dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
660
share rss forum feed


Archivis
Your Daddy
Premium
join:2001-11-26
Earth
kudos:19

Samba Issue

I like Samba when it works, but I really hate Samba when it's being a bitch. I have a RHEL6 box that's running the latest version of Samba as available via YUM.

I'm having issues getting any shares to work at all.


[global]
security = share
guest account = nobody
map to guest = Bad User
username map = /etc/samba/smbusers

[varlog]
path = /var/log
public = yes
available = yes
read only = yes
[test]
path = /test
public = yes


This is my smb.conf file. My global stuff is really just me screwing around with no change in results.

I can access the machine via \\IP and see the varlog and test shares, but when I click on them, I get "Access is Denied" on the Windows side.

Logs have been no help. When I turn it up to log level 3, I see no errors, just shit about call_trans2qfilepathinfo.

I don't even care about security at this point. The /test directory is chmod 777. I've tried ownership via root, nobody, a user, it doesn't matter.

I can see the server, but can't hit any of the shares. I'm hitting a wall here and was wondering what the next step would be to troubleshoot this.

--
A government big enough to give you everything you want, is strong enough to take everything you have. -MLK



El Quintron
Resident Mouth Breather
Premium
join:2008-04-28
Etobicoke, ON
kudos:4
Reviews:
·TekSavvy Cable
·TekSavvy DSL

When I run into this at home, it usually lets me autheticate from Windows as the Linux machine owner, have you tried logging in with the user id and password of the Linux machine doing the sharing?

Other possiblity is that you may have to tweak the Windows machine trying to access the share. Which version of Windows is the client machine using?

I've only even had to troubleshoot this on Ubuntu with Windows machines on the same LAN... but this may be enough to get you going.
--
Support Bacteria -- It's the Only Culture Some People Have



Archivis
Your Daddy
Premium
join:2001-11-26
Earth
kudos:19

I have tried using a different username, including root, some other accounts, etc. I can see the server's shares when I type in \\I.P.Add.ress and look at it.

I'm coming from Windows Server 2008.
--
A government big enough to give you everything you want, is strong enough to take everything you have. -MLK



koitsu
Premium,MVM
join:2002-07-16
Mountain View, CA
kudos:23

1 recommendation

reply to Archivis

The problem with Samba is that most people seem to try to bang on gongs with it rather than actually reading about how it works and how to properly maintain it. It doesn't help that 90% of what's on the web is completely wrong either.

Your Samba logs should contain verbose details about what's going on. Please don't say "no they don't" -- you're either looking in the wrong spot or at the wrong log. For example on FreeBSD the logs are stored in /var/log/samba. There are multiple log files to look at (log.nmbd, log.smbd, log.xxx where xxx is usually a NetBIOS machine name or if you use the %i parameter in your log filename then it's the IP address of the connecting client, and sometimes in that case there's log.0.0.0.0).

I would say your issue stems from use of security = share and not security = user. I haven't seen the "share" model work for quite some time, mostly because machines doing authentication send along a password, while the "share" model doesn't require one.

Do not simply change security = share to security = user and expect everything to work. You will need to use pdbedit to add an actual Samba user whose Windows ("NT") username should match the UNIX username; the "NT username" field left blank means to correlate it with the UNIX username. When you add the account using pdbedit you'll be prompted for a password; this should be the same password the user enters when they log in to the system. Mismatched passwords will result in an authentication error. You should also ensure that passdb backend = tdbsam is set (that's what I use anyway), which is what pdbedit prefers.

You can verify the password is correct on the Samba server by doing smbclient --user windowsusername '\\ipaddressofsambaserver\sharename'. You'll be prompted for a password; enter it and if all is well you'll be given a smb: \> prompt, where you can do ls and so on.

If you want me to provide a working Samba smb.conf and step you through what all needs to be done, I can do so. My Samba configuration has migrated/worked since the early 3.x days and I understand fully what every parameter does/how things behave, ditto with the "performance tuning" aspects.

--
Making life hard for others since 1977.
I speak for myself and not my employer/affiliates of my employer.



Archivis
Your Daddy
Premium
join:2001-11-26
Earth
kudos:19

Let me ask you, if I have Domain Controllers to work off of and I can get their Unix names to be identical to their AD stuff, do you know how I can set that up?

I've gone through the documentation on it and I think I'm just burnt out on this.

I did also read that security = share hasn't worked for a while, but not until I spent several hours on it.
--
A government big enough to give you everything you want, is strong enough to take everything you have. -MLK



koitsu
Premium,MVM
join:2002-07-16
Mountain View, CA
kudos:23

said by Archivis:

Let me ask you, if I have Domain Controllers to work off of and I can get their Unix names to be identical to their AD stuff, do you know how I can set that up?

Sorry, nope. I'm a UNIX administrator by profession; Domain Controllers and Active Directory are a Windows/Microsoft thing, and (both sadly and thankfully :-) ) I have no experience with them. On the Samba end of things, all I know is that you should be running Samba 4.x if you want to do Active Directory.

said by Archivis:

I've gone through the documentation on it and I think I'm just burnt out on this.

Hearing you on FM -- the Samba docs are immense and are quite overwhelming. I can only read a "chapter" or large section before I have to take a break. SMB/CIFS is such a mess in this regard; classic bare-bones NFS seems so simple in comparison. Windows just does a lot of things very differently (and often not in a pleasurable way).

said by Archivis:

I did also read that security = share hasn't worked for a while, but not until I spent several hours on it.

Give security = user a shot along with adding proper users via pdbedit and see if things improve. If not I can provide my smb.conf and a sample user entry and le you give that a try.
--
Making life hard for others since 1977.
I speak for myself and not my employer/affiliates of my employer.

watice

join:2008-11-01
New York, NY
reply to Archivis

probably an obvious question/answer, but did you add samba users & aliases?



Archivis
Your Daddy
Premium
join:2001-11-26
Earth
kudos:19
reply to Archivis

I wanted to report back that I discovered that SELINUX was set to targeted and was causing issues. I knew Samba wasn't so complex and that's why I couldn't see anything in the logs. I shut that off (I don't need it for this server) and everything works just fine.

Thanks for the help.
--
A government big enough to give you everything you want, is strong enough to take everything you have. -MLK



rexbinary
Mod King
Premium
join:2005-01-26
Plano, TX
Reviews:
·Verizon FiOS

said by Archivis:

I wanted to report back that I discovered that SELINUX was set to targeted and was causing issues.

Drat. I was going to suggest that, but I was waiting to see how it went with the other troubleshooting suggested. Next time I'll suggest sooner!

If you get interested in re-enabling SELINUX, the common booleans needed are listed in the the top of /etc/samba/smb.conf
--
Verizon FiOS subscriber since 2005 | Mac owner since 1990 | Fedora user since 2006 | CentOS user since 2007 | "Anyone who is unwilling to learn is entitled to absolutely nothing." - graysonf | EDIT: I seldom post without an edit.