[Samba] Acess from windows to share get closed..
kissg
mail.gery at gmail.com
Wed Jul 23 08:54:26 GMT 2008
Alright, let's try to change "encrypt passwords = Yes". As far as I know,
Samba will ignore PAM authentication, if this setting is turned on and most
Windows clients require this setting.
If it doesn't help, you could also try to create a new guest account and
enter its name to the "guest account = <username>" parameter. Maybe that
way PAM will not reject the authentication request when connecting.
Regards
Gergely Kiss
2008/7/23 Tito <server at figfort.pt>:
> Sorry.. Before posting did a chek and thought it would solve the problem,
> but it diden't..
>
> Here is the smb.conf
>
> # This is the main Samba configuration file. You should read the
> # smb.conf(5) manual page in order to understand the options listed
> # here. Samba has a huge number of configurable options (perhaps too
> # many!) most of which are not shown in this example
> #
> # For a step to step guide on installing, configuring and using samba,
> # read the Samba-HOWTO-Collection. This may be obtained from:
> # http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
> #
> # Many working examples of smb.conf files can be found in the
> # Samba-Guide which is generated daily and can be downloaded from:
> # http://www.samba.org/samba/docs/Samba-Guide.pdf
> #
> # Any line which starts with a ; (semi-colon) or a # (hash)
> # is a comment and is ignored. In this example we will use a #
> # for commentry and a ; for parts of the config file that you
> # may wish to enable
> #
> # NOTE: Whenever you modify this file you should run the command "testparm"
> # to check that you have not made any basic syntactic errors.
> #
> #---------------
> # SELINUX NOTES:
> #
> # If you want to use the useradd/groupadd family of binaries please run:
> # setsebool -P samba_domain_controller on
> #
> # If you want to share home directories via samba please run:
> # setsebool -P samba_enable_home_dirs on
> #
> # If you create a new directory you want to share you should mark it as
> # "samba-share_t" so that selinux will let you write into it.
> # Make sure not to do that on system directories as they may already have
> # been marked with othe SELinux labels.
> #
> # Use ls -ldZ /path to see which context a directory has
> #
> # Set labels only on directories you created!
> # To set a label use the following: chcon -t samba_share_t /path
> #
> # If you need to share a system created directory you can use one of the
> # following (read-only/read-write):
> # setsebool -P samba_export_all_ro on
> # or
> # setsebool -P samba_export_all_rw on
> #
> # If you want to run scripts (preexec/root prexec/print command/...) please
> # put them into the /var/lib/samba/scripts directory so that smbd will be
> # allowed to run them.
> # Make sure you COPY them and not MOVE them so that the right SELinux
> context
> # is applied, to check all is ok use restorecon -R -v
> /var/lib/samba/scripts
> #
> #--------------
> #
> #======================= Global Settings
> =====================================
>
> [global]
>
> # ----------------------- Netwrok Related Options -------------------------
> #
> # workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
> #
> # server string is the equivalent of the NT Description field
> #
> # netbios name can be used to specify a server name not tied to the
> hostname
> #
> # Interfaces lets you configure Samba to use multiple interfaces
> # If you have multiple network interfaces then you can list the ones
> # you want to listen on (never omit localhost)
> #
> # Hosts Allow/Hosts Deny lets you restrict who can connect, and you can
> # specifiy it as a per share option as well
> #
> workgroup = novafigfort
> server string = Samba Server %v
>
> ; netbios name = MYSERVER
>
> ; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
> ; hosts allow = 127. 192.168.12. 192.168.13.
>
> # --------------------------- Logging Options -----------------------------
> #
> # Log File let you specify where to put logs and how to split them up.
> #
> # Max Log Size let you specify the max size log files should reach
>
> # logs split per machine
> log file = /F/ASCII/samba/log.%m
> # max 50KB per log file, then rotate
> max log size = 50
>
> # ----------------------- Standalone Server Options
> ------------------------
> #
> # Scurity can be set to user, share(deprecated) or server(deprecated)
> #
> # Backend to store user information in. New installations should
> # use either tdbsam or ldapsam. smbpasswd is available for backwards
> # compatibility. tdbsam requires no further configuration.
>
> security = share
> passdb backend = tdbsam
>
>
> # ----------------------- Domain Members Options ------------------------
> #
> # Security must be set to domain or ads
> #
> # Use the realm option only with security = ads
> # Specifies the Active Directory realm the host is part of
> #
> # Backend to store user information in. New installations should
> # use either tdbsam or ldapsam. smbpasswd is available for backwards
> # compatibility. tdbsam requires no further configuration.
