LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Ubuntu
User Name
Password
Ubuntu This forum is for the discussion of Ubuntu Linux.

Notices


Reply
  Search this Thread
Old 07-26-2009, 07:57 AM   #1
avinash.rao
Member
 
Registered: Jun 2008
Posts: 197

Rep: Reputation: 30
Smile smbclient command allowing only root?


Dear all,

I am using samba 3.0.28a on Ubuntu 8.04 and below is my smb.conf file

[global]
workgroup = sunbox
server string = Samba on SUN
max log size = 500
log level = 1
bind interfaces only = True

log file = /var/log/samba/log.%m
max log size = 1000

domain logons = yes
os level = 65
prefered master = yes
domain master = yes
local master = yes

add machine script = /usr/sbin/useradd -s /bin/false -d /home/nobody %u
dns proxy =No
hosts allow = 127. 192.168.1. 16.181.
wins support = Yes
passdb backend = smbpasswd

encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
security = user
netbios name = human
username map = /etc/samba/smbusers

[homes]
comment = Home Dir
read only = NO
browseable = NO
valid users = %S
path = %H
directory mask = 0700
create mask = 0700


[share]
comment = test share
path = /media/disk
create mask = 0765

I am trying to connect to share using smbclient command, strangely, it is allowing only root user account and throws "session setup failed: NT_STATUS_LOGON_FAILURE" for any user other than root.

#smbclient //localhost/share -U username

The user id is entered in /etc/samba/smbusers , I have recreated other user accounts by using smbpasswd -a and enabled them by smbpasswd -e commands. But i am still not able to login. I have also changed the permissions of /media/disk directory to access all .

Can anybody help me?
Avinash

Last edited by avinash.rao; 07-26-2009 at 07:59 AM.
 
Old 07-26-2009, 01:16 PM   #2
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
Could you verify the ownership and properties of /media/disk?
The /media/ directory is normally a place for temporary automatically mounted shares. What filesystem is used? How was it mounted? Show that is is mounted with "mount | grep /media/disk" and show the permissions with "ls -ld /media/disk" to verify the description you gave.

Is this samba server supposed to be a domain controller? Did the user log into the domain?
Code:
domain logons = yes
os level = 65
prefered master = yes
domain master = yes
local master = yes
I ssh'ed into my desktop and added this share:
Code:
[testshare]
        comment = Test Share for LQ post
        path = /srv/samba/hpmedia
        create mask = 0765
After restarting the service, I was able to enter:
Code:
smbclient -U jschiwal //hpmedia/testshare    
Enter jschiwal's password:                                      
Domain=[HPMEDIA] OS=[Unix] Server=[Samba 3.2.4-4.5-2154-SUSE-SL11.0]
smb: \> ls
  .                                   D        0  Sun Jul 26 13:10:14 2009
  ..                                  D        0  Sun Jul 26 12:51:06 2009
  ex2-3-7.kilepr                             509  Sun Jul 26 13:10:14 2009
  ex235.tex                                  300  Sun Jul 26 13:10:14 2009
  ex237.tex~                                 303  Sun Jul 26 13:10:14 2009
  ex235.log                                 3759  Sun Jul 26 13:10:14 2009
...
I downloaded a file successfully.

Also, check that only one samba server has "WINS Support = Yes". Except that you have a domain controller, the configuration is similar to mine.

Use "smbclient -L hostname" and see if you get a list of services.
Check if regular browsing works.

Last edited by jschiwal; 07-26-2009 at 01:23 PM.
 
Old 07-27-2009, 03:37 AM   #3
avinash.rao
Member
 
Registered: Jun 2008
Posts: 197

Original Poster
Rep: Reputation: 30
Hi,

Thank you for your detailed reply.

Yes, Samba is configured as a domain controller and wins support is enabled. I am actually tyring to test the connection from the samba machine using smbclient command and also from a winXP machine. From the winxp machine, i tried accessing the share by executing //hostname/sharename and even here, i could use only root.

The permissions:

drwxrwxrwx 5 root root 4096 2009-07-27 07:27 /media

Even before i share /media/disk, i had created a directory by name /sambashare and the permissions were:
drwxrwxrwx 2 root sambashare 4096 2009-07-26 18:34 sambashare
But i had the same problem.

