LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 03-05-2008, 01:35 PM   #1
kaplan71
Member
 
Registered: Nov 2003
Posts: 809

Rep: Reputation: 39
Problem Accessing a Samba 3.0 Share


Hi there --

We have Samba 3.0.23a running on a Fedora Core 4 system, but our remote systems are unable to access a share.

The /etc/init.d/smb script referenced the smb.conf file located in the /etc/samba directory, but the file in question was not located there. There was such a file available in the /usr/share/doc/samba-3.0.23a/LDAP/smbldap-tools-0.9.2 directory, and I copied that file to the /etc/samba directory.

The share in question has the following configuration:

Code:
[adv4dexport]
path = /export/home1/sdc_image_pool/appli/Advantage4DCT/sbreath/motion_files
comment = Respiratory Motion files directories
public = yes
writable = yes
oplocks = false
printable = no
guest ok = yes
browsable = yes
create mask = 0777
directory mask = 0777
The above configuration is based on a similar configuration that works on another system that utilizes samba 2.2.3a. After copying the smb.conf file, and editting it, the /etc/init.d/smb script was started and both smbd and nmbd started without problems.

Whenever a remote system tries to connect to the above share, the error message that is displayed on the remote system is "Network Path Cannot Be Found"

I am not familiar with Samba 3.x, although my guess is there is a problem with the smb.conf file. Has anyone seen this, and know what the solution is for me to take? Thanks.
 
Old 03-06-2008, 07:04 AM   #2
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 680Reputation: 680Reputation: 680Reputation: 680Reputation: 680Reputation: 680
Fedora Core 4 is pretty old. I just had to lead with that.

The error message sounds more like a network configuration problem then a Samba problem. Check your network settings. Are you on the right subnet. Also make sure you don't have two hosts using the same netbios hostname and that you are using the correct domain/workgroup name.
Also post the [General] section of your smb.conf file. If that example file had a directive to use a device with a particular IP address, and that IP address didn't exist, I'm guessing you might see that message as well. It probably would have been better if you had used FC's samba server configuration tool, or swat rather than hand editing.

Another thing, look in /usr/share/doc/samba-<version>/ for a file called "Samba3-ByExample.pdf" or "Samba3-ByExample.ps".
It may be installed from the Samba package or maybe from a samba-doc package. It also is available at the samba3.org website.
http://www.samba.org/samba/docs/Samba3-ByExample.pdf

This is the same book that you can find in the bookstore. There are a couple sample configurations that match very closely what you are doing. It will take you step by step including creating the directory and using the correct permissions.
For example, on any globally writable directory you want to set the "sticky" bit.

Also, make sure your server's actual hostname isn't "localhost". I keep seeing that in posts, and I often have to almost argue with the poster to change it. I think that is the default if you don't supply it during installation, and used to prevent having several hosts with a real default hostname.

Last edited by jschiwal; 03-06-2008 at 07:07 AM.
 
Old 03-06-2008, 09:42 AM   #3
kaplan71
Member
 
Registered: Nov 2003
Posts: 809

Original Poster
Rep: Reputation: 39
Hi there --

Thanks for your reply. I'll be going over the suggestions you recommended in your post. Meanwhile, listed below is the smb.conf file in all its glory.

Code:
# Global parameters
[global]
	workgroup = IDEALX-NT
	netbios name = PDC-SRV
	security = user
	enable privileges = yes
	#interfaces = 192.168.5.11
	#username map = /etc/samba/smbusers
	server string = Samba Server %v
	#security = ads
	encrypt passwords = Yes
	min passwd length = 3
	#pam password change = no
	#obey pam restrictions = No
	#ldap passwd sync = Yes
	unix password sync = Yes
	passwd program = /opt/IDEALX/sbin/smbldap-passwd -u %u
	passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" %n\n"
	#passwd chat debug = Yes
	log level = 0
	syslog = 0
	log file = /var/log/samba/log.%m
	max log size = 100000
	time server = Yes
	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
	mangling method = hash2
	Dos charset = 850
	Unix charset = ISO8859-1

	logon script = logon.bat
	logon drive = H:
        logon home = 
        logon path = 

	domain logons = Yes
	domain master = Yes
	os level = 65
	preferred master = Yes
	wins support = yes
	passdb backend = ldapsam:ldap://127.0.0.1/
	ldap admin dn = cn=Manager,dc=idealx,dc=org
	#ldap admin dn = cn=samba,ou=DSA,dc=idealx,dc=org
	ldap suffix = dc=idealx,dc=org
        ldap group suffix = ou=Groups
        ldap user suffix = ou=Users
        ldap machine suffix = ou=Computers
	#ldap idmap suffix = ou=Idmap
        add user script = /opt/IDEALX/sbin/smbldap-useradd -m "%u"
        #ldap delete dn = Yes
        delete user script = /opt/IDEALX/sbin/smbldap-userdel "%u"
        add machine script = /opt/IDEALX/sbin/smbldap-useradd -t 0 -w "%u"
        add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g" 
        #delete group script = /opt/IDEALX/sbin/smbldap-groupdel "%g"
        add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g"
        delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g"
	set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g '%g' '%u'

