[Samba] How do users access shares?
Rob Campbell
robcampbell08105 at gmail.com
Wed Nov 10 01:10:37 UTC 2021
Nevermind to all of that. Apparently samba stopped. I restarted it and
everything is fine.
I still don't understand how permissions can be controlled via AD when I
have to mount it with specific credentials.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In all things, Be Intentional.
On Tue, Nov 9, 2021 at 3:43 PM Rob Campbell <robcampbell08105 at gmail.com>
wrote:
> My photo editing software won't recognize the network share if it's not
> mounted (darktable).
>
>
> I have samba ad dc and on a different member I have a file server.
>
> Domain Controller = Debian 11 (DC01)
> Domain Member (File Server) = Fedora 34 (FS01)
> Domain Member (Workstation) = Fedora 34 (F01)
>
> Here are the mount points (F01)
>
> /multimedia/Photos
> /multimedia/Movies
> /multimedia/Music
> /multimedia/Videos
>
> smb.conf (FS01)
>
> # Global parameters
> [global]
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
> realm = HOME.TEST-SERVER.LAN
> security = ADS
> template homedir = /home/HOME/%U
> template shell = /bin/bash
> username map = /etc/samba/user.map
> winbind refresh tickets = Yes
> winbind use default domain = Yes
> workgroup = HOME
> idmap config * : range = 10000-24999999
> idmap config * : backend = autorid
> map acl inherit = Yes
> vfs objects = acl_xattr
>
>
> [homes]
> browseable = No
> comment = Home Directories
> read only = No
> valid users = %S
>
>
> [printers]
> browseable = No
> comment = All Printers
> path = /var/spool/samba
> printable = Yes
>
>
> [Photos]
> comment = Photos
> inherit acls = Yes
> path = /multimedia/Photos
> read list = "@HOME\Domain Users"
> read only = No
> valid users = "@HOME\Media Admins" @HOME\Photographers
> write list = @HOME\Photographers
>
>
> [Videos]
> comment = Videos
> inherit acls = Yes
> path = /multimedia/Videos
> read only = No
> valid users = "@HOME\Video Users"
>
>
> [Movies]
> comment = Videos
> inherit acls = Yes
> path = /multimedia/Movies
> read only = No
> valid users = "@HOME\Domain Users"
>
>
> [Music]
> comment = Videos
> inherit acls = Yes
> path = /multimedia/Music
> read only = No
> valid users = "@HOME\Domain Users"
>
>
> [seagate]
> comment = Videos
> inherit acls = Yes
> path = /media/seagate
> read only = No
> valid users = "@HOME\Domain Users"
>
>
> [Backup]
> comment = Backup
> inherit acls = Yes
> path = /media/Seagate_1
> read only = No
> valid users = "@HOME\Domain Users"
>
> gio mount smb://fs01/photos (F01)
>
> gio: smb://fs01/photos/: Failed to mount Windows share: Permission denied
>
> tail /var/log/messages (F01)
>
> Nov 9 15:29:33 FS01 smbd[799696]: [2021/11/09 15:29:33.316583, 0] ../../source3/smbd/service.c:167(chdir_current_service)
> Nov 9 15:29:33 FS01 smbd[799696]: chdir_current_service: vfs_ChDir(/multimedia/Photos) failed: Permission denied. Current token: uid=211104, gid=210513, 8 groups: 211104 210513 211112 211113 109999 109990 109982 10001
>
> Above worked at one time but no longer working
>
> sudo mount -vvv -t cifs //fs01/photos /multimedia/Photos/ -o
> credentials=/root/.smb (F01)
>
> domain=FS01
> mount.cifs kernel mount options: ip=10.0.0.10,unc=\\fs01\photos,user=redhat,domain=FS01,pass=********
> mount error(13): Permission denied
> Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)
>
> dmesg (F01)
>
> [ 7092.213424] CIFS: Attempting to mount \\fs01\photos
> [ 7092.222559] CIFS: Status code returned 0xc000006d STATUS_LOGON_FAILURE
> [ 7092.222564] CIFS: VFS: \\fs01 Send error in SessSetup = -13
> [ 7092.222571] CIFS: VFS: cifs_mount failed w/return code = -13
>
> How do I mount these so that access is controlled by Samba where I would
> just need to update the smb.conf with groups to control access?
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> In all things, Be Intentional.
>
>
> On Tue, Nov 9, 2021 at 11:25 AM Robert Marcano via samba <
> samba at lists.samba.org> wrote:
>
>> On 11/9/21 9:21 AM, Rob Campbell wrote:
>> > What I would want is for all users to have a mnt directory in their
>> home
>> > that these shares would mount to. So user 'tester' would have
>> > /home/tester/mnt/Photos /home/tester/mnt/Videos
>> /home/tester/mnt/Music.
>> > I guess I could create a standard mount point like /mnt/Photos
>> > /mnt/Videos /mnt/Music but then, how do I restrict access to what the
>> > share says @HOME\"Media Users"? And how do I do I give write access to
>> > only @HOME\"Media Admins"?
