[Samba] Custom user shares
Ashley M. Kirchner
ashley at pcraft.com
Tue Apr 22 13:21:17 MDT 2014
That's what I was missing, the 'smbpasswd' part. I don't recall having done
that on the working server, but evidently I did. When I looked at
/var//lib/samba/private/smbpasswd, sure enough, there are the user logins.
They already existed in unix space, but not in samba space. I need to make
myself a mental note to remember to do that!
Thanks!
On Tue, Apr 22, 2014 at 1:15 PM, Rowland Penny
<rowlandpenny at googlemail.com>wrote:
> On 22/04/14 19:59, Ashley M. Kirchner wrote:
>
>> *growl* This is what happens when I'm multi-tasking on both machines. That
>> was the wrong one, sorry about that. This is the correct one:
>>
>> [global]
>> workgroup = WORKGROUP
>> server string = Torino
>> netbios name = TORINO
>> netbios aliases = DIGILAB BACKUP
>>
>> interfaces = lo eth1 192.168.1.0/24
>>
>> # logs split per machine
>> log file = /var/log/samba/log.%m
>> # max 50KB per log file, then rotate
>> max log size = 50
>>
>> security = user
>> map to guest = Bad User
>>
>> local master = no
>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>> wins support = no
>> dns proxy = no
>> load printers = no
>> disable spoolss = yes
>> printcap name = /dev/null
>>
>> smb ports = 139
>>
>> username map = /etc/samba/usermap.txt
>> include = /etc/samba/smb.include.%L
>>
>> Then for the passwordless share that everyone CAN connect to right now:
>>
>>> cat smb.include.digilab
>>>
>> [bda]
>> comment = BDA Files
>> browseable = yes
>> writable = yes
>> path = /home/digilab/BDA
>> guest ok = yes
>> public = yes
>> read only = no
>> force user = digilab
>> force group = digilab
>> create mask = 0777
>> directory mask = 0777
>> locking = no
>>
>> And for the one I'm trying to setup with password, which is giving me
>> access denied:
>>
>>> cat smb.include.backup
>>>
>> [kirash]
>> path = /mnt/backup/kirash
>> comment = Ashley M. Kirchner
>> writable = yes
>> valid users = kirash
>>
>> Both unix servers have a user login 'kirash'. On one server I can connect
>> to the samba share with a client just fine, on the older one I get access
>> denied.
>>
>
> You have no users in samba or unix so your password-less share works
> You have no users in samba or unix so your share that requires a valid
> user with a password doesn't work, or to put it another way:
>
> no users and password means that anybody can connect to your guest share,
> but you need samba/unix users with passwords to connect to the other share.
>
> Rowland
>
>
>
>
>> On Tue, Apr 22, 2014 at 12:50 PM, Rowland Penny <
>> rowlandpenny at googlemail.com
>>
>>> wrote:
>>> On 22/04/14 19:08, Ashley M. Kirchner wrote:
>>>
>>> Uh, excuse my ignorance, but what? What samba database? I didn't do
>>>> anything with any database on any of the servers, not the one that is
>>>> working fine nor this (older) one I'm trying to configure. If you're
>>>> referring specifically to the 'passdb backend' option, it's commented
>>>> out
>>>> on both servers.
>>>>
>>>> This is the complete smb.conf file on both.
>>>>
>>>> [global]
>>>> workgroup = WORKGROUP
>>>> server string = BRASCO
>>>> netbios name = BRASCO
>>>> interfaces = lo eth0 192.168.1.0/24
>>>>
>>>> # logs split per machine
>>>> log file = /var/log/samba/log.%m
>>>> # max 50KB per log file, then rotate
>>>> max log size = 50
>>>>
>>>> security = user
>>>>
>>>> local master = no
>>>>
>>>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>>>
>>>> wins support = no
>>>> dns proxy = no
>>>> load printers = no
>>>> disable spoolss = yes
>>>> printcap name = /dev/null
>>>>
>>>> smb ports = 139
>>>> username map = /etc/samba/usermap.txt
>>>>
>>>> [kirash]
>>>> path = /opt/backup/kirash
>>>> comment = Ashley M. Kirchner
>>>> writable = yes
>>>> valid users = kirash
>>>>
>>>>
>>>> On Tue, Apr 22, 2014 at 11:56 AM, Marc Muehlfeld <mmuehlfeld at samba.org
>>>>
>>>>> wrote:
>>>>>
>>>> Hello Ashley,
>>>>
>>>>> Am 22.04.2014 19:45, schrieb Ashley M. Kirchner:
>>>>>
>>>>> We have an old internal server running samba version 3.2.15 which
>>>>> can't
>>>>>
>>>>>> be
>>>>>> upgraded for different reasons. It's been running several passwordless
>>>>>> shares with no problem. Now I'm trying to configure passworded user
>>>>>> shares
>>>>>> and not having much luck. I'm wondering if someone can help me
>>>>>> diagnose
>>>>>> this:
>>>>>>
>>>>>> In smb.conf I have
>>>>>>
>>>>>> security = user
>>>>>> map to guest = Bad user
>>>>>> ...
>>>>>> username map = /etc/samba/usermap.txt
>>>>>>
>>>>>> The public shares are setup as follows:
>>>>>> [bda]
>>>>>> comment = BDA Files
>>>>>> browseable = yes
>>>>>> writable = yes
>>>>>> path = /opt/bda
>>>>>> guest ok = yes
>>>>>> public = yes
>>>>>> read only = no
>>>>>> force user = nobody
>>>>>> force group = nobody
>>>>>> create mask = 0777
>>>>>> directory mask = 0777
>>>>>> locking = no
>>>>>>
>>>>>> *This all works.*
>>>>>>
>>>>>>
>>>>>> Now for the user shares, I have this:
>>>>>> [kirash]
>>>>>> path = /opt/backup/kirash
>>>>>> comment = Ashley M. Kirchner
>>>>>> writable = yes
>>>>>> valid users = kirash
>>>>>>
>>>>>> The unix user 'kirash' exists.
>>>>>> usermap.txt has a line in it that maps the user as follows:
>>>>>> kirash = AshleyMKirchner
>>>>>>
>>>>>> But when I try to access that share from my client I get access
>>>>>> denied.
>>>>>>
>>>>>> Interestingly enough, I have a second samba server with a more recent
>>>>>> version, 3.6.9 to be exact, with the same exact samba configuration
>>>>>> and
>>>>>> that DOES WORK. I can access the share, it asks for the user
>>>>>> credentials
>>>>>> (as set on that unix server) and I'm able to log in and access that
>>>>>> share
>>>>>> just fine.
>>>>>>
>>>>>> So what am I missing on the older server that's causing it to deny
>>>>>> access?
>>>>>>
>>>>>> Note: our network does NOT use any kind of directory or other server
>>>>>> log
>>>>>> ins. Each client is on their own.
>>>>>>
>>>>>>
>>>>>> You said the user is existing in unix. But is it also existing in the
>>>>> samba database? As you haven't posted the complete smb.conf, I guess
>>>>> you
>>>>> use tdb. Then have a look at 'smbpasswd' (-e / -a). If Samba uses a
>>>>> different backend, please provide some more details.
>>>>>
>>>>>
>>>>> Regards,
>>>>> Marc
>>>>>
>>>>>
>>>>>
>>>>> You seem to have lost this line:
>>>>>
>>>>
>>> map to guest = Bad user
>>>
>>> it was in your first post, this is in man smb.conf:
>>>
>>> · Bad User - Means user logins with an invalid password are
>>> rejected, unless the username does not exist, in which
>>> case
>>> it
>>> is treated as a guest login and mapped into the guest
>>> account.
>>>
>>> So, as you don't have any samba users (and provided you don't have any
>>> unix users on the machine that is running samba) all users should be able
>>> to connect.
>>>
>>> But then you have the share, where the only valid user is kirash, try
>>> removing this and then adding 'guest ok = yes'
>>>
>>> This should work, unless you have missed telling us something.
>>>
>>> Rowland
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>>
>>>
>>>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list