etc, but I haven't looked into it much since it is a lot to swallow... Like I said, I did testparm, so i am 'shure' my syntax is good ;)
|
Quote:
iptables -F iptables -F nat iptables -X iptables -X nat Now try to connect to the samba share from the localhost. I don't know what testparm has to do with this. This tool is for optimizing your hard drive. I meant the syntax for connecting to the share. And also, first try to list the shares and see if it is there. Also try to do an nmap. (you probably have to install it) nmap localhost and look if the ports are open |
Thanks, I got it up and running and can be seen on my XP machine. The problem is that I can't write to my mounted drive. This is what I have done so far to try and fix this:
1) created new group ('datamod') and added my computer name as a user in this group 2) changed the mounted directory to be in the 'datamod' group. 3) made the directory read only except for a few users and the 'datamod' group... After playing with it and doing the above, I actually cannot even access it anymore haha (I see it, but 'dont have permissions'). I prompts for a UN/PW which are not accepted even though they are right.. What else am I missing? EDIT: Note that I am trying to connect to 'data' share Code:
[global] |
Do the samba logs reveal anything? Also, try resetting the user in the smbpasswd store.
|
Did both, logs didnt show anything relevant, pw reset didnt help... Other ideas?
|
Could you list the permissions of the /mnt/raid directory.
Quote:
|
The group is defined for the users who have permissions to alter the contents/structure of the mounted directory. For example, I want my XP computer to be part of this group so that I can change what is on the drive.
|
The user would be the user logging into that XP computer, and not the XP hostname.
You could add the users who login to that computer to a group and use that group for the write list. It looks like you started out with a domain, but changed that since the first message. So I don't think you can use machine accounts. I think that you need a Unix account on the Samba server for each user. So every user/password on the Samba server matches their user/password in Windows. I don't believe that users who are members of a machine or domain are automatically added with the default "security = user" type server. The first configuration was for a stand-alone PDC samba server. The second is for a non-dc samba server. If you use domain security, then you need to go through a process of adding machines to the domain, (creating a Unix user corresponding for each machine). There are other types of backends that samba uses to store account information, but my main point is that a user account is created and not a group account. Both the Samba3-byExample and Samba3-Howto outline the process of adding machines and users if you use domain security. This process can be done on the fly when you add a machine to the domain. One other thing to watch for is that you only have one machine configured as a WINS server. Code:
[global] |
Awesome, all i had to do was add my Windows UN (vs computer name-used for domain though, right?). One concern is that my XP computer asks for my login at start up and I have a blank password cause its annoying for XP. Obviously this means that PW on my server has to be blank. Is there a way around this w/o adding a PW for Windows?
You might say "make it a domain", but I dont know if I need a domain, you tell me. This is what I ultimately want to do to it: 1) Short term: use the server to stream media to my xbox, etc (geebox or something of the sort) 2) Long term: make my server available via a php home page to the outside world for 'trusted' friends as well as myself if I am away from home. Even to just log onto it via ssh or whatever would be nice from outside... Maybe a better definition of the difference between a workgroup and a domain would be helpful... Ill Google and see what I find, but if you have some good differences to point out, dont hesitate. Thanks again for the help! |
NT domains are a non-hierarchal authorization scheme where hosts are added as members, and users can login to any domain host. The username/password information is contained with the domain controller. It allows roaming profiles and single sign-on. Windows 98se/2000/NT/XP pro machines can join a domain. Windows XP home can not join a domain.
WINS is a kind of host DNS, that allows one host to locate another without using broadcasts, as was the case with Windows 95/98. With Windows 2000, Microsoft introduced Active Domain Control, which is hierarchal. This works better for very large networks. The technology is based on ldap which is a general directory service. Samba's version uses OpenLDAP. Doing this you could use OpenLDAP for other things as well, and the Samba books recommend becoming familiar with ldap instead of using a boilerplate solution. Quote:
2.) Setting up ssh would be the most secure and easiest to use. You can even use putty on windows to access your computer. Be sure to A) disable root logins B) Use "allow users" to control who can login. c) Disable the ssh-1 protocol. Many people also change the port from 22 to one over 1024 to reduce the number of script kiddie attacks. |
Thanks! So it sounds like I dont really need to change anything if I want to add access to the outside world in terms changing to a domain. Changing the ssh port is a good idea. Other than that, I just have to open the right ssh port for this system to gain access from outside right?
|
You need to forward the port at the router and open the port at the computers firewall. Your router may be able to forward and translate a port as well. For example, the router may be able to forward port 1024 to port 22. Then you wouldn't need to make changes on the computer. You will need to use the new port on the client when you run ssh or putty from the outside however. What this will accomplish is being missed when a script kiddie tries port 22 on a range of IP addresses. However, if they scan for all ports, they may still find it. It will reduce the number of brute force attacks, not eliminate them.
|
So let me get this right: When using a workgroup, I cannot access the server drive (map it) as any other user except my current XP's user?
For example, if I remove my XP login name from smb, but have others defined in smb: If I try to map a drive, XP will pop up asking for a UN and PW (instead of just mapping it w/o any questions being asked). However, no matter what I do, it will not let me sign in under any of the other user accounts. The UNs and PWs are being typed correctly... The smb log files state errors regarding the password. I would think that if it asks for a UN/PW I should be able to 'sign on' as another user... Is this not so with workgroups?? |
| All times are GMT -5. The time now is 11:38 AM. |