>> >
>> > I used gio mount smb://fs01/Photos and that created the share in
>> > Nautilus but I can't use my programs with that. I tried the symlink ln
>> > -s /run/user/2002/gvfs/smb-share\:server\=fs01\,share\=Photos but that
>> > symlink didn't work at all.
>> >
>>
>> Please provide more details about "I can't use my programs with that"
>> and "symlink didn't work at all" because here any program can use files
>> on the mounted directory at /run/user/<uid>/gvfs and even the a link
>> testing it here.
>>
>> What will not happen is the link to automount, you will always need to
>> do the gio mount thing, Maybe from a login script.
>>
>> The idea of these FUSE based tools is for the drives to be mounted on
>> demand. The problem start with programs that don't use the current
>> desktop way of mounting things, so they don't know how to show these
>> mounted directories on their Load/Save dialogs. So I get why you want
>> some kind of way to have a known directory inside the user home for
>> these files.
>>
>> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> > In all things, Be Intentional.
>> >
>> >
>> > On Mon, Nov 8, 2021 at 11:57 PM Robert Marcano via samba
>> > <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote:
>> >
>> > I forgot to add that if you only want one simple mount, to a fixed
>> > directory but restricted, so not everyone could read or write to
>> it, you
>> > can still indicate which user, group, file mode bits, etc, the
>> > mounted file
>> > appear so you can control who can access them.
>> >
>> > The options from mount.cifs works for the mount command directly or
>> > to be
>> > set on fstab.
>> >
>> > On Mon, Nov 8, 2021, 9:02 PM Robert Marcano
>> > <robert at marcanoonline.com <mailto:robert at marcanoonline.com>>
>> > wrote:
>> >
>> > >
>> > >
>> > > On Mon, Nov 8, 2021, 7:02 PM Rob Campbell
>> > <robcampbell08105 at gmail.com <mailto:robcampbell08105 at gmail.com>>
>> > > wrote:
>> > >
>> > >> Thanks Robert. I have tried that but it requires root or sudo.
>> > OR chmod
>> > >> u+s /bin/mount /bin/umount /usr/sbin/mount.cifs. But then it
>> > requires I
>> > >> put it in /etc/fstab. If I do that, it will mount for all
>> > users, right?
>> > >> That's not what I want.
>> > >>
>> > >
>> > > If you want users to be able to mount a share, specially if you
>> > want the
>> > > target directory to be private to each user, you probably will
>> > need to
>> > > check how desktop environments do it for their file managers. I
>> > can only
>> > > talk about GNOME that it is what I use every day.
>> > >
>> > > When you use a file manager like GNOME Files (Nautilus) to access
>> > a smb
>> > > share with a the smb URL scheme (smb://hostname/share), it mounts
>> > a FUSE
>> > > filesystem (file system in userspace) that access the share via a
>> > process
>> > > that uses Samba client libraries.
>> > >
>> > > Maybe you could use gnome-mount or the newer "gio mount", or you
>> > can use
>> > > desktop agnostic FUSE filesystems like smbnetfs or fusesmb.
>> > >
>> > >
>> > >
>> > >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> > >> In all things, Be Intentional.
>> > >>
>> > >>
>> > >> On Mon, Nov 8, 2021 at 3:08 PM Robert Marcano via samba <
>> > >> samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote:
>> > >>
>> > >>> On 11/8/21 11:40 AM, Rob Campbell via samba wrote:
>> > >>> > I am able to smbclient //host/share -U redhat -c 'ls' and
>> > view the
>> > >>> files
>> > >>> > but how do I mount that [as a user]? All links I find say I
>> > need to
>> > >>> put it
>> > >>> > in /etc/fstab. If I do that, won't everyone have access? I
>> > don't want
>> > >>> > that. You know how you would 'net use' to map in Windows, is
>> > this not
>> > >>> > possible in Linux?
>> > >>> >
>> > >>>
>> > >>> Whe you mount a share on Linux, you are using another client
>> > that is
>> > >>> part of the kernel, not smbclient that is a user space
>> > implementation.
>> > >>>
>> > >>> Try
>> > >>>
>> > >>> mount -t cifs -o username=redhat //host/share /mnt/target_dir
>> > >>>
>> > >>> You will need to have installed the mount.cifs utility. Read
>> > the manual
>> > >>> page of that command if you want to automate more parameters
>> > like the
>> > >>> password.
>> > >>>
>> > >>>
>> > >>> --
>> > >>> To unsubscribe from this list go to the following URL and read
>> the
>> > >>> instructions: https://lists.samba.org/mailman/options/samba
>> > <https://lists.samba.org/mailman/options/samba>
>> > >>>
>> > >>
>> > --
>> > To unsubscribe from this list go to the following URL and read the
>> > instructions: https://lists.samba.org/mailman/options/samba
>> > <https://lists.samba.org/mailman/options/samba>
>> >
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>
More information about the samba
mailing list