[Samba] Custom user shares
Ashley M. Kirchner
ashley at pcraft.com
Tue Apr 22 12:59:13 MDT 2014
*growl* This is what happens when I'm multi-tasking on both machines. That
was the wrong one, sorry about that. This is the correct one:
[global]
workgroup = WORKGROUP
server string = Torino
netbios name = TORINO
netbios aliases = DIGILAB BACKUP
interfaces = lo eth1 192.168.1.0/24
# logs split per machine
log file = /var/log/samba/log.%m
# max 50KB per log file, then rotate
max log size = 50
security = user
map to guest = Bad User
local master = no
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
wins support = no
dns proxy = no
load printers = no
disable spoolss = yes
printcap name = /dev/null
smb ports = 139
username map = /etc/samba/usermap.txt
include = /etc/samba/smb.include.%L
Then for the passwordless share that everyone CAN connect to right now:
> cat smb.include.digilab
[bda]
comment = BDA Files
browseable = yes
writable = yes
path = /home/digilab/BDA
guest ok = yes
public = yes
read only = no
force user = digilab
force group = digilab
create mask = 0777
directory mask = 0777
locking = no
And for the one I'm trying to setup with password, which is giving me
access denied:
> cat smb.include.backup
[kirash]
path = /mnt/backup/kirash
comment = Ashley M. Kirchner
writable = yes
valid users = kirash
Both unix servers have a user login 'kirash'. On one server I can connect
to the samba share with a client just fine, on the older one I get access
denied.
On Tue, Apr 22, 2014 at 12:50 PM, Rowland Penny <rowlandpenny at googlemail.com
> wrote:
> On 22/04/14 19:08, Ashley M. Kirchner wrote:
>
>> Uh, excuse my ignorance, but what? What samba database? I didn't do
>> anything with any database on any of the servers, not the one that is
>> working fine nor this (older) one I'm trying to configure. If you're
>> referring specifically to the 'passdb backend' option, it's commented out
>> on both servers.
>>
>> This is the complete smb.conf file on both.
>>
>> [global]
>> workgroup = WORKGROUP
>> server string = BRASCO
>> netbios name = BRASCO
>> interfaces = lo eth0 192.168.1.0/24
>>
>> # logs split per machine
>> log file = /var/log/samba/log.%m
>> # max 50KB per log file, then rotate
>> max log size = 50
>>
>> security = user
>>
>> local master = no
>>
>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>
>> wins support = no
>> dns proxy = no
>> load printers = no
>> disable spoolss = yes
>> printcap name = /dev/null
>>
>> smb ports = 139
>> username map = /etc/samba/usermap.txt
>>
>> [kirash]
>> path = /opt/backup/kirash
>> comment = Ashley M. Kirchner
>> writable = yes
>> valid users = kirash
>>
>>
>> On Tue, Apr 22, 2014 at 11:56 AM, Marc Muehlfeld <mmuehlfeld at samba.org
>> >wrote:
>>
>> Hello Ashley,
>>>
>>> Am 22.04.2014 19:45, schrieb Ashley M. Kirchner:
>>>
>>> We have an old internal server running samba version 3.2.15 which can't
>>>> be
>>>> upgraded for different reasons. It's been running several passwordless
>>>> shares with no problem. Now I'm trying to configure passworded user
>>>> shares
>>>> and not having much luck. I'm wondering if someone can help me diagnose
>>>> this:
>>>>
>>>> In smb.conf I have
>>>>
>>>> security = user
>>>> map to guest = Bad user
>>>> ...
>>>> username map = /etc/samba/usermap.txt
>>>>
>>>> The public shares are setup as follows:
>>>> [bda]
>>>> comment = BDA Files
>>>> browseable = yes
>>>> writable = yes
>>>> path = /opt/bda
>>>> guest ok = yes
>>>> public = yes
>>>> read only = no
>>>> force user = nobody
>>>> force group = nobody
>>>> create mask = 0777
>>>> directory mask = 0777
>>>> locking = no
>>>>
>>>> *This all works.*
>>>>
>>>>
>>>> Now for the user shares, I have this:
>>>> [kirash]
>>>> path = /opt/backup/kirash
>>>> comment = Ashley M. Kirchner
>>>> writable = yes
>>>> valid users = kirash
>>>>
>>>> The unix user 'kirash' exists.
>>>> usermap.txt has a line in it that maps the user as follows:
>>>> kirash = AshleyMKirchner
>>>>
>>>> But when I try to access that share from my client I get access denied.
>>>>
>>>> Interestingly enough, I have a second samba server with a more recent
>>>> version, 3.6.9 to be exact, with the same exact samba configuration and
>>>> that DOES WORK. I can access the share, it asks for the user credentials
>>>> (as set on that unix server) and I'm able to log in and access that
>>>> share
>>>> just fine.
>>>>
>>>> So what am I missing on the older server that's causing it to deny
>>>> access?
>>>>
>>>> Note: our network does NOT use any kind of directory or other server log
>>>> ins. Each client is on their own.
>>>>
>>>>
>>> You said the user is existing in unix. But is it also existing in the
>>> samba database? As you haven't posted the complete smb.conf, I guess you
>>> use tdb. Then have a look at 'smbpasswd' (-e / -a). If Samba uses a
>>> different backend, please provide some more details.
>>>
>>>
>>> Regards,
>>> Marc
>>>
>>>
>>>
>>> You seem to have lost this line:
>
>
> map to guest = Bad user
>
> it was in your first post, this is in man smb.conf:
>
> · Bad User - Means user logins with an invalid password are
> rejected, unless the username does not exist, in which case
> it
> is treated as a guest login and mapped into the guest
> account.
>
> So, as you don't have any samba users (and provided you don't have any
> unix users on the machine that is running samba) all users should be able
> to connect.
>
> But then you have the share, where the only valid user is kirash, try
> removing this and then adding 'guest ok = yes'
>
> This should work, unless you have missed telling us something.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list