[Samba] Custom user shares

Rowland Penny rowlandpenny at googlemail.com
Tue Apr 22 13:15:09 MDT 2014


On 22/04/14 19:59, Ashley M. Kirchner wrote:
> *growl* This is what happens when I'm multi-tasking on both machines. That
> was the wrong one, sorry about that. This is the correct one:
>
> [global]
>          workgroup = WORKGROUP
>          server string = Torino
>          netbios name = TORINO
>          netbios aliases = DIGILAB BACKUP
>
>          interfaces = lo eth1 192.168.1.0/24
>
>          # logs split per machine
>          log file = /var/log/samba/log.%m
>          # max 50KB per log file, then rotate
>          max log size = 50
>
>          security = user
>          map to guest = Bad User
>
>          local master = no
>          socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>          wins support = no
>          dns proxy = no
>          load printers = no
>          disable spoolss = yes
>          printcap name = /dev/null
>
>          smb ports = 139
>
>          username map = /etc/samba/usermap.txt
>          include = /etc/samba/smb.include.%L
>
> Then for the passwordless share that everyone CAN connect to right now:
>> cat smb.include.digilab
> [bda]
>          comment = BDA Files
>          browseable = yes
>          writable = yes
>          path = /home/digilab/BDA
>          guest ok = yes
>          public = yes
>          read only = no
>          force user = digilab
>          force group = digilab
>          create mask = 0777
>          directory mask = 0777
>          locking = no
>
> And for the one I'm trying to setup with password, which is giving me
> access denied:
>> cat smb.include.backup
> [kirash]
>          path = /mnt/backup/kirash
>          comment = Ashley M. Kirchner
>          writable = yes
>          valid users = kirash
>
> Both unix servers have a user login 'kirash'. On one server I can connect
> to the samba share with a client just fine, on the older one I get access
> denied.

You have no users in samba or unix so your password-less share works
You have no users in samba or unix so your share that requires a valid 
user with a password doesn't work, or to put it another way:

no users and password means that anybody can connect to your guest 
share, but you need samba/unix users with passwords to connect to the 
other share.

Rowland


>
> On Tue, Apr 22, 2014 at 12:50 PM, Rowland Penny <rowlandpenny at googlemail.com
>> wrote:
>> On 22/04/14 19:08, Ashley M. Kirchner wrote:
>>
>>> Uh, excuse my ignorance, but what? What samba database? I didn't do
>>> anything with any database on any of the servers, not the one that is
>>> working fine nor this (older) one I'm trying to configure. If you're
>>> referring specifically to the 'passdb backend' option, it's commented out
>>> on both servers.
>>>
>>> This is the complete smb.conf file on both.
>>>
>>> [global]
>>>           workgroup = WORKGROUP
>>>           server string = BRASCO
>>>           netbios name = BRASCO
>>>           interfaces = lo eth0 192.168.1.0/24
>>>
>>>           # logs split per machine
>>>           log file = /var/log/samba/log.%m
>>>           # max 50KB per log file, then rotate
>>>           max log size = 50
>>>
>>>           security = user
>>>
>>>           local master = no
>>>
>>>           socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>>
>>>           wins support = no
>>>           dns proxy = no
>>>           load printers = no
>>>           disable spoolss = yes
>>>           printcap name = /dev/null
>>>
>>>           smb ports = 139
>>>           username map = /etc/samba/usermap.txt
>>>
>>> [kirash]
>>>           path = /opt/backup/kirash
>>>           comment = Ashley M. Kirchner
>>>           writable = yes
>>>           valid users = kirash
>>>
>>>
>>> On Tue, Apr 22, 2014 at 11:56 AM, Marc Muehlfeld <mmuehlfeld at samba.org
>>>> wrote:
>>>   Hello Ashley,
>>>> Am 22.04.2014 19:45, schrieb Ashley M. Kirchner:
>>>>
>>>>   We have an old internal server running samba version 3.2.15 which can't
>>>>> be
>>>>> upgraded for different reasons. It's been running several passwordless
>>>>> shares with no problem. Now I'm trying to configure passworded user
>>>>> shares
>>>>> and not having much luck. I'm wondering if someone can help me diagnose
>>>>> this:
>>>>>
>>>>> In smb.conf I have
>>>>>
>>>>> security = user
>>>>> map to guest = Bad user
>>>>> ...
>>>>> username map = /etc/samba/usermap.txt
>>>>>
>>>>> The public shares are setup as follows:
>>>>> [bda]
>>>>>            comment = BDA Files
>>>>>            browseable = yes
>>>>>            writable = yes
>>>>>            path = /opt/bda
>>>>>            guest ok = yes
>>>>>            public = yes
>>>>>            read only = no
>>>>>            force user = nobody
>>>>>            force group = nobody
>>>>>            create mask = 0777
>>>>>            directory mask = 0777
>>>>>            locking = no
>>>>>
>>>>> *This all works.*
>>>>>
>>>>>
>>>>> Now for the user shares, I have this:
>>>>> [kirash]
>>>>>            path = /opt/backup/kirash
>>>>>            comment = Ashley M. Kirchner
>>>>>            writable = yes
>>>>>            valid users = kirash
>>>>>
>>>>> The unix user 'kirash' exists.
>>>>> usermap.txt has a line in it that maps the user as follows:
>>>>> kirash = AshleyMKirchner
>>>>>
>>>>> But when I try to access that share from my client I get access denied.
>>>>>
>>>>> Interestingly enough, I have a second samba server with a more recent
>>>>> version, 3.6.9 to be exact, with the same exact samba configuration and
>>>>> that DOES WORK. I can access the share, it asks for the user credentials
>>>>> (as set on that unix server) and I'm able to log in and access that
>>>>> share
>>>>> just fine.
>>>>>
>>>>> So what am I missing on the older server that's causing it to deny
>>>>> access?
>>>>>
>>>>> Note: our network does NOT use any kind of directory or other server log
>>>>> ins. Each client is on their own.
>>>>>
>>>>>
>>>> You said the user is existing in unix. But is it also existing in the
>>>> samba database? As you haven't posted the complete smb.conf, I guess you
>>>> use tdb. Then have a look at 'smbpasswd' (-e / -a). If Samba uses a
>>>> different backend, please provide some more details.
>>>>
>>>>
>>>> Regards,
>>>> Marc
>>>>
>>>>
>>>>
>>>>   You seem to have lost this line:
>>
>> map to guest = Bad user
>>
>> it was in your first post, this is in man smb.conf:
>>
>>             ·   Bad User - Means user logins with an invalid password are
>>                 rejected, unless the username does not exist, in which case
>> it
>>                 is treated as a guest login and mapped into the guest
>> account.
>>
>> So, as you don't have any samba users (and provided you don't have any
>> unix users on the machine that is running samba) all users should be able
>> to connect.
>>
>> But then you have the share, where the only valid user is kirash, try
>> removing this and then adding 'guest ok = yes'
>>
>> This should work, unless you have missed telling us something.
>>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>>



More information about the samba mailing list