[Samba] Samba Shares With only Partial Access

Sun Apr 24 04:55:03 GMT 2005

On Saturday 23 April 2005 21:45, E Hines wrote:
> I set the Windows password for both ehines and ahines with "smbpasswd -a
> ehines" and "smbpasswd -a annlee" .  And I used the same password for
> smbpasswd as I used for passwd and for the respective Win2k boxes
> logins/passwords.  The usernames also are the same among passwd,
> smbpasswd, and the Win2k boxes.
>
> ehines owns /archive, and annlee and ehines own the ahines and ehines
> directories, respectively.  The permissions are as follows:
>
> drwsrws--x   4 ehines backups 4096 Apr 23 16:53 archive
> drwsrws--x   2 annlee backups 4096 Apr 23 17:54 ahines
> drwsrws--x   2 ehines backups 4096 Apr 23 17:34 ehines

OK. You have now reached the point where we need to dig deeper.

We must get access using 'smbclient' working first. So we up the debug level 
to see what is going on.

	smbclient //lserver1/files -Uehines%'password' -d 5

Capture the output and send to me please.

- John T.

>
> Thanks
>
> Eric Hines
>
> John H Terpstra wrote:
> >On Saturday 23 April 2005 20:57, you wrote:
> >>With the "valid users = %S" parameter removed, there is no effect on my
> >>accesses.  However, ahines, from her machine, now gets the incorrect
> >>login dialog when she tries to access the top level share: archive.
> >>Furthermore, I now can get directly into my shared directory (ehines)
> >>directly via the "files" share, as well as by burrowing down from
> >>"archive/ehines."  ahines still sees, though both "archive" and "files,"
> >>and I still see "archive on lserver1" at the top.
> >>
> >>Both users have read/write/sticky bit for user and group for their
> >>respective directories, and both users are in the same group (backups).
> >>Other has execute only.
> >>
> >>smbclient //lserver1/files -Uehines%password gives me
> >>NT_STATUS_LOGON_FAILURE. I get the same thing when I use root or ahines
> >>vice ehines.
> >
> >OK. Have you set the Windows password with?:
> >
> >	smbpasswd -a ehines
> >
> >In executing the smbclient command, did you use the password you entered
> > when the Windows user account was added to smbpasswd using this command?
> >
> >What is the ownership of the /archive directory? What are its permissions?
> >
> >- John T.
> >
> >>Thanks for your help.
> >>
> >>Eric Hines
> >>
> >>John H Terpstra wrote:
> >>>On Saturday 23 April 2005 18:50, E Hines wrote:
> >>>>I have a 2Win2k, 1Linux (server) LAN; the server is running FC3 and
> >>>>Samba 3.0.14a.  I am unable to get both users access to their
> >>>> individual shares.  Essentially, I'm working through the Accounting
> >>>> Office example (pgs 31-35) of John Terpstra's 2004 Samba-3 By Example,
> >>>> and I'm doing something foolish and wrong on a basic level.  I can get
> >>>> access to, and
> >>>
> >>>Let's find out what is wrong.
> >>>
> >>>>manipulate the files in, my share (ehines), but neither I, nor the
> >>>> other user, can get access to the other share (ahines).  That I cannot
> >>>> access the other share is correct by the example, but the other user
> >>>> just gets an Access Denied error when trying to access her share (the
> >>>> ahines share).
> >>>>
> >>>><snip>
> >>>
> >>>Try removing the "valid users = %S" parameter.
> >>>
> >>>Make certain that the respective users own their directories and have
> >>> read and write access to it.
> >>>
> >>>What happens when you try (from Linux)?:
> >>>
> >>>	smbclient //lserver1/files -Uehines%password
> >>>
> >>>- John T.
> >>
> >><snip>

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.