> #
> # Use password server option only with security = server or if you can't
> # use the DNS to locate Domain Controllers
> # The argument list may include:
> # password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
> # or to auto-locate the domain controller/s
> # password server = *
>
>
> ; realm = MY_REALM
>
> ; password server = <NT-Server-Name>
>
>
> ; This socket options really speed up Samba under Linux, according to my
> ************** PARA TESTAR
> ; own tests.
> ; socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096
> SO_RCVBUF=4096
>
> # ----------------------- Domain Controller Options
> ------------------------
> #
> # Security must be set to user for domain controllers
> #
> # Backend to store user information in. New installations should
> # use either tdbsam or ldapsam. smbpasswd is available for backwards
> # compatibility. tdbsam requires no further configuration.
> #
> # Domain Master specifies Samba to be the Domain Master Browser. This
> # allows Samba to collate browse lists between subnets. Don't use this
> # if you already have a Windows NT domain controller doing this job
> #
> # Domain Logons let Samba be a domain logon server for Windows
> workstations.
> #
> # Logon Scrpit let yuou specify a script to be run at login time on the
> client
> # You need to provide it in a share called NETLOGON
> #
> # Logon Path let you specify where user profiles are stored (UNC path)
> #
> # Various scripts can be used on a domain controller or stand-alone
> # machine to add or delete corresponding unix accounts
> #
>
> ; domain master = yes
> ; domain logons = yes
>
> # the login script name depends on the machine name
> ; logon script = %m.bat
> # the login script name depends on the unix user used
> ; logon script = %u.bat
> ; logon path = \\%L\Profiles\%u
> # disables profiles support by specifing an empty path
> ; logon path =
>
> ; add user script = /usr/sbin/useradd "%u" -n -g users
> ; add group script = /usr/sbin/groupadd "%g"
> ; add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d
> /nohome -s /bin/false "%u"
> ; delete user script = /usr/sbin/userdel "%u"
> ; delete user from group script = /usr/sbin/userdel "%u" "%g"
> ; delete group script = /usr/sbin/groupdel "%g"
>
>
> # ----------------------- Browser Control Options
> ----------------------------
> #
> # set local master to no if you don't want Samba to become a master
> # browser on your network. Otherwise the normal election rules apply
> #
> # OS Level determines the precedence of this server in master browser
> # elections. The default value should be reasonable
> #
> # Preferred Master causes Samba to force a local browser election on
> startup
> # and gives it a slightly higher chance of winning the election
> ; local master = no
> ; os level = 33
> ; preferred master = yes
>
> #----------------------------- Name Resolution
> -------------------------------
> # Windows Internet Name Serving Support Section:
> # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
> #
> # - WINS Support: Tells the NMBD component of Samba to enable it's WINS
> Server
> #
> # - WINS Server: Tells the NMBD components of Samba to be a WINS Client
> #
> # - WINS Proxy: Tells Samba to answer name resolution queries on
> # behalf of a non WINS capable client, for this to work there must be
> # at least one WINS Server on the network. The default is NO.
> #
> # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
> # via DNS nslookups.
>
> ; wins support = yes
> ; wins server = w.x.y.z
> ; wins proxy = yes
>
> ; dns proxy = yes
>
> # --------------------------- Printing Options
> -----------------------------
> #
> # Load Printers let you load automatically the list of printers rather
> # than setting them up individually
> #
> # Cups Options let you pass the cups libs custom options, setting it to raw
> # for example will let you use drivers on your Windows clients
> #
> # Printcap Name let you specify an alternative printcap file
> #
> # You can choose a non default printing system using the Printing option
>
> ; load printers = yes
> cups options = raw
>
> ; printcap name = /etc/printcap
> #obtain list of printers automatically on SystemV
> ; printcap name = lpstat
> ; printing = cups
>
> # --------------------------- Filesystem Options
> ---------------------------
> #
> # The following options can be uncommented if the filesystem supports
> # Extended Attributes and they are enabled (usually by the mount option
> # user_xattr). Thess options will let the admin store the DOS attributes
> # in an EA and make samba not mess with the permission bits.
> #
> # Note: these options can also be set just per share, setting them in
> global
> # makes them the default for all shares
>
> ; map archive = no
> ; map hidden = no
> ; map read only = no
> ; map system = no
> encrypt passwords = no
> obey pam restrictions = no
> guest ok = yes
> guest account = nobody
> ; store dos attributes = yes
>
>
> #============================ Share Definitions
> ==============================
>
> [homes]
> comment = Home Directories
> browseable = no
> writable = yes
> ; valid users = %S
> ; valid users = MYDOMAIN\%S
>
> [printers]
> comment = All Printers
> path = /var/spool/samba
> browseable = yes
> guest ok = yes
> writable = yes
> printable = yes
>
> # Un-comment the following and create the netlogon directory for Domain
> Logons
> ; [netlogon]
> ; comment = Network Logon Service
> ; path = /var/lib/samba/netlogon
> ; guest ok = yes
> ; writable = no
> ; share modes = no
>
>
> # Un-comment the following to provide a specific roving profile share
> # the default is to use the user's home directory
> ; [Profiles]
> ; path = /var/lib/samba/profiles
> ; browseable = no
> ; guest ok = yes
>
>
> # A publicly accessible directory, but read only, except for people in
> # the "staff" group
> ; [public]
> ; comment = Public Stuff
> ; path = /home/samba
> ; public = yes
> ; writable = yes
> ; printable = no
> ; write list = +staff
>
> [F]
> comment = Server Linux
> path = /F
> writeable = yes
> ; browseable = yes
> guest ok = yes
> oplocks = yes
> level2 oplocks = no
>
> ----- Original Message ----- *From:* kissg <mail.gery at gmail.com>
> *To:* Tito <server at figfort.pt>
> *Cc:* samba at lists.samba.org
> *Sent:* Tuesday, July 22, 2008 6:45 PM
> *Subject:* Re: [Samba] Acess from windows to share get closed..
>
> It's because PAM rejects user "nobody". Adding the following line to the
> [global] section of /etc/samba/smb.conf should help:
>
> obey pam restrictions = No
>
> Try it, and see what happens. By the way, it's always a good idea to attach
> your config files if you experience problems. It's much easier to help, if
> we can see how your configuration looks like.
>
> Regards
> Gergely Kiss
>
> 2008/7/22 Tito <server at figfort.pt>:
>
>> I'm using FC8 Server with Samba 3.0.30-fc8 and have an erratic problem
>> assecing the share.
>> I have a Share that every one can acess and I use the nobody user to
>> acess everithing without any problem, and from time to time when user
>> tries to acess a file the share gets closed, than we have to resart the
>> machine and it goes wel again.
>>
>> the log for one user is below
>>
>> why does it closes the conection? and what can be done ?
>>
>> [2008/07/16 17:41:22, 1] smbd/service.c:close_cnum(1230)
>> carlap (192.168.6.114) closed connection to service HPArma
>> [2008/07/16 17:41:22, 1] smbd/service.c:close_cnum(1230)
>> carlap (192.168.6.114) closed connection to service F
>> [2008/07/17 07:48:34, 1] smbd/service.c:make_connection_snum(1033)
>> carlap (192.168.6.114) connect to service HPArma initially as user
>> nobody (uid=99, gid=99) (pid 6337)
>> [2008/07/17 07:48:36, 0] auth/pampass.c:smb_pam_passcheck(809)
>> smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User nobody !
>> [2008/07/17 07:48:36, 1] smbd/service.c:make_connection_snum(1033)
>> carlap (192.168.6.114) connect to service F initially as user nobody
>> (uid=99, gid=99) (pid 6337)
>> [2008/07/17 07:48:38, 0] auth/pampass.c:smb_pam_passcheck(809)
>> smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User nobody !
>> [2008/07/17 09:51:49, 1] smbd/service.c:close_cnum(1230)
>> carlap (192.168.6.114) closed connection to service F
>> [2008/07/17 09:51:49, 1] smbd/service.c:close_cnum(1230)
>> carlap (192.168.6.114) closed connection to service HPArma
>> [2008/07/17 09:55:09, 1] smbd/service.c:make_connection_snum(1033)
>> carlap (192.168.6.114) connect to service HPArma initially as user
>> nobody (uid=99, gid=99) (pid 6660)
>> [2008/07/17 09:55:11, 0] auth/pampass.c:smb_pam_passcheck(809)
>> smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User nobody !
>> [2008/07/17 09:55:11, 1] smbd/service.c:make_connection_snum(1033)
>> carlap (192.168.6.114) connect to service F initially as user nobody
>> (uid=99, gid=99) (pid 6660)
>> [2008/07/17 09:55:13, 0] auth/pampass.c:smb_pam_passcheck(809)
>> smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User nobody !
