LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 07-30-2006, 05:48 PM   #1
starcutter
LQ Newbie
 
Registered: Jun 2006
Posts: 14

Rep: Reputation: 0
Samba share for everyone in the same workgroup


All,

I seem to be running in a bit of circle here and I'm not sure what I'm missing. My Windows XP clients cannot access my debian fileserver which is hostname "debianserver". Here is what I'm trying to do:

I have a protected LAN where I trust all the computers that are able to gain an IP from my router and that are in the same workgroup. I've taken many steps to prevent unwanted access to the LAN. Let's call this workgroup "GAMMA" from here on out.

I want any computer associated to this workgroup to have read/write access to a shared folder called "shared files" That sounds simple enough but I can't seem to get it to work correctly. All the other computers do not have logins...that is to say you start Windows by clicking on a user but you don't have to enter a username and password or authenticate with any other server. I'm a little fuzzy here on if these users have associated passwords I need to programmatically account for.

Initially when I configured smb.conf I was able to see and browse the share in Network Neighborhood but could not write to it. After some changes to smb.conf and a few permission changes to the "shared files" folder using chmodI can still see the folder "shared files" but I cannot access it any further than the top folder. I recieve "\\debianserver\shared files is not accessible. You might not have permissions...". The permissions are set as follows:

drwxrw-rw- 7 root staff 4096 2006-07-29 17:01 shared files

Here are the uncommented lines of my smb.conf file:

[global]
workgroup = GAMMA
server string = %h server (Samba %v)
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = share
encrypt passwords = true
passdb backend = tdbsam guest
obey pam restrictions = yes
invalid users = root
passwrd program = usr/bin/passwd %u
socket options = TCP_NODELAY

[shared files]
comment = Shared Files
path = /home/shared files
writable = yes
guest ok = yes

[homes]
comment = Home Directory
browseable = no
writable = no
create mask = 0775
directory mask = 0775
 
Old 07-30-2006, 06:42 PM   #2
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Does it work if you set the shared directory permissions to 777?
 
Old 07-30-2006, 07:04 PM   #3
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 678Reputation: 678Reputation: 678Reputation: 678Reputation: 678Reputation: 678
The samba or samba-doc package might include the book Samba 3 by Example. The second example (Charity Administration Office) will probably fit the bill. The main difference is the use of the "force user" and "force group" entries in smb.conf.

In the example, there are two shared directories; /data/ftmfiles and /data/officefiles. The permissions on the directories are set with the command:

# groupadd office
# useradd -m abmas
# passwd abmas
# chmod -R ug+rwxs,0-w,0+rx /data
# mkdir /data
# chmod 755 /data
# mkdir -p /data/{ftmfiles,officefiles/{letters,invitations,misc}}
# chown -R abmas.office /data
# chmod -R ug+rwxs,0-w,o+rx /data

Under the [global] section, they have "wins support = yes"

The share sections look like this:
Code:
[FTMFILES]
comment = Funds Tracking & Management Files
path = /data/ftmfiles
read only = No
force user = abmas
force group = office
guest ok = Yes
nt acl support = No

[office files]
comment = Funds Tracking & Management Files
path = /data/officefiles
read only = No
force user = abmas
force group = office
guest ok = Yes
nt acl support = No
On the Windows clients: the WINS server address is set to the address of the server;
The workgroup name on all clients is set to the workgroup of the server, GAMMA in your case.
The only option enabled in the "Client for Microsoft Networks" is "Logon and restore network connections."

If you have a Windows ME client, you need to disable password caching:
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Network] "DisablePwdCaching"=dword:00000001

Now you can access the share using any username and password.

----

Note that the permissions on the directories being shared end up being "775" with the sticky bit set. Also, the advertised name of the share is "Office Files" while that actual directory name is "officefiles". So you could rename your directory to "sharedfiles" to make it easier to work with in the shell. You can use the section name "[Shared Files]".

Last edited by jschiwal; 08-02-2006 at 05:37 PM. Reason: fixed some typos
 
Old 07-31-2006, 10:13 PM   #4
starcutter
LQ Newbie
 
Registered: Jun 2006
Posts: 14

Original Poster
Rep: Reputation: 0
Thank you for the quick reply! I will look into this. Someone also recommended adding the line browseable = yes in the [shared files] section. I'll update this and provide some feedback for anyone else trying a similar setup.
 
Old 08-01-2006, 05:29 PM   #5
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 678Reputation: 678Reputation: 678Reputation: 678Reputation: 678Reputation: 678
After re-reading your original post, I'm not sure if I understood it correctly.

If you want to control access by workgroup membership, maybe you want to use domain security instead. If all users on the LAN are allowed full access than you can instead restrict access to the Samba server to the LAN network address.

Use the "hosts allow" and "hosts deny" in samba.conf.

Also, make sure that these ports are blocked by your firewall:
UDP/137 - used by nmbd
UDP/138 - used by nmbd
TCP/139 - used by smbd
TCP/445 - used by smbd

I got this from a Samba.org webpage on securing unpatched samba servers:
http://www.samba.org/samba/docs/server_security.html

I think I remember something in the Samba 3 by Example book about using "browseable = yes" in global and "browseable = no" in the share section. This is something that you could experiment with easily yourself.

Make sure that only one server has "wins support = yes".

Last edited by jschiwal; 08-01-2006 at 05:32 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Same workgroup but net use (samba share) works from Win2K and not WinXP lothario Linux - Software 3 05-26-2006 07:33 AM
Samba workgroup errors tokunbo Linux - Networking 3 12-19-2005 02:23 AM
Samba on a workgroup J_K9 Linux - Networking 7 07-08-2005 01:36 PM
Samba with MS workgroup Ahuka Mandriva 2 09-20-2003 11:17 AM
help with samba workgroup Twistedpenguin Linux - Networking 1 03-04-2003 04:36 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 06:15 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration