[Samba] Custom user shares

Ashley M. Kirchner ashley at pcraft.com
Tue Apr 22 12:59:13 MDT 2014


*growl* This is what happens when I'm multi-tasking on both machines. That
was the wrong one, sorry about that. This is the correct one:

[global]
        workgroup = WORKGROUP
        server string = Torino
        netbios name = TORINO
        netbios aliases = DIGILAB BACKUP

        interfaces = lo eth1 192.168.1.0/24

        # logs split per machine
        log file = /var/log/samba/log.%m
        # max 50KB per log file, then rotate
        max log size = 50

        security = user
        map to guest = Bad User

        local master = no
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        wins support = no
        dns proxy = no
        load printers = no
        disable spoolss = yes
        printcap name = /dev/null

        smb ports = 139

        username map = /etc/samba/usermap.txt
        include = /etc/samba/smb.include.%L

Then for the passwordless share that everyone CAN connect to right now:
> cat smb.include.digilab
[bda]
        comment = BDA Files
        browseable = yes
        writable = yes
        path = /home/digilab/BDA
        guest ok = yes
        public = yes
        read only = no
        force user = digilab
        force group = digilab
        create mask = 0777
        directory mask = 0777
        locking = no

And for the one I'm trying to setup with password, which is giving me
access denied:
> cat smb.include.backup
[kirash]
        path = /mnt/backup/kirash
        comment = Ashley M. Kirchner
        writable = yes
        valid users = kirash

Both unix servers have a user login 'kirash'. On one server I can connect
to the samba share with a client just fine, on the older one I get access
denied.


On Tue, Apr 22, 2014 at 12:50 PM, Rowland Penny <rowlandpenny at googlemail.com
> wrote:

> On 22/04/14 19:08, Ashley M. Kirchner wrote:
>
>> Uh, excuse my ignorance, but what? What samba database? I didn't do
>> anything with any database on any of the servers, not the one that is
>> working fine nor this (older) one I'm trying to configure. If you're
>> referring specifically to the 'passdb backend' option, it's commented out
>> on both servers.
>>
>> This is the complete smb.conf file on both.
>>
>> [global]
>>          workgroup = WORKGROUP
>>          server string = BRASCO
>>          netbios name = BRASCO
>>          interfaces = lo eth0 192.168.1.0/24
>>
>>          # logs split per machine
>>          log file = /var/log/samba/log.%m
>>          # max 50KB per log file, then rotate
>>          max log size = 50
>>
>>          security = user
>>
>>          local master = no
>>
>>          socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>
>>          wins support = no
>>          dns proxy = no
>>          load printers = no
>>          disable spoolss = yes
>>          printcap name = /dev/null
>>
>>          smb ports = 139
>>          username map = /etc/samba/usermap.txt
>>
>> [kirash]
>>          path = /opt/backup/kirash
>>          comment = Ashley M. Kirchner
>>          writable = yes
>>          valid users = kirash
>>
>>
>> On Tue, Apr 22, 2014 at 11:56 AM, Marc Muehlfeld <mmuehlfeld at samba.org
>> >wrote:
>>
>>  Hello Ashley,
>>>
>>> Am 22.04.2014 19:45, schrieb Ashley M. Kirchner:
>>>
>>>  We have an old internal server running samba version 3.2.15 which can't
>>>> be
>>>> upgraded for different reasons. It's been running several passwordless
>>>> shares with no problem. Now I'm trying to configure passworded user
>>>> shares
>>>> and not having much luck. I'm wondering if someone can help me diagnose
>>>> this:
>>>>
>>>> In smb.conf I have
>>>>
>>>> security = user
>>>> map to guest = Bad user
>>>> ...
>>>> username map = /etc/samba/usermap.txt
>>>>
>>>> The public shares are setup as follows:
>>>> [bda]
>>>>           comment = BDA Files
>>>>           browseable = yes
>>>>           writable = yes
>>>>           path = /opt/bda
>>>>           guest ok = yes
>>>>           public = yes
>>>>           read only = no
>>>>           force user = nobody
>>>>           force group = nobody
>>>>           create mask = 0777
>>>>           directory mask = 0777
>>>>           locking = no
>>>>
>>>> *This all works.*
>>>>
>>>>
>>>> Now for the user shares, I have this:
>>>> [kirash]
>>>>           path = /opt/backup/kirash
>>>>           comment = Ashley M. Kirchner
>>>>           writable = yes
>>>>           valid users = kirash
>>>>
>>>> The unix user 'kirash' exists.
>>>> usermap.txt has a line in it that maps the user as follows:
>>>> kirash = AshleyMKirchner
>>>>
>>>> But when I try to access that share from my client I get access denied.
>>>>
>>>> Interestingly enough, I have a second samba server with a more recent
>>>> version, 3.6.9 to be exact, with the same exact samba configuration and
>>>> that DOES WORK. I can access the share, it asks for the user credentials
>>>> (as set on that unix server) and I'm able to log in and access that
>>>> share
>>>> just fine.
>>>>
>>>> So what am I missing on the older server that's causing it to deny
>>>> access?
>>>>
>>>> Note: our network does NOT use any kind of directory or other server log
>>>> ins. Each client is on their own.
>>>>
>>>>
>>> You said the user is existing in unix. But is it also existing in the
>>> samba database? As you haven't posted the complete smb.conf, I guess you
>>> use tdb. Then have a look at 'smbpasswd' (-e / -a). If Samba uses a
>>> different backend, please provide some more details.
>>>
>>>
>>> Regards,
>>> Marc
>>>
>>>
>>>
>>>  You seem to have lost this line:
>
>
> map to guest = Bad user
>
> it was in your first post, this is in man smb.conf:
>
>            ·   Bad User - Means user logins with an invalid password are
>                rejected, unless the username does not exist, in which case
> it
>                is treated as a guest login and mapped into the guest
> account.
>
> So, as you don't have any samba users (and provided you don't have any
> unix users on the machine that is running samba) all users should be able
> to connect.
>
> But then you have the share, where the only valid user is kirash, try
> removing this and then adding 'guest ok = yes'
>
> This should work, unless you have missed telling us something.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
>


More information about the samba mailing list