[Samba] Custom user shares

Günter Kukkukk linux at kukkukk.com
Tue Apr 22 13:58:56 MDT 2014


Am 22.04.2014 21:21, schrieb Ashley M. Kirchner:
> That's what I was missing, the 'smbpasswd' part. I don't recall having done
> that on the working server, but evidently I did. When I looked at
> /var//lib/samba/private/smbpasswd, sure enough, there are the user logins.
> 
> They already existed in unix space, but not in samba space. I need to make
> myself a mental note to remember to do that!
> 
> Thanks!
> 
> 

to just get the info about the active passdb backend, use
   testparm -vs 2>&1 | grep "passdb backend"

To list all your configured *samba* users, as root use:
   pdbedit -L
   pdbedit -Lv   (more info)
   pdbedit -Lw   (output similar to ASCII-smbpasswd file)

Cheers, Günter


> On Tue, Apr 22, 2014 at 1:15 PM, Rowland Penny
> <rowlandpenny at googlemail.com>wrote:
> 
>> On 22/04/14 19:59, Ashley M. Kirchner wrote:
>>
>>> *growl* This is what happens when I'm multi-tasking on both machines. That
>>> was the wrong one, sorry about that. This is the correct one:
>>>
>>> [global]
>>>          workgroup = WORKGROUP
>>>          server string = Torino
>>>          netbios name = TORINO
>>>          netbios aliases = DIGILAB BACKUP
>>>
>>>          interfaces = lo eth1 192.168.1.0/24
>>>
>>>          # logs split per machine
>>>          log file = /var/log/samba/log.%m
>>>          # max 50KB per log file, then rotate
>>>          max log size = 50
>>>
>>>          security = user
>>>          map to guest = Bad User
>>>
>>>          local master = no
>>>          socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>>          wins support = no
>>>          dns proxy = no
>>>          load printers = no
>>>          disable spoolss = yes
>>>          printcap name = /dev/null
>>>
>>>          smb ports = 139
>>>
>>>          username map = /etc/samba/usermap.txt
>>>          include = /etc/samba/smb.include.%L
>>>
>>> Then for the passwordless share that everyone CAN connect to right now:
>>>
>>>> cat smb.include.digilab
>>>>
>>> [bda]
>>>          comment = BDA Files
>>>          browseable = yes
>>>          writable = yes
>>>          path = /home/digilab/BDA
>>>          guest ok = yes
>>>          public = yes
>>>          read only = no
>>>          force user = digilab
>>>          force group = digilab
>>>          create mask = 0777
>>>          directory mask = 0777
>>>          locking = no
>>>
>>> And for the one I'm trying to setup with password, which is giving me
>>> access denied:
>>>
>>>> cat smb.include.backup
>>>>
>>> [kirash]
>>>          path = /mnt/backup/kirash
>>>          comment = Ashley M. Kirchner
>>>          writable = yes
>>>          valid users = kirash
>>>
>>> Both unix servers have a user login 'kirash'. On one server I can connect
>>> to the samba share with a client just fine, on the older one I get access
>>> denied.
>>>
>>
>> You have no users in samba or unix so your password-less share works
>> You have no users in samba or unix so your share that requires a valid
>> user with a password doesn't work, or to put it another way:
>>
>> no users and password means that anybody can connect to your guest share,
>> but you need samba/unix users with passwords to connect to the other share.
>>
>> Rowland
>>
>>
>>
>>
>>> On Tue, Apr 22, 2014 at 12:50 PM, Rowland Penny <
>>> rowlandpenny at googlemail.com
>>>
>>>> wrote:
>>>> On 22/04/14 19:08, Ashley M. Kirchner wrote:
>>>>
>>>>  Uh, excuse my ignorance, but what? What samba database? I didn't do
>>>>> anything with any database on any of the servers, not the one that is
>>>>> working fine nor this (older) one I'm trying to configure. If you're
>>>>> referring specifically to the 'passdb backend' option, it's commented
>>>>> out
>>>>> on both servers.
>>>>>
>>>>> This is the complete smb.conf file on both.
>>>>>
>>>>> [global]
>>>>>           workgroup = WORKGROUP
>>>>>           server string = BRASCO
>>>>>           netbios name = BRASCO
>>>>>           interfaces = lo eth0 192.168.1.0/24
>>>>>
>>>>>           # logs split per machine
>>>>>           log file = /var/log/samba/log.%m
>>>>>           # max 50KB per log file, then rotate
>>>>>           max log size = 50
>>>>>
>>>>>           security = user
>>>>>
>>>>>           local master = no
>>>>>
>>>>>           socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>>>>
>>>>>           wins support = no
>>>>>           dns proxy = no
>>>>>           load printers = no
>>>>>           disable spoolss = yes
>>>>>           printcap name = /dev/null
>>>>>
>>>>>           smb ports = 139
>>>>>           username map = /etc/samba/usermap.txt
>>>>>
>>>>> [kirash]
>>>>>           path = /opt/backup/kirash
>>>>>           comment = Ashley M. Kirchner
>>>>>           writable = yes
>>>>>           valid users = kirash
>>>>>
>>>>>
>>>>> On Tue, Apr 22, 2014 at 11:56 AM, Marc Muehlfeld <mmuehlfeld at samba.org
>>>>>
>>>>>> wrote:
>>>>>>
>>>>>   Hello Ashley,
>>>>>
>>>>>> Am 22.04.2014 19:45, schrieb Ashley M. Kirchner:
>>>>>>
>>>>>>   We have an old internal server running samba version 3.2.15 which
>>>>>> can't
>>>>>>
>>>>>>> be
>>>>>>> upgraded for different reasons. It's been running several passwordless
>>>>>>> shares with no problem. Now I'm trying to configure passworded user
>>>>>>> shares
>>>>>>> and not having much luck. I'm wondering if someone can help me
>>>>>>> diagnose
>>>>>>> this:
>>>>>>>
>>>>>>> In smb.conf I have
>>>>>>>
>>>>>>> security = user
>>>>>>> map to guest = Bad user
>>>>>>> ...
>>>>>>> username map = /etc/samba/usermap.txt
>>>>>>>
>>>>>>> The public shares are setup as follows:
>>>>>>> [bda]
>>>>>>>            comment = BDA Files
>>>>>>>            browseable = yes
>>>>>>>            writable = yes
>>>>>>>            path = /opt/bda
>>>>>>>            guest ok = yes
>>>>>>>            public = yes
>>>>>>>            read only = no
>>>>>>>            force user = nobody
>>>>>>>            force group = nobody
>>>>>>>            create mask = 0777
>>>>>>>            directory mask = 0777
>>>>>>>            locking = no
>>>>>>>
>>>>>>> *This all works.*
>>>>>>>
>>>>>>>
>>>>>>> Now for the user shares, I have this:
>>>>>>> [kirash]
>>>>>>>            path = /opt/backup/kirash
>>>>>>>            comment = Ashley M. Kirchner
>>>>>>>            writable = yes
>>>>>>>            valid users = kirash
>>>>>>>
>>>>>>> The unix user 'kirash' exists.
>>>>>>> usermap.txt has a line in it that maps the user as follows:
>>>>>>> kirash = AshleyMKirchner
>>>>>>>
>>>>>>> But when I try to access that share from my client I get access
>>>>>>> denied.
>>>>>>>
>>>>>>> Interestingly enough, I have a second samba server with a more recent
>>>>>>> version, 3.6.9 to be exact, with the same exact samba configuration
>>>>>>> and
>>>>>>> that DOES WORK. I can access the share, it asks for the user
>>>>>>> credentials
>>>>>>> (as set on that unix server) and I'm able to log in and access that
>>>>>>> share
>>>>>>> just fine.
>>>>>>>
>>>>>>> So what am I missing on the older server that's causing it to deny
>>>>>>> access?
>>>>>>>
>>>>>>> Note: our network does NOT use any kind of directory or other server
>>>>>>> log
>>>>>>> ins. Each client is on their own.
>>>>>>>
>>>>>>>
>>>>>>>  You said the user is existing in unix. But is it also existing in the
>>>>>> samba database? As you haven't posted the complete smb.conf, I guess
>>>>>> you
>>>>>> use tdb. Then have a look at 'smbpasswd' (-e / -a). If Samba uses a
>>>>>> different backend, please provide some more details.
>>>>>>
>>>>>>
>>>>>> Regards,
>>>>>> Marc
>>>>>>
>>>>>>
>>>>>>
>>>>>>   You seem to have lost this line:
>>>>>>
>>>>>
>>>> map to guest = Bad user
>>>>
>>>> it was in your first post, this is in man smb.conf:
>>>>
>>>>             ·   Bad User - Means user logins with an invalid password are
>>>>                 rejected, unless the username does not exist, in which
>>>> case
>>>> it
>>>>                 is treated as a guest login and mapped into the guest
>>>> account.
>>>>
>>>> So, as you don't have any samba users (and provided you don't have any
>>>> unix users on the machine that is running samba) all users should be able
>>>> to connect.
>>>>
>>>> But then you have the share, where the only valid user is kirash, try
>>>> removing this and then adding 'guest ok = yes'
>>>>
>>>> This should work, unless you have missed telling us something.
>>>>
>>>> Rowland
>>>>
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>
>>>>
>>>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>>


-- 



More information about the samba mailing list