>> [2008/07/17 14:19:39, 1] smbd/service.c:close_cnum(1230)
>> carlap (192.168.6.114) closed connection to service F
>> [2008/07/17 14:19:39, 1] smbd/service.c:close_cnum(1230)
>> carlap (192.168.6.114) closed connection to service HPArma
>> [2008/07/17 14:26:26, 1] smbd/service.c:make_connection_snum(1033)
>> carlap (192.168.6.114) connect to service HPArma initially as user
>> nobody (uid=99, gid=99) (pid 7199)
>> [2008/07/17 14:26:28, 0] auth/pampass.c:smb_pam_passcheck(809)
>> smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User nobody !
>> [2008/07/17 14:26:28, 1] smbd/service.c:make_connection_snum(1033)
>> carlap (192.168.6.114) connect to service F initially as user nobody
>> (uid=99, gid=99) (pid 7199)
>> [2008/07/17 14:26:30, 0] auth/pampass.c:smb_pam_passcheck(809)
>> smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User nobody !
>> [2008/07/17 16:46:04, 1] smbd/service.c:close_cnum(1230)
>> carlap (192.168.6.114) closed connection to service HPArma
>> [2008/07/17 16:46:04, 1] smbd/service.c:close_cnum(1230)
>> carlap (192.168.6.114) closed connection to service F
>> [2008/07/18 07:39:38, 1] smbd/service.c:make_connection_snum(1033)
>> carlap (192.168.6.114) connect to service HPArma initially as user
>> nobody (uid=99, gid=99) (pid 10523)
>> [2008/07/18 07:39:44, 0] auth/pampass.c:smb_pam_passcheck(809)
>> smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User nobody !
>> [2008/07/18 07:39:44, 1] smbd/service.c:make_connection_snum(1033)
>> carlap (192.168.6.114) connect to service F initially as user nobody
>> (uid=99, gid=99) (pid 10523)
>> [2008/07/18 07:39:46, 0] auth/pampass.c:smb_pam_passcheck(809)
>> smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User nobody !
>> [2008/07/18 17:00:48, 1] smbd/service.c:close_cnum(1230)
>> carlap (192.168.6.114) closed connection to service HPArma
>> [2008/07/18 17:00:48, 1] smbd/service.c:close_cnum(1230)
>> carlap (192.168.6.114) closed connection to service F
>> [2008/07/21 07:50:46, 1] smbd/service.c:make_connection_snum(1033)
>> carlap (192.168.6.114) connect to service HPArma initially as user
>> nobody (uid=99, gid=99) (pid 5759)
>> [2008/07/21 07:50:49, 0] auth/pampass.c:smb_pam_passcheck(809)
>> smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User nobody !
>> [2008/07/21 07:50:49, 1] smbd/service.c:make_connection_snum(1033)
>> carlap (192.168.6.114) connect to service F initially as user nobody
>> (uid=99, gid=99) (pid 5759)
>> [2008/07/21 07:50:51, 0] auth/pampass.c:smb_pam_passcheck(809)
>> smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User nobody !
>> [2008/07/21 17:36:27, 1] smbd/service.c:close_cnum(1230)
>> carlap (192.168.6.114) closed connection to service F
>> [2008/07/21 17:36:27, 1] smbd/service.c:close_cnum(1230)
>> carlap (192.168.6.114) closed connection to service HPArma
>> [2008/07/22 07:56:25, 1] smbd/service.c:make_connection_snum(1033)
>> carlap (192.168.6.114) connect to service HPArma initially as user
>> nobody (uid=99, gid=99) (pid 11859)
>> [2008/07/22 07:56:28, 0] auth/pampass.c:smb_pam_passcheck(809)
>> smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User nobody !
>> [2008/07/22 07:56:28, 1] smbd/service.c:make_connection_snum(1033)
>> carlap (192.168.6.114) connect to service F initially as user nobody
>> (uid=99, gid=99) (pid 11859)
>> [2008/07/22 07:56:30, 0] auth/pampass.c:smb_pam_passcheck(809)
>> smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User nobody !
>> [2008/07/22 16:54:17, 1] smbd/service.c:close_cnum(1230)
>> carlap (192.168.6.114) closed connection to service HPArma
>> [2008/07/22 16:54:17, 1] smbd/service.c:close_cnum(1230)
>> carlap (192.168.6.114) closed connection to service F
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/listinfo/samba
>>
>
>
More information about the samba
mailing list