	# printers configuration
	printer admin = @"Print Operators"
	load printers = Yes
	create mask = 0640
	directory mask = 0750
	#force create mode = 0640
	#force directory mode = 0750
	nt acl support = No
	printing = cups
	printcap name = cups
	deadtime = 10
	guest account = nobody
	map to guest = Bad User
	dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
	show add printer wizard = yes
	; to maintain capital letters in shortcuts in any of the profile folders:
	preserve case = yes
	short preserve case = yes
	case sensitive = no

[netlogon]
	path = /home/netlogon/
	browseable = No
	read only = yes

[profiles]
	path = /home/profiles
	read only = no
	create mask = 0600
	directory mask = 0700
	browseable = No
	guest ok = Yes
	profile acls = yes
	csc policy = disable
	# next line is a great way to secure the profiles 
	#force user = %U 
	# next line allows administrator to access all profiles 
	#valid users = %U "Domain Admins"

[printers]
        comment = Network Printers
        printer admin = @"Print Operators"
        guest ok = yes 
        printable = yes
        path = /home/spool/
        browseable = No
        read only  = Yes
        printable = Yes
        print command = /usr/bin/lpr -P%p -r %s
        lpq command = /usr/bin/lpq -P%p
        lprm command = /usr/bin/lprm -P%p %j
        # print command = /usr/bin/lpr -U%U@%M -P%p -r %s
        # lpq command = /usr/bin/lpq -U%U@%M -P%p
        # lprm command = /usr/bin/lprm -U%U@%M -P%p %j
        # lppause command = /usr/sbin/lpc -U%U@%M hold %p %j
        # lpresume command = /usr/sbin/lpc -U%U@%M release %p %j
        # queuepause command = /usr/sbin/lpc -U%U@%M stop %p
        # queueresume command = /usr/sbin/lpc -U%U@%M start %p

[print$]
        path = /home/printers
        guest ok = No
        browseable = Yes
        read only = Yes
        valid users = @"Print Operators"
        write list = @"Print Operators"
        create mask = 0664
        directory mask = 0775

[adv4export]
	path = /export/home1/sdc_image_pool/appli/Advantage4DCT/sbreath/motion_files
	comment = Respiratory Motion files directories
	public = yes
	writable = yes
	oplocks = false
	printable = no
	guest ok = yes
	browsable = yes
	create mask = 0777
	directory mask = 0777
 
Old 03-06-2008, 09:26 PM   #4
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 680Reputation: 680Reputation: 680Reputation: 680Reputation: 680Reputation: 680
I haven't worked with LDAP so I couldn't really tell you if those parts are OK or not. Just to check, you said that you copied the file from the "smbldap-tools-0.9.2" directory. That implies that you have an ldap server that you use for the passwd backend and other things like storing net admin members.
Quote:
wins support = yes
Is this the only wins server? You can have only one WINS samba server. The others need to indicate the IP address of the one you have.

Quote:
our remote systems are unable to access a share
By remote systems, do you mean machines on the same subnet, or are they on a different subnet or network?

Is this a pre-existing and functioning domain controller and the problem you have is just adding a share, or are the other parts of the configuration new also? Do you want this machine to be a master domain controller for your network? Is it being used as such succesfully. If not and you want a generic public share, then the smb.conf file you selected is overkill. The samba 3 HOWTO & Reference book advies becoming familiar with LDAP and configure it according to your particular needs instead of simply applying their bowler plate solution. It is a general purpuse directory service that you would use for other systems such as email

Two other books I should mention are "Using Samba", the html version is included when installing samba swat. Also the Samba 3 HOWTO & Reference book. They will include information on test utilities you can use to examine the services offered, listing the Network Admin members, etc. .

Often the error message that is reported is somewhat generic. Looking in the Samba Logs may indicate what in particular failed. Also check /var/log/messages. Do you have a DNS server that is used? Can you ping the machine? Can you use "smbclient -L <hostname> on a different linux machine to examine the shares offered.

Also look into your /etc/resolv.conf and /etc/hosts.conf and /etc/nsswitch.conf files. Here the documentation and manpages will be a great help. There is an nss_ldap library that you may need to install and then edit /etc/nsswitch.conf to use it for the services that you rely on ldap for. This may hold true for the other services as well.

---

If you didn't want a domain controller or to use ldap, then I'd recommend the "By Example" book for a walk through on configuring a generic "guest" writable share. Also consider using Samba Swat. It may be installed along with Samba or maybe with a Samba-Swat package. Before using it, see if there is an /etc/xinet.d/swat file. If so, edit the file, changing "disable = yes" to "disable = no". The rest is probably OK.

Then enable xinetd if it isn't running.
chkconfig xinetd on

Restart the xinetd service so it reloads the config files or send it the HUP signal:
killall -S SIGHUP xinetd

Now on the same machine, point the web browser at: http://localhost:901
You should get a requester for username and password. Enter the "root" and root's password. From the intro page you can access a lot of documentation. You can add shares or run through a wizard. The wizard might be a good idea, because you may want to start fresh.

Good Luck!

Last edited by jschiwal; 03-06-2008 at 09:28 PM.
 
Old 03-07-2008, 08:10 AM   #5
kaplan71
Member
 
Registered: Nov 2003
Posts: 809

Original Poster
Rep: Reputation: 39
Hi there --

I went through the Samba By Example manual, and I decided to forgo using the smb.conf file that came with the system, and create one from scratch. I used the 'no frills' Samba server as the basis for the one that I set up. The end result is an smb.conf file that is the following:

Code:
# Global Parameters

[global]
        workgroup = MYGROUP
        security = SHARE

[adv4dexport]
        path = /export/home1/sdc_image_pool/appli/Advantage4DCT/sbreath/motion_files
        comment = Respiratory Motion files directories
        public = Yes
        read only = No
        guest ok = Yes
        browseable = Yes
        create mask = 0777
        directory mask = 0777
This configuration has allowed the remote user to be able to access the directory in question without a problem.

There was one issue that I did have: Another workstation running Samba 2.2 with a similar configuration and network share has directory permissions of 775, while the workstation with Samba 3.0 needed to have the configuration set to 777. Is this by design, or is there an additonal piece of configuration that I needed to look at? Thanks.
 
Old 03-08-2008, 06:30 AM   #6
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 680Reputation: 680Reputation: 680Reputation: 680Reputation: 680Reputation: 680
For files on a public share, I wouldn't have file permissions of 777. That would allow anyone to read-write and execute a file. This is especially true if you have other users on the server. You could even dedicate a partition to be used for the share and mount it with the "noexec" and "nodev" options.

The "user=share" security model is obsolete. I would just use it if the windows hosts were windows 95/98/Me computers. Otherwise I would use the "security = user" model.

The "public = Yes" line is a synonym for "guest ok = yes".

Here is a share I just created and tested on my desktop:
Code:
[public]
        comment = Public Share test
        path = /srv/samba
        read only = no
        guest ok = yes
        browseable = Yes
I su'ed to a different user before launching "konqueror smb:/" at my laptop. I was able to access it and create a text file there. I used "sudo chmod a=rwxt /srv/samba" to set the sticky bit. I probably should have used "create mask = 0644". That would allow a user that does have an authenticated session to have a file saved with rwxrwxr-- permissions, preventing other users from writing over the file. The sticky bit prevents the files from being deleted by other users. When you delete a file, you are actually writing to the directory. So if you had write permissions on the directory and the sticky bit wasn't set, then you could delete any file in the directory.

When logged onto the desktop, this is what the file looks like:
Code:
-rwxr--r-- 1 nobody nobody 2 Mar  8 06:28 Text File
I just looked up "create mask" in the smb.conf manpage. The default is "0744". I would recommend "0644" instead.

Accessing the "public" share under my regular account (with the username/password entered with "smbpasswd", a file created there had my ownership on the file system. A user not in the smbpasswd password file ( there are other password backends ) would be a guest user and mapped to the "nobody" user in Linux.

Last edited by jschiwal; 03-08-2008 at 06:35 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
accessing samba share nickraj Linux - Server 0 07-28-2007 09:52 AM
Problem accessing open office documents over samba share jonic Linux - Software 0 11-18-2005 10:46 AM
Accessing SAMBA Share via MS VC++ dhammika Programming 0 12-01-2004 10:14 PM
Problem accessing home share with Samba bubber Linux - Software 5 03-09-2003 10:46 AM
Accessing a Samba Share bkmesenbrink Linux - Software 2 07-31-2002 03:04 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 02:53 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration