Hi all,
I'm fighting with samba on a new CentOS 5.1 install.
The goal here is to have unix/linux usernames/passwords used for the samba shares (which i'll setup using webmin, as I find it easy that way). At present, the home share and one for the company's public share are in place.
I can see the server, browsing from WinXP to \172.16.0.106, but permissions seem amiss. I should be able to read/write to a given share but it seems to be ro.
Any pointers or advice would be greatly appreciated.
My simple smb.conf file is here:
[global] netbios name = BACKUP socket options = TCP_NODELAY force directory mode = 777 unix password sync = yes workgroup = WORKGROUP force create mode = 777 os level = 20 encrypt passwords = yes security = share public = yes passdb backend = smbpasswd directory mode = 777
[homes] writeable = yes public = yes path = /home
[company data] comment = company data writeable = yes create mode = 775 path = /home/share1
Thanks in advance, -Ray
Ray Leventhal wrote:
Hi all,
I'm fighting with samba on a new CentOS 5.1 install.
The goal here is to have unix/linux usernames/passwords used for the samba shares (which i'll setup using webmin, as I find it easy that way). At present, the home share and one for the company's public share are in place.
# useradd ..... someuser # passwd someuser new: .... again: ... # smbpasswd -a someuser new: .... again: ....
the smbpasswd step is neccessary, because SMB/CIFS protocol uses a different hash than /etc/passwd & /etc/shadow, so samba keeps its own smbpasswd file.
John R Pierce wrote:
Ray Leventhal wrote:
Hi all,
I'm fighting with samba on a new CentOS 5.1 install.
The goal here is to have unix/linux usernames/passwords used for the samba shares (which i'll setup using webmin, as I find it easy that way). At present, the home share and one for the company's public share are in place.
# useradd ..... someuser # passwd someuser new: .... again: ... # smbpasswd -a someuser new: .... again: ....
the smbpasswd step is neccessary, because SMB/CIFS protocol uses a different hash than /etc/passwd & /etc/shadow, so samba keeps its own smbpasswd file.
Thanks, John
With the help of the fairly slick new webmin (this is a wholly offline network, so no security issues here), I was able to synchronize the unix users db with the smbpasswd db so that part's handled.
I managed to mangle my way though the very thorough, if ponderously long, how-to for configuring a stand-alone server and I think I'm well on my way :)
Next step is making sure sendmail/dovecot is configured for our little network. If nothing else, i'm sure learning a lot today!
Kind regards, -Ray
on 3-26-2008 6:55 AM Ray Leventhal spake the following:
Hi all,
I'm fighting with samba on a new CentOS 5.1 install.
The goal here is to have unix/linux usernames/passwords used for the samba shares (which i'll setup using webmin, as I find it easy that way). At present, the home share and one for the company's public share are in place.
I can see the server, browsing from WinXP to \172.16.0.106, but permissions seem amiss. I should be able to read/write to a given share but it seems to be ro.
Any pointers or advice would be greatly appreciated.
My simple smb.conf file is here:
[global] netbios name = BACKUP socket options = TCP_NODELAY force directory mode = 777 unix password sync = yes workgroup = WORKGROUP force create mode = 777 os level = 20 encrypt passwords = yes security = share public = yes passdb backend = smbpasswd directory mode = 777
[homes] writeable = yes public = yes path = /home
[company data] comment = company data writeable = yes create mode = 775 path = /home/share1
Thanks in advance, -Ray
If you are going to use smb passwords anyway, why set security to "share? You should set security to "user" and make sure you keep unix users and samba users synced. For public shares you can set a shared user and group, and make shared directories keep those perms.
On Wed, 2008-03-26 at 10:16 -0700, Scott Silva wrote:
on 3-26-2008 6:55 AM Ray Leventhal spake the following:
Hi all,
I'm fighting with samba on a new CentOS 5.1 install.
The goal here is to have unix/linux usernames/passwords used for the samba shares (which i'll setup using webmin, as I find it easy that way). At present, the home share and one for the company's public share are in place.
I can see the server, browsing from WinXP to \172.16.0.106, but permissions seem amiss. I should be able to read/write to a given share but it seems to be ro.
Any pointers or advice would be greatly appreciated.
My simple smb.conf file is here:
[global] netbios name = BACKUP socket options = TCP_NODELAY force directory mode = 777 unix password sync = yes workgroup = WORKGROUP force create mode = 777 os level = 20 encrypt passwords = yes security = share public = yes passdb backend = smbpasswd directory mode = 777
[homes] writeable = yes public = yes path = /home
[company data] comment = company data writeable = yes create mode = 775 path = /home/share1
Thanks in advance, -Ray
If you are going to use smb passwords anyway, why set security to "share? You should set security to "user" and make sure you keep unix users and samba users synced. For public shares you can set a shared user and group, and make shared directories keep those perms.
Not to highjack the thread but on to samba security (user and share mode) as I am having a problem with it. Can you link me to some sort of samba docs that fully explain user and share mode. Also why user mode will not work with some forms of authentication. See Link: http://www.centos.org/modules/newbb/viewtopic.php?viewmode=flat&topic_id...
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
on 3-26-2008 10:32 AM John spake the following:
On Wed, 2008-03-26 at 10:16 -0700, Scott Silva wrote:
on 3-26-2008 6:55 AM Ray Leventhal spake the following:
Hi all,
I'm fighting with samba on a new CentOS 5.1 install.
The goal here is to have unix/linux usernames/passwords used for the samba shares (which i'll setup using webmin, as I find it easy that way). At present, the home share and one for the company's public share are in place.
I can see the server, browsing from WinXP to \172.16.0.106, but permissions seem amiss. I should be able to read/write to a given share but it seems to be ro.
Any pointers or advice would be greatly appreciated.
My simple smb.conf file is here:
[global] netbios name = BACKUP socket options = TCP_NODELAY force directory mode = 777 unix password sync = yes workgroup = WORKGROUP force create mode = 777 os level = 20 encrypt passwords = yes security = share public = yes passdb backend = smbpasswd directory mode = 777
[homes] writeable = yes public = yes path = /home
[company data] comment = company data writeable = yes create mode = 775 path = /home/share1
Thanks in advance, -Ray
If you are going to use smb passwords anyway, why set security to "share? You should set security to "user" and make sure you keep unix users and samba users synced. For public shares you can set a shared user and group, and make shared directories keep those perms.
Not to highjack the thread but on to samba security (user and share mode) as I am having a problem with it. Can you link me to some sort of samba docs that fully explain user and share mode. Also why user mode will not work with some forms of authentication. See Link: http://www.centos.org/modules/newbb/viewtopic.php?viewmode=flat&topic_id...
Not to complain about hijacking threads (which is very irritating), but I think the link you have referenced is more a problem with the CIFS protocol and not samba security. Samba share mode is more for shares that you want everybody to have access to. Home directories, other shares, whatever you put on there gets shared like the new girl in the commune.
You can have user security, and still share all sorts of common directories with no restrictions.
The best docs are on the samba site, and although they are long and technical in places, they are still very good.
http://www.samba.org/samba/docs/using_samba/toc.html
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/
http://www.samba.org/samba/docs/man/Samba-Guide/
Scott Silva wrote:
Not to complain about hijacking threads (which is very irritating), but I think the link you have referenced is more a problem with the CIFS protocol and not samba security. Samba share mode is more for shares that you want everybody to have access to. Home directories, other shares, whatever you put on there gets shared like the new girl in the commune.
You can have user security, and still share all sorts of common directories with no restrictions.
But... In user (or server) modes you must authenticate the connection before any shares are even seen so you can't connect to two different shares on the same server with different credentials. So if you have anything 'public' you'll end up as a guest user.
In share mode, connections to different shares are made and authenticated separately and you don't have to authenticate at all to see the list of 'browsable' shares.
On Wednesday 26 March 2008 18:23:32 Scott Silva wrote:
on 3-26-2008 10:32 AM John spake the following:
On Wed, 2008-03-26 at 10:16 -0700, Scott Silva wrote:
on 3-26-2008 6:55 AM Ray Leventhal spake the following:
Hi all,
I'm fighting with samba on a new CentOS 5.1 install.
The goal here is to have unix/linux usernames/passwords used for the samba shares (which i'll setup using webmin, as I find it easy that way). At present, the home share and one for the company's public share are in place.
I can see the server, browsing from WinXP to \172.16.0.106, but permissions seem amiss. I should be able to read/write to a given share but it seems to be ro.
Any pointers or advice would be greatly appreciated.
My simple smb.conf file is here:
[global] netbios name = BACKUP socket options = TCP_NODELAY force directory mode = 777 unix password sync = yes workgroup = WORKGROUP force create mode = 777 os level = 20 encrypt passwords = yes security = share public = yes passdb backend = smbpasswd directory mode = 777
[homes] writeable = yes public = yes path = /home
[company data] comment = company data writeable = yes create mode = 775 path = /home/share1
Thanks in advance, -Ray
If you are going to use smb passwords anyway, why set security to "share? You should set security to "user" and make sure you keep unix users and samba users synced. For public shares you can set a shared user and group, and make shared directories keep those perms.
Not to highjack the thread but on to samba security (user and share mode) as I am having a problem with it. Can you link me to some sort of samba docs that fully explain user and share mode. Also why user mode will not work with some forms of authentication. See Link: http://www.centos.org/modules/newbb/viewtopic.php?viewmode=flat&topic_id... 13357&forum=39
Not to complain about hijacking threads (which is very irritating), but I think the link you have referenced is more a problem with the CIFS protocol and not samba security. Samba share mode is more for shares that you want everybody to have access to. Home directories, other shares, whatever you put on there gets shared like the new girl in the commune.
You can have user security, and still share all sorts of common directories with no restrictions.
The best docs are on the samba site, and although they are long and technical in places, they are still very good.
http://www.samba.org/samba/docs/using_samba/toc.html
Like John, I fought long and hard to get user share working. I read Eeverything I could, including buying Samba3 by Example. In the end I admitted defeat and went back to shares.
Anne
Anne Wilson wrote:
Like John, I fought long and hard to get user share working. I read Eeverything I could, including buying Samba3 by Example. In the end I admitted defeat and went back to shares.
If you really want a public share with no authentication at all, share mode is probably the best approach. If everyone that should have access is logged into a windows domain anyway, you can transparently accept this authentication and either keep their user id (as for a home directory share) or force it or their group id into something that gives common r/w access to a share. You can also do the latter with explicit logins against uses in the smbpasswd file.
-- Les Mikesell lesmikesell@gmail.com
On Wednesday 26 March 2008 18:59:41 Les Mikesell wrote:
Anne Wilson wrote:
Like John, I fought long and hard to get user share working. I read Eeverything I could, including buying Samba3 by Example. In the end I admitted defeat and went back to shares.
If you really want a public share with no authentication at all, share mode is probably the best approach. If everyone that should have access is logged into a windows domain anyway, you can transparently accept this authentication and either keep their user id (as for a home directory share) or force it or their group id into something that gives common r/w access to a share. You can also do the latter with explicit logins against uses in the smbpasswd file.
This is becoming a real hijack, which I didn't intend. However,
All users that are intended to be able to share have a user account on the samba server. All users have samba passwords matching their login passwords, whether in windows or linux. I couldn't even get their home directories to show using 'user' mode.
Anne
Anne Wilson wrote:
This is becoming a real hijack, which I didn't intend. However,
All users that are intended to be able to share have a user account on the samba server. All users have samba passwords matching their login passwords, whether in windows or linux. I couldn't even get their home directories to show using 'user' mode.
Anne
FWIW, Anne, I don't consider it a hijack at all, as my issues are definitely being addressed here too :)
I am in exactly the same boat as you are indicating. In 'share' mode, all is visible, in 'user' mode I can't seem to authenticate at all.
-Ray
On Wednesday 26 March 2008 19:20:22 Ray Leventhal wrote:
Anne Wilson wrote:
This is becoming a real hijack, which I didn't intend. However,
All users that are intended to be able to share have a user account on the samba server. All users have samba passwords matching their login passwords, whether in windows or linux. I couldn't even get their home directories to show using 'user' mode.
Anne
FWIW, Anne, I don't consider it a hijack at all, as my issues are definitely being addressed here too :)
Thank you for that. If we can all benefit it's definitely worth while.
I am in exactly the same boat as you are indicating. In 'share' mode, all is visible, in 'user' mode I can't seem to authenticate at all.
The infuriating thing is that I used to be able to use 'user' in an older version of samba. I've been using samba for about 5 years, and the problems have just grown during the last couple of years, but this one just will not go away.
Anne
On Wed, Mar 26, 2008 at 12:20 PM, Ray Leventhal centos@swhi.net wrote:
Anne Wilson wrote:
This is becoming a real hijack, which I didn't intend. However,
All users that are intended to be able to share have a user account on the samba server. All users have samba passwords matching their login passwords, whether in windows or linux. I couldn't even get their home directories to show using 'user' mode.
Anne
FWIW, Anne, I don't consider it a hijack at all, as my issues are definitely being addressed here too :)
I am in exactly the same boat as you are indicating. In 'share' mode, all is visible, in 'user' mode I can't seem to authenticate at all.
-Ray
On your Windows box, set up a user and password that match *exactly* what was entered for *samba* user/password. I can browse and connect to samba servers with security = user .
Akemi
On your Windows box, set up a user and password that match *exactly* what was entered for *samba* user/password. I can browse and connect to samba servers with security = user .
Akemi
Hi Akemi,
I've done that with my own un/pw on my WinXP machine as well as the new CentOS/Samba server. in 'user' security mode, I get prompted as described, re-feeding me the prompt with <SERVERNAME>/ray as the username over and over again. No joy there.
Thanks, -Ray
On Wed, Mar 26, 2008 at 12:42 PM, Ray Leventhal centos@swhi.net wrote:
On your Windows box, set up a user and password that match *exactly* what was entered for *samba* user/password. I can browse and connect to samba servers with security = user .
Akemi
Hi Akemi,
I've done that with my own un/pw on my WinXP machine as well as the new CentOS/Samba server. in 'user' security mode, I get prompted as described, re-feeding me the prompt with <SERVERNAME>/ray as the username over and over again. No joy there.
Thanks,
-Ray
Then try this: Open Windows Explorer -> Tools -> Map Network Drive -> Connect using a different user name.
This will prompt you to enter both username and password. If you still cannot connect this way, the problem is somewhere else.
Akemi
Then try this: Open Windows Explorer -> Tools -> Map Network Drive -> Connect using a different user name.
This will prompt you to enter both username and password. If you still cannot connect this way, the problem is somewhere else.
Akemi
Hi Akemi,
I tried your suggestion with the same results. Then, I checked the samba log which revealed this:
[2008/03/26 16:06:05, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users [2008/03/26 16:06:05, 0] auth/auth_util.c:create_builtin_administrators(792) create_builtin_administrators: Failed to create Administrators [2008/03/26 16:06:05, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users [2008/03/26 16:06:48, 0] auth/auth_util.c:create_builtin_administrators(792) create_builtin_administrators: Failed to create Administrators [2008/03/26 16:06:48, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users
Any thoughts?
On Wed, 2008-03-26 at 15:42 -0400, Ray Leventhal wrote:
On your Windows box, set up a user and password that match *exactly* what was entered for *samba* user/password. I can browse and connect to samba servers with security = user .
Akemi
Hi Akemi,
I've done that with my own un/pw on my WinXP machine as well as the new CentOS/Samba server. in 'user' security mode, I get prompted as described, re-feeding me the prompt with <SERVERNAME>/ray as the username over and over again. No joy there.
Thanks, -Ray
Ok, Ray and Anne Post me your Samba Version "rpm -q samba". Akemi has helped me with my samba problems but I can't get nowhere when I put "mode=user". Believe this or not I have never had this kind of problem with samba. I want to be able to authenticate by the logged on client machine, so it will automount the user share specified. I am really thinking of Back Portting to a later version of samba in the version 3 series. I even followed the How To Samba and used there user mode config file and got nowhere. Is something wrong with the cifs protocol? This is really agervatting.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Hi John,
Ok, Ray and Anne Post me your Samba Version "rpm -q samba". Akemi has helped me with my samba problems but I can't get nowhere when I put "mode=user". Believe this or not I have never had this kind of problem with samba. I want to be able to authenticate by the logged on client machine, so it will automount the user share specified. I am really thinking of Back Portting to a later version of samba in the version 3 series. I even followed the How To Samba and used there user mode config file and got nowhere. Is something wrong with the cifs protocol? This is really agervatting.
as requested:
# rpm -q samba samba-3.0.25b-1.el5_1.4
-Ray
On Wednesday 26 March 2008 20:17:39 Ray Leventhal wrote:
Hi John,
Ok, Ray and Anne Post me your Samba Version "rpm -q samba". Akemi has helped me with my samba problems but I can't get nowhere when I put "mode=user". Believe this or not I have never had this kind of problem with samba. I want to be able to authenticate by the logged on client machine, so it will automount the user share specified. I am really thinking of Back Portting to a later version of samba in the version 3 series. I even followed the How To Samba and used there user mode config file and got nowhere. Is something wrong with the cifs protocol? This is really agervatting.
as requested:
# rpm -q samba samba-3.0.25b-1.el5_1.4
samba-3.0.25b-1.el5_1.4
Anne
On Wednesday 26 March 2008 19:34:18 Akemi Yagi wrote:
On Wed, Mar 26, 2008 at 12:20 PM, Ray Leventhal centos@swhi.net wrote:
Anne Wilson wrote:
This is becoming a real hijack, which I didn't intend. However,
All users that are intended to be able to share have a user account on the samba server. All users have samba passwords matching their login passwords, whether in windows or linux. I couldn't even get their home directories to show using 'user' mode.
Anne
FWIW, Anne, I don't consider it a hijack at all, as my issues are definitely being addressed here too :)
I am in exactly the same boat as you are indicating. In 'share' mode, all is visible, in 'user' mode I can't seem to authenticate at all.
-Ray
On your Windows box, set up a user and password that match *exactly* what was entered for *samba* user/password. I can browse and connect to samba servers with security = user .
Akemi, they have always been the same.
As I said, in earlier version I could make it work. Lately I can't.
Anne
On Wed, Mar 26, 2008 at 12:44 PM, Anne Wilson cannewilson@googlemail.com wrote:
On your Windows box, set up a user and password that match *exactly* what was entered for *samba* user/password. I can browse and connect to samba servers with security = user .
Akemi, they have always been the same.
As I said, in earlier version I could make it work. Lately I can't.
Anne,
Do you know which version of samba that worked (or as of which version it stopped working) ?
Akemi
On Wed, 2008-03-26 at 13:13 -0700, Akemi Yagi wrote:
On Wed, Mar 26, 2008 at 12:44 PM, Anne Wilson cannewilson@googlemail.com wrote:
On your Windows box, set up a user and password that match *exactly* what was entered for *samba* user/password. I can browse and connect to samba servers with security = user .
Akemi, they have always been the same.
As I said, in earlier version I could make it work. Lately I can't.
Anne,
Do you know which version of samba that worked (or as of which version it stopped working) ?
Akemi _______________________________________________
Akemi, the last known version I know worked was v3 which was in cnetOS 4.4 - 4.5 I believe.
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Wednesday 26 March 2008 20:13:52 Akemi Yagi wrote:
On Wed, Mar 26, 2008 at 12:44 PM, Anne Wilson
cannewilson@googlemail.com wrote:
On your Windows box, set up a user and password that match *exactly* what was entered for *samba* user/password. I can browse and connect to samba servers with security = user .
Akemi, they have always been the same.
As I said, in earlier version I could make it work. Lately I can't.
Anne,
Do you know which version of samba that worked (or as of which version it stopped working) ?
In truth, no. I had problems when we changed from samba 2 tosamba 3, but eventually got everything working OK, but that's a good while ago. I must have done many updates during that time, I would think. I really don't remember when it stopped. To complicate matters, several workstations serve samba shares, so I'll have installed various versions at various times. Sorry.
Anne
Akemi Yagi wrote:
On Wed, Mar 26, 2008 at 12:20 PM, Ray Leventhal centos@swhi.net wrote:
Anne Wilson wrote:
This is becoming a real hijack, which I didn't intend. However,
All users that are intended to be able to share have a user account on the samba server. All users have samba passwords matching their login passwords, whether in windows or linux. I couldn't even get their home directories to show using 'user' mode.
Anne
FWIW, Anne, I don't consider it a hijack at all, as my issues are definitely being addressed here too :)
I am in exactly the same boat as you are indicating. In 'share' mode, all is visible, in 'user' mode I can't seem to authenticate at all.
-Ray
On your Windows box, set up a user and password that match *exactly* what was entered for *samba* user/password. I can browse and connect to samba servers with security = user .
But you probably don't have any shares marked as 'public' or 'guest OK'. In user mode these don't mix well with normal authentication.
On Wed, Mar 26, 2008 at 12:46 PM, Les Mikesell lesmikesell@gmail.com wrote:
On your Windows box, set up a user and password that match *exactly* what was entered for *samba* user/password. I can browse and connect to samba servers with security = user .
But you probably don't have any shares marked as 'public' or 'guest OK'. In user mode these don't mix well with normal authentication.
I've just created a new share with "public = yes". I am still able to browse and connect.
Akemi
Akemi Yagi wrote:
On Wed, Mar 26, 2008 at 12:46 PM, Les Mikesell lesmikesell@gmail.com wrote:
On your Windows box, set up a user and password that match *exactly* what was entered for *samba* user/password. I can browse and connect to samba servers with security = user .
But you probably don't have any shares marked as 'public' or 'guest OK'. In user mode these don't mix well with normal authentication.
I've just created a new share with "public = yes". I am still able to browse and connect.
But if you connect to the public share do you have the guest id so you can write there? This may also work differently if you aren't already logged into windows with a login/pasword that matches. You probably authenticate as the matching linux user without knowing it.
On Wednesday 26 March 2008 19:46:21 Les Mikesell wrote:
Akemi Yagi wrote:
On Wed, Mar 26, 2008 at 12:20 PM, Ray Leventhal centos@swhi.net wrote:
Anne Wilson wrote:
This is becoming a real hijack, which I didn't intend. However,
All users that are intended to be able to share have a user account on the samba server. All users have samba passwords matching their login passwords, whether in windows or linux. I couldn't even get their home directories to show using 'user' mode.
Anne
FWIW, Anne, I don't consider it a hijack at all, as my issues are definitely being addressed here too :)
I am in exactly the same boat as you are indicating. In 'share' mode, all is visible, in 'user' mode I can't seem to authenticate at all.
-Ray
On your Windows box, set up a user and password that match *exactly* what was entered for *samba* user/password. I can browse and connect to samba servers with security = user .
But you probably don't have any shares marked as 'public' or 'guest OK'. In user mode these don't mix well with normal authentication.
That could well be the problem. I have some shares that I want to restrict by owner/group, and others that are public to the whole LAN.
Anne
Anne Wilson wrote:
On Wednesday 26 March 2008 18:59:41 Les Mikesell wrote:
Anne Wilson wrote:
Like John, I fought long and hard to get user share working. I read Eeverything I could, including buying Samba3 by Example. In the end I admitted defeat and went back to shares.
If you really want a public share with no authentication at all, share mode is probably the best approach. If everyone that should have access is logged into a windows domain anyway, you can transparently accept this authentication and either keep their user id (as for a home directory share) or force it or their group id into something that gives common r/w access to a share. You can also do the latter with explicit logins against uses in the smbpasswd file.
This is becoming a real hijack, which I didn't intend. However,
All users that are intended to be able to share have a user account on the samba server. All users have samba passwords matching their login passwords, whether in windows or linux. I couldn't even get their home directories to show using 'user' mode.
If they are logged into a windows domain, they will send the domain credentials, like it or not - and you really want the windows login to match the linux name for home directories to work. If you set security = server and password server = your_domain_controller (which I think needs to be resolvable in dns after adding your search domains) everything should just be transparent.
On Wednesday 26 March 2008 19:40:04 Les Mikesell wrote:
Anne Wilson wrote:
On Wednesday 26 March 2008 18:59:41 Les Mikesell wrote:
Anne Wilson wrote:
Like John, I fought long and hard to get user share working. I read Eeverything I could, including buying Samba3 by Example. In the end I admitted defeat and went back to shares.
If you really want a public share with no authentication at all, share mode is probably the best approach. If everyone that should have access is logged into a windows domain anyway, you can transparently accept this authentication and either keep their user id (as for a home directory share) or force it or their group id into something that gives common r/w access to a share. You can also do the latter with explicit logins against uses in the smbpasswd file.
This is becoming a real hijack, which I didn't intend. However,
All users that are intended to be able to share have a user account on the samba server. All users have samba passwords matching their login passwords, whether in windows or linux. I couldn't even get their home directories to show using 'user' mode.
If they are logged into a windows domain, they will send the domain credentials, like it or not - and you really want the windows login to match the linux name for home directories to work. If you set security = server and password server = your_domain_controller (which I think needs to be resolvable in dns after adding your search domains) everything should just be transparent.
This doesn't really come into it. 99% of the time there are only linux boxes on the LAN. Samba is necessary for the odd times when a family windows laptop makes a temporary connection. There's certainly nothing like a windows domain to consider.
Anne
Anne Wilson wrote:
All users that are intended to be able to share have a user account on the samba server. All users have samba passwords matching their login passwords, whether in windows or linux. I couldn't even get their home directories to show using 'user' mode.
If they are logged into a windows domain, they will send the domain credentials, like it or not - and you really want the windows login to match the linux name for home directories to work. If you set security = server and password server = your_domain_controller (which I think needs to be resolvable in dns after adding your search domains) everything should just be transparent.
This doesn't really come into it. 99% of the time there are only linux boxes on the LAN. Samba is necessary for the odd times when a family windows laptop makes a temporary connection. There's certainly nothing like a windows domain to consider.
Samba could emulate one, but shouldn't have to. Do all of the windows login names match (case included) the linux names, and did you use smbpasswd -a to add all users on the samba side after creating their linux logins on the current server. I think the password storage format changed some time back so if you upgraded or copied the setup from an earlier Centos version the old copy might not work with the new configs.
On Wednesday 26 March 2008 21:36:44 Les Mikesell wrote:
Anne Wilson wrote:
All users that are intended to be able to share have a user account on the samba server. All users have samba passwords matching their login passwords, whether in windows or linux. I couldn't even get their home directories to show using 'user' mode.
If they are logged into a windows domain, they will send the domain credentials, like it or not - and you really want the windows login to match the linux name for home directories to work. If you set security = server and password server = your_domain_controller (which I think needs to be resolvable in dns after adding your search domains) everything should just be transparent.
This doesn't really come into it. 99% of the time there are only linux boxes on the LAN. Samba is necessary for the odd times when a family windows laptop makes a temporary connection. There's certainly nothing like a windows domain to consider.
Samba could emulate one, but shouldn't have to. Do all of the windows login names match (case included) the linux names,
Yes
and did you use smbpasswd -a to add all users on the samba side after creating their linux logins on the current server.
Yes
I think the password storage format changed some time back so if you upgraded or copied the setup from an earlier Centos version the old copy might not work with the new configs.
At first I used my old configs, but when I found that there were problems I deleted everything and started afresh. Everything on the main server (CentOS 5.1) is using the version of samba and smbpasswd supplied with CentOS 5.1.
As I said, I've used samba for years, so I knew the likely pitfalls re passwords.
Anne
on 3-26-2008 12:15 PM Anne Wilson spake the following:
On Wednesday 26 March 2008 18:59:41 Les Mikesell wrote:
Anne Wilson wrote:
Like John, I fought long and hard to get user share working. I read Everything I could, including buying Samba3 by Example. In the end I admitted defeat and went back to shares.
If you really want a public share with no authentication at all, share mode is probably the best approach. If everyone that should have access is logged into a windows domain anyway, you can transparently accept this authentication and either keep their user id (as for a home directory share) or force it or their group id into something that gives common r/w access to a share. You can also do the latter with explicit logins against uses in the smbpasswd file.
This is becoming a real hijack, which I didn't intend. However,
All users that are intended to be able to share have a user account on the samba server. All users have samba passwords matching their login passwords, whether in windows or linux. I couldn't even get their home directories to show using 'user' mode.
Anne
It is possible, because I am doing it. I have share=user and have home directories viewable by the user and the admin (me). I have various departmental shares that each department can access and no one else (but the admin -- again me). Even shares that aren't browsable, so no one even knows they are there if not given access. And I have several public shares, some read-write, some read only with install files and such. USers that try to access a share they have no permission to get the logon box, but it will never actually auth because their rights don't allow it.
It is possible, because I am doing it. I have share=user and have home directories viewable by the user and the admin (me). I have various departmental shares that each department can access and no one else (but the admin -- again me). Even shares that aren't browsable, so no one even knows they are there if not given access. And I have several public shares, some read-write, some read only with install files and such. USers that try to access a share they have no permission to get the logon box, but it will never actually auth because their rights don't allow it.
I have no doubt it's possible....might it be possible for you to post a sanitized version of your [globals] and one or two of the shares from the smb.conf file so that I can compare what's working for you with what's not working for me?
TIA, -Ray
on 3-26-2008 1:01 PM Ray Leventhal spake the following:
It is possible, because I am doing it. I have share=user and have home directories viewable by the user and the admin (me). I have various departmental shares that each department can access and no one else (but the admin -- again me). Even shares that aren't browsable, so no one even knows they are there if not given access. And I have several public shares, some read-write, some read only with install files and such. USers that try to access a share they have no permission to get the logon box, but it will never actually auth because their rights don't allow it.
I have no doubt it's possible....might it be possible for you to post a sanitized version of your [globals] and one or two of the shares from the smb.conf file so that I can compare what's working for you with what's not working for me?
TIA, -Ray
Some sanitized areas marked ***removed*** A server that will also do domain logins and roaming profiles;
[global] protocol = NT1 name resolve order = lmhosts, wins, bcast passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* idmap gid = ***removed*** admin users = ***removed*** lm announce = Yes lpq cache time = 600 remote browse sync = ***removed*** hosts allow = ***removed*** time server = Yes veto files = /lost+found/ level2 oplocks = yes passwd program = /usr/bin/passwd %u dns proxy = yes netbios name = SERVER printing = cups logon script = netlogin.bat idmap uid = ***removed*** veto oplock files = /*.xls/ remote announce = ***removed*** workgroup = ***removed*** os level = 129 security = user add machine script = /usr/sbin/useradd -d /dev/null -g machines -s /sbin/nologin -M %u delete user script = /usr/sbin/deluser %u dos filetimes = yes log file = /var/log/samba/smbd.log load printers = yes guest account = smbuser socket options = TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096 logon drive = Z: deadtime = 30 domain master = Yes interfaces = ***removed*** map to guest = Bad User encrypt passwords = yes winbind use default domain = no printer admin = ***removed*** passdb backend = tdbsam template shell = /bin/false wins support = true server string = ***removed*** path = /var/spool/samba unix password sync = yes logon path = \%N\profiles%U domain logons = Yes socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
Home share;
[homes] browseable = no comment = Home Directories writable = yes vfs objects = recycle recycle:repository = Recycle Bin recycle:versions = Yes recycle:keeptree = Yes recycle:exclude = *.tmp|*.temp|*.o|*.obj|~$*|*.~??|*.log|*.trace|*.TMP recycle:excludedir = /tmp|/temp|/cache recycle:noversions = *.doc|*.ppt|*.dat|*.ini
A public writable share;
[public] comment = public access directory path = /home/public admin users = ***removed*** read only = No guest ok = Yes vfs objects = recycle #recycle: config-file = /etc/samba/recycle.conf recycle:repository = Recycle Bin recycle:versions = Yes recycle:keeptree = Yes recycle:exclude = *.tmp|*.temp|*.o|*.obj|~$*|*.~??|*.log|*.trace|*.TMP recycle:excludedir = /tmp|/temp|/cache recycle:noversions = *.doc|*.ppt|*.dat|*.ini
A public read-only share writable by admin;
[install] comment = Home Directories path = /opt/updates admin users = ***removed*** write list = ***removed*** read only = No guest ok = Yes
A group departmental share only certain users allowed;
[Accounting] writeable = yes wide links = No path = /home/accounting force group = accounting force user = accounting valid users = ***removed*** vfs objects = recycle #recycle: config-file = /etc/samba/recycle.conf recycle:repository = Recycle Bin recycle:versions = Yes recycle:keeptree = Yes recycle:exclude = *.tmp|*.temp|*.o|*.obj|~$*|*.~??|*.log|*.trace|*.TMP recycle:excludedir = /tmp|/temp|/cache recycle:noversions = *.doc|*.ppt|*.dat|*.ini
On Wed, 2008-03-26 at 13:28 -0700, Scott Silva wrote:
on 3-26-2008 1:01 PM Ray Leventhal spake the following:
It is possible, because I am doing it. I have share=user and have home directories viewable by the user and the admin (me). I have various departmental shares that each department can access and no one else (but the admin -- again me). Even shares that aren't browsable, so no one even knows they are there if not given access. And I have several public shares, some read-write, some read only with install files and such. USers that try to access a share they have no permission to get the logon box, but it will never actually auth because their rights don't allow it.
I have no doubt it's possible....might it be possible for you to post a sanitized version of your [globals] and one or two of the shares from the smb.conf file so that I can compare what's working for you with what's not working for me?
TIA, -Ray
Some sanitized areas marked ***removed*** A server that will also do domain logins and roaming profiles;
[global] protocol = NT1 name resolve order = lmhosts, wins, bcast passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* idmap gid = ***removed*** admin users = ***removed*** lm announce = Yes lpq cache time = 600 remote browse sync = ***removed*** hosts allow = ***removed*** time server = Yes veto files = /lost+found/ level2 oplocks = yes passwd program = /usr/bin/passwd %u dns proxy = yes netbios name = SERVER printing = cups logon script = netlogin.bat idmap uid = ***removed*** veto oplock files = /*.xls/ remote announce = ***removed*** workgroup = ***removed*** os level = 129 security = user add machine script = /usr/sbin/useradd -d /dev/null -g machines -s /sbin/nologin -M %u delete user script = /usr/sbin/deluser %u dos filetimes = yes log file = /var/log/samba/smbd.log load printers = yes guest account = smbuser socket options = TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096 logon drive = Z: deadtime = 30 domain master = Yes interfaces = ***removed*** map to guest = Bad User encrypt passwords = yes winbind use default domain = no printer admin = ***removed*** passdb backend = tdbsam template shell = /bin/false wins support = true server string = ***removed*** path = /var/spool/samba unix password sync = yes logon path = \%N\profiles%U domain logons = Yes socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
Home share;
[homes] browseable = no comment = Home Directories writable = yes vfs objects = recycle recycle:repository = Recycle Bin recycle:versions = Yes recycle:keeptree = Yes recycle:exclude = *.tmp|*.temp|*.o|*.obj|~$*|*.~??|*.log|*.trace|*.TMP recycle:excludedir = /tmp|/temp|/cache recycle:noversions = *.doc|*.ppt|*.dat|*.ini
A public writable share;
[public] comment = public access directory path = /home/public admin users = ***removed*** read only = No guest ok = Yes vfs objects = recycle #recycle: config-file = /etc/samba/recycle.conf recycle:repository = Recycle Bin recycle:versions = Yes recycle:keeptree = Yes recycle:exclude = *.tmp|*.temp|*.o|*.obj|~$*|*.~??|*.log|*.trace|*.TMP recycle:excludedir = /tmp|/temp|/cache recycle:noversions = *.doc|*.ppt|*.dat|*.ini
A public read-only share writable by admin;
[install] comment = Home Directories path = /opt/updates admin users = ***removed*** write list = ***removed*** read only = No guest ok = Yes
A group departmental share only certain users allowed;
[Accounting] writeable = yes wide links = No path = /home/accounting force group = accounting force user = accounting valid users = ***removed*** vfs objects = recycle #recycle: config-file = /etc/samba/recycle.conf recycle:repository = Recycle Bin recycle:versions = Yes recycle:keeptree = Yes recycle:exclude = *.tmp|*.temp|*.o|*.obj|~$*|*.~??|*.log|*.trace|*.TMP recycle:excludedir = /tmp|/temp|/cache recycle:noversions = *.doc|*.ppt|*.dat|*.ini
Scott,
Thanks for posting the config file but comparing it to mine I see nothing wrong. I am going to do a clean install of the server and start over with Cent OS 5.1. It use to be a RHEL updated to centos maybe that's the reason for the problems???
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Wednesday 26 March 2008 20:50:46 John wrote:
Thanks for posting the config file but comparing it to mine I see nothing wrong. I am going to do a clean install of the server and start over with Cent OS 5.1. It use to be a RHEL updated to centos maybe that's the reason for the problems???
Nope - mine was a clean install. In the morning I'll do a compare with my settings, but I use a very simplified [global] as recommended for my situation in Samba 3 by Example, so many of those settings will not be there. With any luck I might find one that helps.
Anne
on 3-26-2008 2:22 PM Anne Wilson spake the following:
On Wednesday 26 March 2008 20:50:46 John wrote:
Thanks for posting the config file but comparing it to mine I see nothing wrong. I am going to do a clean install of the server and start over with Cent OS 5.1. It use to be a RHEL updated to centos maybe that's the reason for the problems???
Nope - mine was a clean install. In the morning I'll do a compare with my settings, but I use a very simplified [global] as recommended for my situation in Samba 3 by Example, so many of those settings will not be there. With any luck I might find one that helps.
Anne
Have you both made sure that your xp clients aren't using simple file sharing? That disables credential passing and instead passes guest with no password.
On Wednesday 26 March 2008 22:37:38 Scott Silva wrote:
on 3-26-2008 2:22 PM Anne Wilson spake the following:
On Wednesday 26 March 2008 20:50:46 John wrote:
Thanks for posting the config file but comparing it to mine I see nothing wrong. I am going to do a clean install of the server and start over with Cent OS 5.1. It use to be a RHEL updated to centos maybe that's the reason for the problems???
Nope - mine was a clean install. In the morning I'll do a compare with my settings, but I use a very simplified [global] as recommended for my situation in Samba 3 by Example, so many of those settings will not be there. With any luck I might find one that helps.
Anne
Have you both made sure that your xp clients aren't using simple file sharing? That disables credential passing and instead passes guest with no password.
I haven't even tried an XP connection since I installed CentOS, but I'll check that out when I do. Meanwhile, getting it to work correctly for the linux boxes is more important.
Anne
Anne Wilson wrote:
On Wednesday 26 March 2008 22:37:38 Scott Silva wrote:
on 3-26-2008 2:22 PM Anne Wilson spake the following:
On Wednesday 26 March 2008 20:50:46 John wrote:
Thanks for posting the config file but comparing it to mine I see nothing wrong. I am going to do a clean install of the server and start over with Cent OS 5.1. It use to be a RHEL updated to centos maybe that's the reason for the problems???
Nope - mine was a clean install. In the morning I'll do a compare with my settings, but I use a very simplified [global] as recommended for my situation in Samba 3 by Example, so many of those settings will not be there. With any luck I might find one that helps.
Anne
Have you both made sure that your xp clients aren't using simple file sharing? That disables credential passing and instead passes guest with no password.
So are you saying that one should disable simple file sharing in Windows?
Rudi Ahlers wrote on Thu, 27 Mar 2008 12:27:01 +0200:
So are you saying that one should disable simple file sharing in Windows?
Not "should", have to.
Kai
So are you saying that one should disable simple file sharing in Windows?
on 3-27-2008 8:38 AM Dennis McLeod spake the following:
So are you saying that one should disable simple file sharing in Windows?
Yes. If you are going to be using the windows logins for access you need to turn off simple file sharing. That is only used in a simple workgroup between only windows workstations. As a matter of fact, when you join an XP machine to a domain, it is automatically turned off.
Anne Wilson wrote on Thu, 27 Mar 2008 10:21:24 +0000:
I haven't even tried an XP connection since I installed CentOS, but I'll check that out when I do. Meanwhile, getting it to work correctly for the linux boxes is more important.
This is a diagnostic measure, and diagnostics is important for troubleshooting ;-)
Kai
on 3-27-2008 3:21 AM Anne Wilson spake the following:
On Wednesday 26 March 2008 22:37:38 Scott Silva wrote:
on 3-26-2008 2:22 PM Anne Wilson spake the following:
On Wednesday 26 March 2008 20:50:46 John wrote:
Thanks for posting the config file but comparing it to mine I see nothing wrong. I am going to do a clean install of the server and start over with Cent OS 5.1. It use to be a RHEL updated to centos maybe that's the reason for the problems???
Nope - mine was a clean install. In the morning I'll do a compare with my settings, but I use a very simplified [global] as recommended for my situation in Samba 3 by Example, so many of those settings will not be there. With any luck I might find one that helps.
Anne
Have you both made sure that your xp clients aren't using simple file sharing? That disables credential passing and instead passes guest with no password.
I haven't even tried an XP connection since I installed CentOS, but I'll check that out when I do. Meanwhile, getting it to work correctly for the linux boxes is more important.
Anne
Why use samba to share anything for linux boxes? You can share the same directory structure with nfs for the linux boxes and have much less trouble.
It seems like a kludge to use cifs to share between two linux boxes.
On Thursday 27 March 2008 15:58:32 Scott Silva wrote:
on 3-27-2008 3:21 AM Anne Wilson spake the following:
On Wednesday 26 March 2008 22:37:38 Scott Silva wrote:
on 3-26-2008 2:22 PM Anne Wilson spake the following:
On Wednesday 26 March 2008 20:50:46 John wrote:
Thanks for posting the config file but comparing it to mine I see nothing wrong. I am going to do a clean install of the server and start over with Cent OS 5.1. It use to be a RHEL updated to centos maybe that's the reason for the problems???
Nope - mine was a clean install. In the morning I'll do a compare with my settings, but I use a very simplified [global] as recommended for my situation in Samba 3 by Example, so many of those settings will not be there. With any luck I might find one that helps.
Anne
Have you both made sure that your xp clients aren't using simple file sharing? That disables credential passing and instead passes guest with no password.
I haven't even tried an XP connection since I installed CentOS, but I'll check that out when I do. Meanwhile, getting it to work correctly for the linux boxes is more important.
Anne
Why use samba to share anything for linux boxes? You can share the same directory structure with nfs for the linux boxes and have much less trouble.
It seems like a kludge to use cifs to share between two linux boxes.
Because I would have to do samba anyway, as windows laptops from other family members want to access from time to time. They always bring them to me if any configuration work or maintenance needs doing, and even to work on my LAN when their network is down for any reason. In particular, one directory that I samba share is a repository that my daughter and I both need access to, and its content changes fairly often. I didn't want to have to run two systems for sharing.
Anne
Anne Wilson wrote:
It seems like a kludge to use cifs to share between two linux boxes.
Because I would have to do samba anyway, as windows laptops from other family members want to access from time to time. They always bring them to me if any configuration work or maintenance needs doing, and even to work on my LAN when their network is down for any reason. In particular, one directory that I samba share is a repository that my daughter and I both need access to, and its content changes fairly often. I didn't want to have to run two systems for sharing.
You can do both fairly easily and transparently. The usual reason for not using NFS is that it isn't secure if client users have local root access (or can boot something that would) - but that probably doesn't matter for a home setup.
On Thursday 27 March 2008 17:01:13 Les Mikesell wrote:
Anne Wilson wrote:
It seems like a kludge to use cifs to share between two linux boxes.
Because I would have to do samba anyway, as windows laptops from other family members want to access from time to time. They always bring them to me if any configuration work or maintenance needs doing, and even to work on my LAN when their network is down for any reason. In particular, one directory that I samba share is a repository that my daughter and I both need access to, and its content changes fairly often. I didn't want to have to run two systems for sharing.
You can do both fairly easily and transparently. The usual reason for not using NFS is that it isn't secure if client users have local root access (or can boot something that would) - but that probably doesn't matter for a home setup.
I guess that when I've nothing more urgent to do I ought to read up on NFS.
Anne
on 3-27-2008 11:40 AM Anne Wilson spake the following:
On Thursday 27 March 2008 17:01:13 Les Mikesell wrote:
Anne Wilson wrote:
It seems like a kludge to use cifs to share between two linux boxes.
Because I would have to do samba anyway, as windows laptops from other family members want to access from time to time. They always bring them to me if any configuration work or maintenance needs doing, and even to work on my LAN when their network is down for any reason. In particular, one directory that I samba share is a repository that my daughter and I both need access to, and its content changes fairly often. I didn't want to have to run two systems for sharing.
You can do both fairly easily and transparently. The usual reason for not using NFS is that it isn't secure if client users have local root access (or can boot something that would) - but that probably doesn't matter for a home setup.
I guess that when I've nothing more urgent to do I ought to read up on NFS.
Anne
NFS will be much better for the linux to linux connections because it passes native system calls on the files instead of a protocol that is emulated and made to work.
On Thursday 27 March 2008 18:58:16 Scott Silva wrote:
on 3-27-2008 11:40 AM Anne Wilson spake the following:
On Thursday 27 March 2008 17:01:13 Les Mikesell wrote:
Anne Wilson wrote:
It seems like a kludge to use cifs to share between two linux boxes.
Because I would have to do samba anyway, as windows laptops from other family members want to access from time to time. They always bring them to me if any configuration work or maintenance needs doing, and even to work on my LAN when their network is down for any reason. In particular, one directory that I samba share is a repository that my daughter and I both need access to, and its content changes fairly often. I didn't want to have to run two systems for sharing.
You can do both fairly easily and transparently. The usual reason for not using NFS is that it isn't secure if client users have local root access (or can boot something that would) - but that probably doesn't matter for a home setup.
I guess that when I've nothing more urgent to do I ought to read up on NFS.
Anne
NFS will be much better for the linux to linux connections because it passes native system calls on the files instead of a protocol that is emulated and made to work.
OK - apart from man pages and general googling, any particular recommended reading?
Anne
Anne Wilson wrote:
On Thursday 27 March 2008 18:58:16 Scott Silva wrote:
on 3-27-2008 11:40 AM Anne Wilson spake the following:
On Thursday 27 March 2008 17:01:13 Les Mikesell wrote:
Anne Wilson wrote:
It seems like a kludge to use cifs to share between two linux boxes.
Because I would have to do samba anyway, as windows laptops from other family members want to access from time to time. They always bring them to me if any configuration work or maintenance needs doing, and even to work on my LAN when their network is down for any reason. In particular, one directory that I samba share is a repository that my daughter and I both need access to, and its content changes fairly often. I didn't want to have to run two systems for sharing.
You can do both fairly easily and transparently. The usual reason for not using NFS is that it isn't secure if client users have local root access (or can boot something that would) - but that probably doesn't matter for a home setup.
I guess that when I've nothing more urgent to do I ought to read up on NFS.
Anne
NFS will be much better for the linux to linux connections because it passes native system calls on the files instead of a protocol that is emulated and made to work.
OK - apart from man pages and general googling, any particular recommended reading?
It's not that complicated unless you want automounting. On the server, edit /etc/exports and add something like:
/home 192.168.0.0/255.255.255.0(rw,async,no_root_squash) (your client subnet, of course) and service nfs restart (or exportfs -a if it is already running)
and on the clients where you want the same /home mounted in /etc/fstab add: server_name:/home /home nfs exec,rw,bg,soft,intr 0 0 and 'mount -a'
You need to have consistent login name to uid mapping across machines and all the usual 'yum install nfs', chkconfig and service invocations apply for installing and managing it.
On Thursday 27 March 2008 19:35:57 Les Mikesell wrote:
Anne Wilson wrote:
On Thursday 27 March 2008 18:58:16 Scott Silva wrote:
on 3-27-2008 11:40 AM Anne Wilson spake the following:
On Thursday 27 March 2008 17:01:13 Les Mikesell wrote:
Anne Wilson wrote:
> It seems like a kludge to use cifs to share between two linux boxes.
Because I would have to do samba anyway, as windows laptops from other family members want to access from time to time. They always bring them to me if any configuration work or maintenance needs doing, and even to work on my LAN when their network is down for any reason. In particular, one directory that I samba share is a repository that my daughter and I both need access to, and its content changes fairly often. I didn't want to have to run two systems for sharing.
You can do both fairly easily and transparently. The usual reason for not using NFS is that it isn't secure if client users have local root access (or can boot something that would) - but that probably doesn't matter for a home setup.
I guess that when I've nothing more urgent to do I ought to read up on NFS.
Anne
NFS will be much better for the linux to linux connections because it passes native system calls on the files instead of a protocol that is emulated and made to work.
OK - apart from man pages and general googling, any particular recommended reading?
It's not that complicated unless you want automounting. On the server, edit /etc/exports and add something like:
/home 192.168.0.0/255.255.255.0(rw,async,no_root_squash) (your client subnet, of course) and service nfs restart (or exportfs -a if it is already running)
and on the clients where you want the same /home mounted in /etc/fstab add: server_name:/home /home nfs exec,rw,bg,soft,intr 0 0 and 'mount -a'
You need to have consistent login name to uid mapping across machines and all the usual 'yum install nfs', chkconfig and service invocations apply for installing and managing it.
With any luck I'll get some time tomorrow to take a look at that. Thanks
Anne
On Thu, 2008-03-27 at 19:09 +0000, Anne Wilson wrote:
OK - apart from man pages and general googling, any particular recommended reading?
Anne
The following link might be useful:
http://www.linuxtopia.org/online_books/rhel5/rhel5_administration/rhel5_ch-n...
Cheers, B.J. CentOS 5.0, Linux 2.6.18-53.1.14.el5 x86_64 16:33:59 up 4 days, 9:03, 0 users, load average: 0.31, 0.26, 0.14
Scott Silva wrote:
NFS will be much better for the linux to linux connections because it passes native system calls on the files instead of a protocol that is emulated and made to work.
also, the following significant difference in user semantics between SMB/CIFS and NFS.... in SMB, the client-initiated session authenticates as a user on the server.... in a multiuser windows system, each user would have his own session to a given server. This doesn't play very well in Unix environments where the file system mounts are global to all users.
in NFS, each file opened has user ID, group ID, so its more suitable for a multiuser environment on a single session. HOWEVER, its critical that all systems participating in NFS have the SAME user #s group #s, hence its often used in conjunction with NIS or another shared identity system.
On Thursday 27 March 2008 19:20:14 John R Pierce wrote:
Scott Silva wrote:
NFS will be much better for the linux to linux connections because it passes native system calls on the files instead of a protocol that is emulated and made to work.
also, the following significant difference in user semantics between SMB/CIFS and NFS.... in SMB, the client-initiated session authenticates as a user on the server.... in a multiuser windows system, each user would have his own session to a given server. This doesn't play very well in Unix environments where the file system mounts are global to all users.
in NFS, each file opened has user ID, group ID, so its more suitable for a multiuser environment on a single session. HOWEVER, its critical that all systems participating in NFS have the SAME user #s group #s, hence its often used in conjunction with NIS or another shared identity system.
That sounds as though I have to get my head around a whole new way of thinking!
Anne
On Wednesday 26 March 2008 20:28:09 Scott Silva wrote:
on 3-26-2008 1:01 PM Ray Leventhal spake the following:
It is possible, because I am doing it. I have share=user and have home directories viewable by the user and the admin (me). I have various departmental shares that each department can access and no one else (but the admin -- again me). Even shares that aren't browsable, so no one even knows they are there if not given access. And I have several public shares, some read-write, some read only with install files and such. USers that try to access a share they have no permission to get the logon box, but it will never actually auth because their rights don't allow it.
I have no doubt it's possible....might it be possible for you to post a sanitized version of your [globals] and one or two of the shares from the smb.conf file so that I can compare what's working for you with what's not working for me?
TIA, -Ray
Some sanitized areas marked ***removed*** A server that will also do domain logins and roaming profiles;
As I said, mine is a simple LAN. Here is the current version of [global] section and some of the shares. The 'domain master' line has never been in any of my older setups, but it was put in to cure the frequent battles to resolve masterships, mainly caused by family laptops that are not directly under my control.
[global]
workgroup = lydgate.lan server string = Samba Server Version %v netbios name = borg2 log file = /var/log/samba/%m.log hosts allow = 192.168.0. 127.0. acl compatibility = winnt wins support = yes local master = yes domain master = yes domain logons = no os level = 66 preferred master = yes load printers = yes printing = cups
#============================ Share Definitions ==============================
[homes] comment = Home Directories browseable = no read only = no case sensitive = no strict locking = no #msdf proxy = yes
[DATA2] path = /Data2 #read only = no writeable = yes public = yes
[DATA3] path = /Data3/ #read only = no writeable = yes valid users = anne gillian david
The commented lines are ones that have been tried in both states, as 'read only' and 'writeable' seem to be preferable depending on which version of samba is being used.
The security= line is no longer present (I gather from the advice I was given that the default is then 'user'). Home directories do not display.
I am able to mount both my home and the main data directory from fstab. using a credentials file.
Anne
On Thursday 27 March 2008 12:28, Anne Wilson wrote:
As I said, mine is a simple LAN.
I managed to get some time to come out to the server this afternoon. I have changed nothing other than adding back the line
security = user
On the client box in this same room I can see the shares, including my home directory. I'm flabbergasted! It most certainly did not work when I first set it up, and other than securing the domain master status I don't remember changing anything else!
Thanks to all for the sane discussion. I won't forget to check XP's settings next time I get a chance to.
Anne
Anne Wilson wrote:
As I said, mine is a simple LAN.
I managed to get some time to come out to the server this afternoon. I have changed nothing other than adding back the line
security = user
On the client box in this same room I can see the shares, including my home directory. I'm flabbergasted! It most certainly did not work when I first set it up, and other than securing the domain master status I don't remember changing anything else!
If you see only your own home directory (as you should) in the browse list, it means you have already authenticated the connection correctly.
On Thursday 27 March 2008 15:53:05 Les Mikesell wrote:
Anne Wilson wrote:
As I said, mine is a simple LAN.
I managed to get some time to come out to the server this afternoon. I have changed nothing other than adding back the line
security = user
On the client box in this same room I can see the shares, including my home directory. I'm flabbergasted! It most certainly did not work when I first set it up, and other than securing the domain master status I don't remember changing anything else!
If you see only your own home directory (as you should) in the browse list, it means you have already authenticated the connection correctly.
Yes, all is as it should be. I wish I knew why I could not get the home directories to display before. The other shares were never a problem. I *hate* mysteries.
Anne
On Thu, 2008-03-27 at 12:28 +0000, Anne Wilson wrote:
On Wednesday 26 March 2008 20:28:09 Scott Silva wrote:
on 3-26-2008 1:01 PM Ray Leventhal spake the following:
It is possible, because I am doing it. I have share=user and have home directories viewable by the user and the admin (me). I have various departmental shares that each department can access and no one else (but the admin -- again me). Even shares that aren't browsable, so no one even knows they are there if not given access. And I have several public shares, some read-write, some read only with install files and such. USers that try to access a share they have no permission to get the logon box, but it will never actually auth because their rights don't allow it.
I have no doubt it's possible....might it be possible for you to post a sanitized version of your [globals] and one or two of the shares from the smb.conf file so that I can compare what's working for you with what's not working for me?
TIA, -Ray
Some sanitized areas marked ***removed*** A server that will also do domain logins and roaming profiles;
As I said, mine is a simple LAN. Here is the current version of [global] section and some of the shares. The 'domain master' line has never been in any of my older setups, but it was put in to cure the frequent battles to resolve masterships, mainly caused by family laptops that are not directly under my control.
[global]
workgroup = lydgate.lan server string = Samba Server Version %v netbios name = borg2 log file = /var/log/samba/%m.log hosts allow = 192.168.0. 127.0. acl compatibility = winnt wins support = yes local master = yes domain master = yes domain logons = no os level = 66 preferred master = yes load printers = yes printing = cups
#============================ Share Definitions ==============================
[homes] comment = Home Directories browseable = no read only = no case sensitive = no strict locking = no #msdf proxy = yes
[DATA2] path = /Data2 #read only = no writeable = yes public = yes
[DATA3] path = /Data3/ #read only = no writeable = yes valid users = anne gillian david
The commented lines are ones that have been tried in both states, as 'read only' and 'writeable' seem to be preferable depending on which version of samba is being used.
The security= line is no longer present (I gather from the advice I was given that the default is then 'user'). Home directories do not display.
I am able to mount both my home and the main data directory from fstab. using a credentials file.
Anne
Anne, I think your directories are not visable because you do not have "browsable = yes" in the share setups section??? Try that?
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
on 3-27-2008 2:14 PM John spake the following:
On Thu, 2008-03-27 at 12:28 +0000, Anne Wilson wrote:
On Wednesday 26 March 2008 20:28:09 Scott Silva wrote:
on 3-26-2008 1:01 PM Ray Leventhal spake the following:
It is possible, because I am doing it. I have share=user and have home directories viewable by the user and the admin (me). I have various departmental shares that each department can access and no one else (but the admin -- again me). Even shares that aren't browsable, so no one even knows they are there if not given access. And I have several public shares, some read-write, some read only with install files and such. USers that try to access a share they have no permission to get the logon box, but it will never actually auth because their rights don't allow it.
I have no doubt it's possible....might it be possible for you to post a sanitized version of your [globals] and one or two of the shares from the smb.conf file so that I can compare what's working for you with what's not working for me?
TIA, -Ray
Some sanitized areas marked ***removed*** A server that will also do domain logins and roaming profiles;
As I said, mine is a simple LAN. Here is the current version of [global] section and some of the shares. The 'domain master' line has never been in any of my older setups, but it was put in to cure the frequent battles to resolve masterships, mainly caused by family laptops that are not directly under my control.
[global]
workgroup = lydgate.lan server string = Samba Server Version %v netbios name = borg2 log file = /var/log/samba/%m.log hosts allow = 192.168.0. 127.0. acl compatibility = winnt wins support = yes local master = yes domain master = yes domain logons = no os level = 66 preferred master = yes load printers = yes printing = cups
#============================ Share Definitions ==============================
[homes] comment = Home Directories browseable = no read only = no case sensitive = no strict locking = no #msdf proxy = yes
[DATA2] path = /Data2 #read only = no writeable = yes public = yes
[DATA3] path = /Data3/ #read only = no writeable = yes valid users = anne gillian david
The commented lines are ones that have been tried in both states, as 'read only' and 'writeable' seem to be preferable depending on which version of samba is being used.
The security= line is no longer present (I gather from the advice I was given that the default is then 'user'). Home directories do not display.
I am able to mount both my home and the main data directory from fstab. using a credentials file.
Anne
Anne, I think your directories are not visable because you do not have "browsable = yes" in the share setups section??? Try that?
If you set browsable to yes, then EVERYBODIES home directories show up. That is not usually what you want. If you want to share everything, just make one share and put everything under it.
On Thu, 2008-03-27 at 14:56 -0700, Scott Silva wrote:
Anne, I think your directories are not visable because you do not have "browsable = yes" in the share setups section??? Try that?
If you set browsable to yes, then EVERYBODIES home directories show up. That is not usually what you want. If you want to share everything, just make one share and put everything under it.
OK so when user mode is used your saying the directory is only viewable by the current user logged in and all of them is Viewable by root? Correct??
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
John wrote:
On Thu, 2008-03-27 at 14:56 -0700, Scott Silva wrote:
Anne, I think your directories are not visable because you do not have "browsable = yes" in the share setups section??? Try that?
If you set browsable to yes, then EVERYBODIES home directories show up. That is not usually what you want. If you want to share everything, just make one share and put everything under it.
OK so when user mode is used your saying the directory is only viewable by the current user logged in and all of them is Viewable by root? Correct??
In user mode you authenticate the connection before being allowed to browse anything so the system knows who you are first, and the home share is slightly magical in that users only can see their own home directory. Other shares may be configured as browsable or not but it is the same for everyone.
on 3-27-2008 3:07 PM John spake the following:
On Thu, 2008-03-27 at 14:56 -0700, Scott Silva wrote:
Anne, I think your directories are not visable because you do not have "browsable = yes" in the share setups section??? Try that?
If you set browsable to yes, then EVERYBODIES home directories show up. That is not usually what you want. If you want to share everything, just make one share and put everything under it.
OK so when user mode is used your saying the directory is only viewable by the current user logged in and all of them is Viewable by root? Correct??
No. Since the admin user should already know who is on the system, you can do a \servername\username and get into their shares. But that is another book of magic. Samba really has a different concept of root, and you have to map into the admin group in the samba world.
I know the books are long, but you really need to go through the basic chapters and examples in the samba-3 by example book (on line and free) at http://www.samba.org/samba/docs/man/Samba-Guide/index.html
Set up a test system and play with the configs. You can set up a virtual machine if you don't have extra stuff to play on. I still do it on my laptop sometimes (I have a fairly beefy laptop with 1.5 gigs of ram, so I can learn on my time).
On Wed, 2008-03-26 at 12:47 -0700, Scott Silva wrote:
on 3-26-2008 12:15 PM Anne Wilson spake the following:
On Wednesday 26 March 2008 18:59:41 Les Mikesell wrote:
Anne Wilson wrote:
Like John, I fought long and hard to get user share working. I read Everything I could, including buying Samba3 by Example. In the end I admitted defeat and went back to shares.
If you really want a public share with no authentication at all, share mode is probably the best approach. If everyone that should have access is logged into a windows domain anyway, you can transparently accept this authentication and either keep their user id (as for a home directory share) or force it or their group id into something that gives common r/w access to a share. You can also do the latter with explicit logins against uses in the smbpasswd file.
This is becoming a real hijack, which I didn't intend. However,
All users that are intended to be able to share have a user account on the samba server. All users have samba passwords matching their login passwords, whether in windows or linux. I couldn't even get their home directories to show using 'user' mode.
Anne
It is possible, because I am doing it. I have share=user and have home directories viewable by the user and the admin (me). I have various departmental shares that each department can access and no one else (but the admin -- again me). Even shares that aren't browsable, so no one even knows they are there if not given access. And I have several public shares, some read-write, some read only with install files and such. USers that try to access a share they have no permission to get the logon box, but it will never actually auth because their rights don't allow it.
Want to kindly post you Samba Version and config file please???
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Like John, I fought long and hard to get user share working. I read Eeverything I could, including buying Samba3 by Example. In the end I admitted defeat and went back to shares.
Anne
As the powers that be are starting to get very restless, I'm inclined to do that as well, but I'd really like to get this going properly with authentication by unix permissions.
I do appreciate all the replies and will keep at it.
Thanks again, all for what's been offered and, I hope, what's to come :)
-Ray
ok, virgin CentOS 4.6 w/ updates, was a minimal install. From the top...
# yum -y install samba samba-swat .....
# (edit /etc/xinetd.d/swat, put a # in front of disable=yes and only_from 127.0.0.1) # service xinetd reload
now, on any system with a webbrowser, visit http://hostname:901/ log on as root, with the root password
click on the 'wizard' button. click on the 'edit parameter values' button. enter your preferred workgroup name, leave realm blank, set security to USER, encrypt passwords YES, /IF/ you already use a WINS server for legacy reasons, enter its IP as 'wins server' but do NOT set 'wins support' on... now hit 'commit changes' click on the 'wizard' button again. check 'sand alone', and 'exposue home directories (*)yes;, click Commit.
this setup a very basic SMB.CONF w/ user home directories shared.
now, back at shell...
# chkconfig samba on # service samba start # useradd windowsuser && passwd windowsuser # only if they don't already have a 'nix account) (enter unix password, twice) # smbpasswd -a windowsuser (enter smb password, twice)
Now, and this is very important. On XP Professional, go to Control Panel -> Folder Options -> View, and scroll down the long list of options to the end, AND TURN *OFF* USE SIMPLE FILE SHARING (RECOMMENDED)
Oh. If you're using WIndows XP Home, forget it, you can't disable this, its too lobotomized, all network connections are as "Guest" or something lame. If you have Vista, I have no idea. If you have Win2000 Pro, you're good, it didn't have the messed up 'simple file sharing' nonsense.
Anyways, assuming all of the above, from the windows station, start -> run -> \linuxserver\username and voila, you should get your home directory in a window. if it prompts for user/pass, enter it as specified above. Don't freak if username gets changed into SERVERNAME\username, thats how windows distinguinshes between DOMAIN\user and LOCAL\user accounts.
John R Pierce wrote:
ok, virgin CentOS 4.6 w/ updates, was a minimal install. From the top...
# yum -y install samba samba-swat
<big snip>
Anyways, assuming all of the above, from the windows station, start -> run -> \linuxserver\username and voila, you should get your home directory in a window. if it prompts for user/pass, enter it as specified above. Don't freak if username gets changed into SERVERNAME\username, thats how windows distinguinshes between DOMAIN\user and LOCAL\user accounts.
John, thank you so much for the step by step. I'd done most of that but retraced my steps using your guide (for CentOS5.1) and found the issues one at a time. The first was, as many hinted at, the synchronization between unix un/pw and smbpasswd. I'd assumed that Webmin 1.4x was doing this correctly - it even stated it was 'the same' when comparing usernames/passwords, but when I redid my users by hand with the smbpasswd utility, all started to work. It's a small network, <20 users...so this wasn't a hardship and will be scripted in the future.
@Scott - man, your conf file saved me hours of time and thanks to it and your help all is working as expected.
@Ross - Great ideas about scripting and usage for on-the-fly home creation. I've read a lot on that and will likely be doing just that in the future.
@ Les - great help on share vs user and general info on samba terminology. Cut my learning curve deeply.
Kai, Akemi, Anne...thank you for the great thread input. Sharing this kind of stuff makes the whole thing so much more easily handled and insights from you all have been very helpful
To all - Not enough good things can be said about the project and this list. I've learned so much over the past few days - and while I know there's much more to learn, I can't wait to be able to contribute to this awesome community in the future.
Thanks again, -Ray
GOOD POINT about the "simple file sharing". I always forget to do this, and scratch my head until I remember. This was a SP2 feature, I think. I also turn off "Automatically search for network folders and printers." If some body shares a printer on their machine, I don't want someone else getting it installed (automatically) by XP, and then crying to me when the first person turns off their computer. D
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of John R Pierce Sent: Wednesday, March 26, 2008 4:49 PM To: CentOS mailing list Subject: Re: [CentOS] Re: new CentOS5.1, samba help requested
ok, virgin CentOS 4.6 w/ updates, was a minimal install. From the top...
# yum -y install samba samba-swat .....
# (edit /etc/xinetd.d/swat, put a # in front of disable=yes and only_from 127.0.0.1) # service xinetd reload
now, on any system with a webbrowser, visit http://hostname:901/ log on as root, with the root password
click on the 'wizard' button. click on the 'edit parameter values' button. enter your preferred workgroup name, leave realm blank, set security to USER, encrypt passwords YES, /IF/ you already use a WINS server for legacy reasons, enter its IP as 'wins server' but do NOT set 'wins support' on... now hit 'commit changes' click on the 'wizard' button again. check 'sand alone', and 'exposue home directories (*)yes;, click Commit.
this setup a very basic SMB.CONF w/ user home directories shared.
now, back at shell...
# chkconfig samba on # service samba start # useradd windowsuser && passwd windowsuser # only if they don't already have a 'nix account) (enter unix password, twice) # smbpasswd -a windowsuser (enter smb password, twice)
Now, and this is very important. On XP Professional, go to Control Panel -> Folder Options -> View, and scroll down the long list of options to the end, AND TURN *OFF* USE SIMPLE FILE SHARING (RECOMMENDED)
Oh. If you're using WIndows XP Home, forget it, you can't disable this, its too lobotomized, all network connections are as "Guest" or something lame. If you have Vista, I have no idea. If you have Win2000 Pro, you're good, it didn't have the messed up 'simple file sharing' nonsense.
Anyways, assuming all of the above, from the windows station, start -> run -> \linuxserver\username and voila, you should get your home directory in a window. if it prompts for user/pass, enter it as specified above. Don't freak if username gets changed into SERVERNAME\username, thats how windows distinguinshes between DOMAIN\user and LOCAL\user accounts.
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Scott Silva wrote:
I'm fighting with samba on a new CentOS 5.1 install.
The goal here is to have unix/linux usernames/passwords used for the samba shares (which i'll setup using webmin, as I find it easy that way). At present, the home share and one for the company's public share are in place.
I can see the server, browsing from WinXP to \172.16.0.106, but permissions seem amiss. I should be able to read/write to a given share but it seems to be ro.
Any pointers or advice would be greatly appreciated.
My simple smb.conf file is here:
[global] netbios name = BACKUP socket options = TCP_NODELAY force directory mode = 777 unix password sync = yes workgroup = WORKGROUP force create mode = 777 os level = 20 encrypt passwords = yes security = share public = yes passdb backend = smbpasswd directory mode = 777
[homes] writeable = yes public = yes path = /home
[company data] comment = company data writeable = yes create mode = 775 path = /home/share1
Thanks in advance, -Ray
If you are going to use smb passwords anyway, why set security to "share? You should set security to "user" and make sure you keep unix users and samba users synced. For public shares you can set a shared user and group, and make shared directories keep those perms.
The problem is that all these shares are set as 'public' so you'll connect as a guest user - which I don't see defined - and unless the unix file system is writable by the guest you'll only have read access.
With user level security you can't connect to different shares as different users, so if you remove the 'public' from the home section (as you probably should) and let people connect as themselves, they will have to also connect as themselves to the public shares.
Les Mikesell wrote:
Scott Silva wrote:
I'm fighting with samba on a new CentOS 5.1 install.
<big snip>
Thanks in advance, -Ray
If you are going to use smb passwords anyway, why set security to "share? You should set security to "user" and make sure you keep unix users and samba users synced. For public shares you can set a shared user and group, and make shared directories keep those perms.
The problem is that all these shares are set as 'public' so you'll connect as a guest user - which I don't see defined - and unless the unix file system is writable by the guest you'll only have read access.
With user level security you can't connect to different shares as different users, so if you remove the 'public' from the home section (as you probably should) and let people connect as themselves, they will have to also connect as themselves to the public shares.
That's the clearest explaination I've sen on that subject, Les. Thank you very much!
<snip>
With user level security you can't connect to different shares as different users, so if you remove the 'public' from the home section (as you probably should) and let people connect as themselves, they will have to also connect as themselves to the public shares.
And now that I"ve done that, I can't seem to use the samba shares at all. Trying to browse to \172.16.0.106 (the samba server), after having logged in to my local workstation, I get the dreaded Windows login box into which I type my un/pw. It pops back with <MACHINENAME>/ray and a blank password for me to try and re-authenticate.
Any thoughts on this?
-Ray
Ray Leventhal wrote:
With user level security you can't connect to different shares as different users, so if you remove the 'public' from the home section (as you probably should) and let people connect as themselves, they will have to also connect as themselves to the public shares.
And now that I"ve done that, I can't seem to use the samba shares at all. Trying to browse to \172.16.0.106 (the samba server), after having logged in to my local workstation, I get the dreaded Windows login box into which I type my un/pw. It pops back with <MACHINENAME>/ray and a blank password for me to try and re-authenticate.
Any thoughts on this?
Normally you have to add the users yourself with their passwords since the encryption is different than the linux passwd file uses and it can only be done when you still have the plaintext. smbpasswd -a login_name But didn't you say you used webmin with this enabled?
If the users are already in a windows domain you can just use security = server and password server = your_domain_controller.
By the way, if you are setting up a new box from scratch just to serve windows users you might like SME server (http://www.contribs.org). It is based on Centos but all administration is through a simple web interface.
Les Mikesell wrote:
Ray Leventhal wrote:
Normally you have to add the users yourself with their passwords since the encryption is different than the linux passwd file uses and it can only be done when you still have the plaintext. smbpasswd -a login_name But didn't you say you used webmin with this enabled?
yes, I did and have verified that users are already there and 'the same' in webmin terms.
If the users are already in a windows domain you can just use security = server and password server = your_domain_controller.
I am not using a PDC in the network, only clients on WinXP and the Cent OS machine.
By the way, if you are setting up a new box from scratch just to serve windows users you might like SME server (http://www.contribs.org). It is based on Centos but all administration is through a simple web interface.
As Cent is already built, I'm inclined to keep it.
Any idea why I can't seem to browse in anything other than 'share' mode? The user mode keeps popping up an authentication box for which there seems not to be a correct answer...meaning I re-auth, but I keep getting the box, with <MACHINE>/ prepended to my username.
Thanks, -Ray
on 3-26-2008 12:11 PM Ray Leventhal spake the following:
Les Mikesell wrote:
Ray Leventhal wrote:
Normally you have to add the users yourself with their passwords since the encryption is different than the linux passwd file uses and it can only be done when you still have the plaintext. smbpasswd -a login_name But didn't you say you used webmin with this enabled?
yes, I did and have verified that users are already there and 'the same' in webmin terms.
If the users are already in a windows domain you can just use security = server and password server = your_domain_controller.
I am not using a PDC in the network, only clients on WinXP and the Cent OS machine.
By the way, if you are setting up a new box from scratch just to serve windows users you might like SME server (http://www.contribs.org). It is based on Centos but all administration is through a simple web interface.
As Cent is already built, I'm inclined to keep it.
Any idea why I can't seem to browse in anything other than 'share' mode? The user mode keeps popping up an authentication box for which there seems not to be a correct answer...meaning I re-auth, but I keep getting the box, with <MACHINE>/ prepended to my username.
Thanks, -Ray
DO the user credentials on the windows boxes match the credentials on the samba box? Did you turn off simple filesharing on the XP machines?
DO the user credentials on the windows boxes match the credentials on the samba box? Did you turn off simple filesharing on the XP machines?
in an effort to prove that at least my creds match, I dropped from root to my regular user status in shell and did smbpasswd
this is what happened:
Old SMB password: New SMB password: Retype new SMB password: Could not connect to machine 127.0.0.1: NT_STATUS_LOGON_FAILURE Failed to change password for ray
Ray Leventhal wrote:
DO the user credentials on the windows boxes match the credentials on the samba box? Did you turn off simple filesharing on the XP machines?
in an effort to prove that at least my creds match, I dropped from root to my regular user status in shell and did smbpasswd
this is what happened:
Old SMB password: New SMB password: Retype new SMB password: Could not connect to machine 127.0.0.1: NT_STATUS_LOGON_FAILURE Failed to change password for ray
Partially solved:
having used webmin to sync, I was trusting it. I changed my local password, then changed my password on the centos box, then changed my smbpasswd manually and I'm a little father down the path than I was
Thank you all for the help thus far. I will continue to work on this and will (I'm certain) have additional questions :)
-Ray
Ray Leventhal wrote:
Ray Leventhal wrote:
DO the user credentials on the windows boxes match the credentials on the samba box? Did you turn off simple filesharing on the XP machines?
in an effort to prove that at least my creds match, I dropped from root to my regular user status in shell and did smbpasswd
this is what happened:
Old SMB password: New SMB password: Retype new SMB password: Could not connect to machine 127.0.0.1: NT_STATUS_LOGON_FAILURE Failed to change password for ray
Partially solved:
having used webmin to sync, I was trusting it. I changed my local password, then changed my password on the centos box, then changed my smbpasswd manually and I'm a little father down the path than I was
Thank you all for the help thus far. I will continue to work on this and will (I'm certain) have additional questions :)
Ray,
On these type of setups it may just pay having samba auto-create users on the system upon first-connect.
add user script (G) This is the full pathname to a script that will be run AS ROOT by smbd(8) under special circumstances described below.
Normally, a Samba server requires that UNIX users are created for all users accessing files on this server. For sites that use Windows NT account databases as their primary user database creating these users and keeping the user list in sync with the Windows NT PDC is an onerous task. This option allows smbd to create the required UNIX users ON DEMAND when a user accesses the Samba server.
In order to use this option, smbd(8) must NOT be set to security = share and add user script must be set to a full pathname for a script that will create a UNIX user given one argument of %u, which expands into the UNIX user name to create.
When the Windows user attempts to access the Samba server, at login (session setup in the SMB protocol) time, smbd(8) contacts the pass- word server and attempts to authenticate the given user with the given password. If the authentication succeeds then smbd attempts to find a UNIX user in the UNIX password database to map the Windows user into. If this lookup fails, and add user script is set then smbd will call the specified script AS ROOT, expanding any %u argu- ment to be the user name to create.
If this script successfully creates the user then smbd will continue on as though the UNIX user already existed. In this way, UNIX users are dynamically created to match existing Windows NT accounts.
See also security, password server, delete user script.
Default: add user script =
Example: add user script = /usr/local/samba/bin/add_user %u
Remember to add 'pam_mkhomedir' (check man page) to system-auth to have user home directories also auto-created and away you go. It will set the smbpassword to the password used upon first-connect. If you want users to have a shell account on the server, set pam_smb to authenticate against itself.
-Ross
-Ross
______________________________________________________________________ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof.
Ray Leventhal wrote on Wed, 26 Mar 2008 15:11:26 -0400:
Any idea why I can't seem to browse in anything other than 'share' mode? The user mode keeps popping up an authentication box for which there seems not to be a correct answer...meaning I re-auth, but I keep getting the box, with <MACHINE>/ prepended to my username.
If I understand correctly you want to connect from a Windows box to an smb share on a CentOS machine? Did you already try to verify that everything is correctly setup on the server-side? The basic incantation for mounting an smb share is: mount -t cifs -o username=$username,password=$password,rw $share $mountdir
where $share is the complete UNC path to the server: //machinename/sharename
I think this should also work if you target machine is the same as the source machine, but if you have another Linux machine it might be better to try it from there.
As for the Windows side: did you check that access to authenticated shares works between the Windows machines in general? One thing to keep in mind with Windows XP sharing and user authentication is that Windows XP uses so-called "simple filesharing" by default. If you want to have user authentication for the samba shares you have to disable that "simple" filesharing (folder options, view, advanced, last option there!).
Kai
Ray Leventhal wrote:
By the way, if you are setting up a new box from scratch just to serve windows users you might like SME server (http://www.contribs.org). It is based on Centos but all administration is through a simple web interface.
As Cent is already built, I'm inclined to keep it.
SME server takes a few minutes to install - just a few questions about IP settings, etc. and the rest is adding users in the web interface. (The down side is if you want it to do something that wasn't planned, you have to fight the scripted configs - but it will do a lot as-is.).
Any idea why I can't seem to browse in anything other than 'share' mode? The user mode keeps popping up an authentication box for which there seems not to be a correct answer...meaning I re-auth, but I keep getting the box, with <MACHINE>/ prepended to my username.
The problem is that authentication is failing and you have to authenticate before you can even see shares in user mode. Is there anything in /var/log/samba about why authentication is failing?
You had passdb backend = smbpasswd but I thought the current default is passdb backend = tdbsam
I don't know if it matters, though. I'd expect smbpasswd -a to complain if it has trouble adding a user.
Scott Silva wrote:
on 3-26-2008 6:55 AM Ray Leventhal spake the following:
Hi all,
I'm fighting with samba on a new CentOS 5.1 install.
The goal here is to have unix/linux usernames/passwords used for the samba shares (which i'll setup using webmin, as I find it easy that way). At present, the home share and one for the company's public share are in place.
I can see the server, browsing from WinXP to \172.16.0.106, but permissions seem amiss. I should be able to read/write to a given share but it seems to be ro.
Any pointers or advice would be greatly appreciated.
<snip>
Thanks in advance, -Ray
If you are going to use smb passwords anyway, why set security to "share? You should set security to "user" and make sure you keep unix users and samba users synced. For public shares you can set a shared user and group, and make shared directories keep those perms.
Thank you, Scott. I'd actually done that a little while ago but hadn't returned to the list since then. Your point is well taken and also well documented (at least when I got to that part :)
Kind regards, -Ray
yet more from my samba saga. Making the change from security=share to security=user has resulted in my aforementioned login prompt box from Windows.
I noted, while doing a 'service smb restart', that this turns up in /var/log/messages:
Mar 26 14:28:29 backup nmbd[7989]: [2008/03/26 14:28:29, 0] nmbd/nmbd.c:terminate(58) Mar 26 14:28:29 backup nmbd[7989]: Got SIGTERM: going down...
Any thoughts? Google turned up a slew of stuff, but all of it was unfamiliar.
TIA -Ray
on 3-26-2008 11:31 AM Ray Leventhal spake the following:
yet more from my samba saga. Making the change from security=share to security=user has resulted in my aforementioned login prompt box from Windows.
I noted, while doing a 'service smb restart', that this turns up in /var/log/messages:
Mar 26 14:28:29 backup nmbd[7989]: [2008/03/26 14:28:29, 0] nmbd/nmbd.c:terminate(58) Mar 26 14:28:29 backup nmbd[7989]: Got SIGTERM: going down...
Any thoughts? Google turned up a slew of stuff, but all of it was unfamiliar.
TIA -Ray
Since you are using webmin, do the usernames show up under the "edit samba users and passwords?
Scott Silva wrote:
on 3-26-2008 11:31 AM Ray Leventhal spake the following:
yet more from my samba saga. Making the change from security=share to security=user has resulted in my aforementioned login prompt box from Windows.
I noted, while doing a 'service smb restart', that this turns up in /var/log/messages:
Mar 26 14:28:29 backup nmbd[7989]: [2008/03/26 14:28:29, 0] nmbd/nmbd.c:terminate(58) Mar 26 14:28:29 backup nmbd[7989]: Got SIGTERM: going down...
Any thoughts? Google turned up a slew of stuff, but all of it was unfamiliar.
TIA -Ray
Since you are using webmin, do the usernames show up under the "edit samba users and passwords?
Yes they do...and when I use webmin to 'synchronize', they're all listed as 'already the same' -R
-
Akemi Yagi -
Anne Wilson -
B.J. McClure -
Dennis McLeod -
John -
John R Pierce -
Kai Schaetzl -
Les Mikesell -
Ray Leventhal -
Ross S. W. Walker -
Rudi Ahlers -
Scott Silva