[Samba] Custom user shares
Rowland Penny
rowlandpenny at googlemail.com
Tue Apr 22 13:15:09 MDT 2014
On 22/04/14 19:59, Ashley M. Kirchner wrote:
> *growl* This is what happens when I'm multi-tasking on both machines. That
> was the wrong one, sorry about that. This is the correct one:
>
> [global]
> workgroup = WORKGROUP
> server string = Torino
> netbios name = TORINO
> netbios aliases = DIGILAB BACKUP
>
> interfaces = lo eth1 192.168.1.0/24
>
> # logs split per machine
> log file = /var/log/samba/log.%m
> # max 50KB per log file, then rotate
> max log size = 50
>
> security = user
> map to guest = Bad User
>
> local master = no
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> wins support = no
> dns proxy = no
> load printers = no
> disable spoolss = yes
> printcap name = /dev/null
>
> smb ports = 139
>
> username map = /etc/samba/usermap.txt
> include = /etc/samba/smb.include.%L
>
> Then for the passwordless share that everyone CAN connect to right now:
>> cat smb.include.digilab
> [bda]
> comment = BDA Files
> browseable = yes
> writable = yes
> path = /home/digilab/BDA
> guest ok = yes
> public = yes
> read only = no
> force user = digilab
> force group = digilab
> create mask = 0777
> directory mask = 0777
> locking = no
>
> And for the one I'm trying to setup with password, which is giving me
> access denied:
>> cat smb.include.backup
> [kirash]
> path = /mnt/backup/kirash
> comment = Ashley M. Kirchner
> writable = yes
> valid users = kirash
>
> Both unix servers have a user login 'kirash'. On one server I can connect
> to the samba share with a client just fine, on the older one I get access
> denied.
You have no users in samba or unix so your password-less share works
You have no users in samba or unix so your share that requires a valid
user with a password doesn't work, or to put it another way:
no users and password means that anybody can connect to your guest
share, but you need samba/unix users with passwords to connect to the
other share.
Rowland
>
> On Tue, Apr 22, 2014 at 12:50 PM, Rowland Penny <rowlandpenny at googlemail.com
>> wrote:
>> On 22/04/14 19:08, Ashley M. Kirchner wrote:
>>
>>> Uh, excuse my ignorance, but what? What samba database? I didn't do
>>> anything with any database on any of the servers, not the one that is
>>> working fine nor this (older) one I'm trying to configure. If you're
>>> referring specifically to the 'passdb backend' option, it's commented out
>>> on both servers.
>>>
>>> This is the complete smb.conf file on both.
>>>
>>> [global]
>>> workgroup = WORKGROUP
>>> server string = BRASCO
>>> netbios name = BRASCO
>>> interfaces = lo eth0 192.168.1.0/24
>>>
>>> # logs split per machine
>>> log file = /var/log/samba/log.%m
>>> # max 50KB per log file, then rotate
>>> max log size = 50
>>>
>>> security = user
>>>
>>> local master = no
>>>
>>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>>
>>> wins support = no
>>> dns proxy = no
>>> load printers = no
>>> disable spoolss = yes
>>> printcap name = /dev/null
>>>
>>> smb ports = 139
>>> username map = /etc/samba/usermap.txt
>>>
>>> [kirash]
>>> path = /opt/backup/kirash
>>> comment = Ashley M. Kirchner
>>> writable = yes
>>> valid users = kirash
>>>
>>>
>>> On Tue, Apr 22, 2014 at 11:56 AM, Marc Muehlfeld <mmuehlfeld at samba.org
>>>> wrote:
>>> Hello Ashley,
>>>> Am 22.04.2014 19:45, schrieb Ashley M. Kirchner:
>>>>
>>>> We have an old internal server running samba version 3.2.15 which can't
>>>>> be
>>>>> upgraded for different reasons. It's been running several passwordless
>>>>> shares with no problem. Now I'm trying to configure passworded user
>>>>> shares
>>>>> and not having much luck. I'm wondering if someone can help me diagnose
>>>>> this:
>>>>>
>>>>> In smb.conf I have
>>>>>
>>>>> security = user
>>>>> map to guest = Bad user
>>>>> ...
>>>>> username map = /etc/samba/usermap.txt
>>>>>
>>>>> The public shares are setup as follows:
>>>>> [bda]
>>>>> comment = BDA Files
>>>>> browseable = yes
>>>>> writable = yes
>>>>> path = /opt/bda
>>>>> guest ok = yes
>>>>> public = yes
>>>>> read only = no
>>>>> force user = nobody
>>>>> force group = nobody
>>>>> create mask = 0777
>>>>> directory mask = 0777
>>>>> locking = no
>>>>>
>>>>> *This all works.*
>>>>>
>>>>>
>>>>> Now for the user shares, I have this:
>>>>> [kirash]
>>>>> path = /opt/backup/kirash
>>>>> comment = Ashley M. Kirchner
>>>>> writable = yes
>>>>> valid users = kirash
>>>>>
>>>>> The unix user 'kirash' exists.
>>>>> usermap.txt has a line in it that maps the user as follows:
>>>>> kirash = AshleyMKirchner
>>>>>
>>>>> But when I try to access that share from my client I get access denied.
>>>>>
>>>>> Interestingly enough, I have a second samba server with a more recent
>>>>> version, 3.6.9 to be exact, with the same exact samba configuration and
>>>>> that DOES WORK. I can access the share, it asks for the user credentials
>>>>> (as set on that unix server) and I'm able to log in and access that
>>>>> share
>>>>> just fine.
>>>>>
>>>>> So what am I missing on the older server that's causing it to deny
>>>>> access?
>>>>>
>>>>> Note: our network does NOT use any kind of directory or other server log
>>>>> ins. Each client is on their own.
>>>>>
>>>>>
>>>> You said the user is existing in unix. But is it also existing in the
>>>> samba database? As you haven't posted the complete smb.conf, I guess you
>>>> use tdb. Then have a look at 'smbpasswd' (-e / -a). If Samba uses a
>>>> different backend, please provide some more details.
>>>>
>>>>
>>>> Regards,
>>>> Marc
>>>>
>>>>
>>>>
>>>> You seem to have lost this line:
>>
>> map to guest = Bad user
>>
>> it was in your first post, this is in man smb.conf:
>>
>> · Bad User - Means user logins with an invalid password are
>> rejected, unless the username does not exist, in which case
>> it
>> is treated as a guest login and mapped into the guest
>> account.
>>
>> So, as you don't have any samba users (and provided you don't have any
>> unix users on the machine that is running samba) all users should be able
>> to connect.
>>
>> But then you have the share, where the only valid user is kirash, try
>> removing this and then adding 'guest ok = yes'
>>
>> This should work, unless you have missed telling us something.
>>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
More information about the samba
mailing list