Listing of services:
root@human:~# smbclient -L human
Password:
Domain=[SUNBOX] OS=[Unix] Server=[Samba 3.0.28a]

Sharename Type Comment
--------- ---- -------
share Disk test share
IPC$ IPC IPC Service (Samba on SUN)
root Disk Home Dir
Domain=[SUNBOX] OS=[Unix] Server=[Samba 3.0.28a]

Server Comment
--------- -------
HUMAN Samba on SUN

Workgroup Master
--------- -------
SUNBOX

If you noticed, i had done the listing as root (sudo). I am not able to list the services as a normal user?
 
Old 07-27-2009, 08:35 PM   #4
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
You showed the permissions of /media and not /media/disk. Verify the "o" permissions on the /media/disk/ directory. A regular user needs permission to access the directory, as well as the share. If multiple users have write access, be sure to set the sticky bit.

I think you need to include the --workgroup=<domain> option when using smbclient. username%password could refer to a user from another domain, who happens to have the same username.

As root, look at "wbinfo -u" and "wbinfo -g" to verify that user and group credentials are correctly resolved. The Samba-doc package includes the Samba 3 Howto & Reference. It has similar shares setup. Use it as a guide in creating the directory being shared. They have an accounting group that can access a share, and have "valid users @accounts". You may want to see how the directory is created in the example case. It also has examples of using programs like wbinfo & smbclient as diagnostic tools.
 
Old 07-28-2009, 07:54 AM   #5
avinash.rao
Member
 
Registered: Jun 2008
Posts: 197

Original Poster
Rep: Reputation: 30
Cool

hi,

I had made sure the permission for "o" had write access!

I went through few log files and i am just pasting the last few lines of log.hostname file and infact this error is there in almost all the samba log files.

root@human:/var/log/samba# wbinfo -u
Error looking up domain users

root@human:/var/log/samba# wbinfo -g
Error looking up domain groups



[2009/07/28 08:12:53, 0] auth/auth_util.c:create_builtin_administrators(792)
create_builtin_administrators: Failed to create Administrators
[2009/07/28 08:12:53, 0] auth/auth_util.c:create_builtin_users(758)
create_builtin_users: Failed to create Users
[2009/07/28 08:12:53, 0] auth/auth_util.c:create_builtin_administrators(792)
create_builtin_administrators: Failed to create Administrators
[2009/07/28 08:12:53, 0] auth/auth_util.c:create_builtin_users(758)
create_builtin_users: Failed to create Users
[2009/07/28 08:13:07, 1] auth/auth_util.c:create_token_from_username(1116)
sid_to_uid for avi (S-1-5-21-3156505378-664576554-1206882953-3000) failed
[2009/07/28 08:13:24, 1] auth/auth_util.c:create_token_from_username(1116)
sid_to_uid for anand (S-1-5-21-3156505378-664576554-1206882953-3004) failed
[2009/07/28 08:16:26, 1] auth/auth_util.c:create_token_from_username(1116)
sid_to_uid for nimda (S-1-5-21-3156505378-664576554-1206882953-3002) failed


Thanks again
 
Old 07-30-2009, 03:57 AM   #6
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
Check "wbinfo --ping". Is winbind running?
 
Old 08-02-2009, 07:36 AM   #7
avinash.rao
Member
 
Registered: Jun 2008
Posts: 197

Original Poster
Rep: Reputation: 30
Hi,

I successfully tested this on a different machine and it works. But i am not able to create any file or directory, i even checked this from the GUI. I shared a folder called share in /.

The permissions of the /share folder
drwxrwxrwx 2 root root 4096 2009-08-02 17:46 /share

smb: \> md a.txt
NT_STATUS_MEDIA_WRITE_PROTECTED making remote directory \a.txt

wbinfo --ping
Ping to winbindd succeeded


Thanks
Avinash

Last edited by avinash.rao; 08-02-2009 at 07:37 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Allowing non-root to bind to ports < 1024? MWTJ Linux - Networking 8 08-12-2011 07:06 PM
selinux not allowing su to root vonedaddy Linux - Security 3 01-03-2008 05:39 PM
Allowing port access to non-root joosep Linux - Networking 1 08-05-2005 09:24 AM
Allowing root to use X indigojo_uk Linux - Distributions 3 12-19-2003 06:38 AM
Allowing non-root to use mounted partition Sir Gawain Linux - General 11 10-16-2003 04:19 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Ubuntu

All times are GMT -5. The time now is 10:40 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration