[Samba] Custom user shares
Günter Kukkukk
linux at kukkukk.com
Tue Apr 22 13:58:56 MDT 2014
Am 22.04.2014 21:21, schrieb Ashley M. Kirchner:
> That's what I was missing, the 'smbpasswd' part. I don't recall having done
> that on the working server, but evidently I did. When I looked at
> /var//lib/samba/private/smbpasswd, sure enough, there are the user logins.
>
> They already existed in unix space, but not in samba space. I need to make
> myself a mental note to remember to do that!
>
> Thanks!
>
>
to just get the info about the active passdb backend, use
testparm -vs 2>&1 | grep "passdb backend"
To list all your configured *samba* users, as root use:
pdbedit -L
pdbedit -Lv (more info)
pdbedit -Lw (output similar to ASCII-smbpasswd file)
Cheers, Günter
> On Tue, Apr 22, 2014 at 1:15 PM, Rowland Penny
> <rowlandpenny at googlemail.com>wrote:
>
>> On 22/04/14 19:59, Ashley M. Kirchner wrote:
>>
>>> *growl* This is what happens when I'm multi-tasking on both machines. That
>>> was the wrong one, sorry about that. This is the correct one:
>>>
>>> [global]
>>> workgroup = WORKGROUP
>>> server string = Torino
>>> netbios name = TORINO
>>> netbios aliases = DIGILAB BACKUP
>>>
>>> interfaces = lo eth1 192.168.1.0/24
>>>
>>> # logs split per machine
>>> log file = /var/log/samba/log.%m
>>> # max 50KB per log file, then rotate
>>> max log size = 50
>>>
>>> security = user
>>> map to guest = Bad User
>>>
>>> local master = no
>>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>> wins support = no
>>> dns proxy = no
>>> load printers = no
>>> disable spoolss = yes
>>> printcap name = /dev/null
>>>
>>> smb ports = 139
>>>
>>> username map = /etc/samba/usermap.txt
>>> include = /etc/samba/smb.include.%L
>>>
>>> Then for the passwordless share that everyone CAN connect to right now:
>>>
>>>> cat smb.include.digilab
>>>>
>>> [bda]
>>> comment = BDA Files
>>> browseable = yes
>>> writable = yes
>>> path = /home/digilab/BDA
>>> guest ok = yes
>>> public = yes
>>> read only = no
>>> force user = digilab
>>> force group = digilab
>>> create mask = 0777
>>> directory mask = 0777
>>> locking = no
>>>
>>> And for the one I'm trying to setup with password, which is giving me
>>> access denied:
>>>
>>>> cat smb.include.backup
>>>>
>>> [kirash]
>>> path = /mnt/backup/kirash
>>> comment = Ashley M. Kirchner
>>> writable = yes
>>> valid users = kirash
>>>
>>> Both unix servers have a user login 'kirash'. On one server I can connect
>>> to the samba share with a client just fine, on the older one I get access
>>> denied.
>>>
>>
>> You have no users in samba or unix so your password-less share works
>> You have no users in samba or unix so your share that requires a valid
>> user with a password doesn't work, or to put it another way:
>>
>> no users and password means that anybody can connect to your guest share,
>> but you need samba/unix users with passwords to connect to the other share.
>>
>> Rowland
>>
>>
>>
>>
>>> On Tue, Apr 22, 2014 at 12:50 PM, Rowland Penny <
>>> rowlandpenny at googlemail.com
>>>
>>>> wrote:
>>>> On 22/04/14 19:08, Ashley M. Kirchner wrote:
>>>>
>>>> Uh, excuse my ignorance, but what? What samba database? I didn't do
>>>>> anything with any database on any of the servers, not the one that is
>>>>> working fine nor this (older) one I'm trying to configure. If you're
>>>>> referring specifically to the 'passdb backend' option, it's commented
>>>>> out
>>>>> on both servers.
>>>>>
>>>>> This is the complete smb.conf file on both.
>>>>>
>>>>> [global]
>>>>> workgroup = WORKGROUP
>>>>> server string = BRASCO
>>>>> netbios name = BRASCO
>>>>> interfaces = lo eth0 192.168.1.0/24
>>>>>
>>>>> # logs split per machine
>>>>> log file = /var/log/samba/log.%m
>>>>> # max 50KB per log file, then rotate
>>>>> max log size = 50
>>>>>
>>>>> security = user
>>>>>
>>>>> local master = no
>>>>>
>>>>> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>>>>
>>>>> wins support = no
>>>>> dns proxy = no
>>>>> load printers = no
>>>>> disable spoolss = yes
>>>>> printcap name = /dev/null
>>>>>
>>>>> smb ports = 139
>>>>> username map = /etc/samba/usermap.txt
>>>>>
>>>>> [kirash]
>>>>> path = /opt/backup/kirash
>>>>> comment = Ashley M. Kirchner
>>>>> writable = yes
>>>>> valid users = kirash
>>>>>
>>>>>
>>>>> On Tue, Apr 22, 2014 at 11:56 AM, Marc Muehlfeld <mmuehlfeld at samba.org
>>>>>
>>>>>> wrote:
>>>>>>
>>>>> Hello Ashley,
>>>>>
>>>>>> Am 22.04.2014 19:45, schrieb Ashley M. Kirchner:
>>>>>>
>>>>>> We have an old internal server running samba version 3.2.15 which
>>>>>> can't
>>>>>>
>>>>>>> be
>>>>>>> upgraded for different reasons. It's been running several passwordless
>>>>>>> shares with no problem. Now I'm trying to configure passworded user
>>>>>>> shares
>>>>>>> and not having much luck. I'm wondering if someone can help me
>>>>>>> diagnose
>>>>>>> this:
>>>>>>>
>>>>>>> In smb.conf I have
>>>>>>>
>>>>>>> security = user
>>>>>>> map to guest = Bad user
>>>>>>> ...
>>>>>>> username map = /etc/samba/usermap.txt
>>>>>>>
>>>>>>> The public shares are setup as follows:
>>>>>>> [bda]
>>>>>>> comment = BDA Files
>>>>>>> browseable = yes
>>>>>>> writable = yes
>>>>>>> path = /opt/bda
>>>>>>> guest ok = yes
>>>>>>> public = yes
>>>>>>> read only = no
>>>>>>> force user = nobody
>>>>>>> force group = nobody
>>>>>>> create mask = 0777
>>>>>>> directory mask = 0777
>>>>>>> locking = no
>>>>>>>
>>>>>>> *This all works.*
>>>>>>>
>>>>>>>
>>>>>>> Now for the user shares, I have this:
>>>>>>> [kirash]
>>>>>>> path = /opt/backup/kirash
>>>>>>> comment = Ashley M. Kirchner
>>>>>>> writable = yes
>>>>>>> valid users = kirash
>>>>>>>
>>>>>>> The unix user 'kirash' exists.
>>>>>>> usermap.txt has a line in it that maps the user as follows:
>>>>>>> kirash = AshleyMKirchner
>>>>>>>
>>>>>>> But when I try to access that share from my client I get access
>>>>>>> denied.
>>>>>>>
>>>>>>> Interestingly enough, I have a second samba server with a more recent
>>>>>>> version, 3.6.9 to be exact, with the same exact samba configuration
>>>>>>> and
>>>>>>> that DOES WORK. I can access the share, it asks for the user
>>>>>>> credentials
>>>>>>> (as set on that unix server) and I'm able to log in and access that
>>>>>>> share
>>>>>>> just fine.
>>>>>>>
>>>>>>> So what am I missing on the older server that's causing it to deny
>>>>>>> access?
>>>>>>>
>>>>>>> Note: our network does NOT use any kind of directory or other server
>>>>>>> log
>>>>>>> ins. Each client is on their own.
>>>>>>>
>>>>>>>
>>>>>>> You said the user is existing in unix. But is it also existing in the
>>>>>> samba database? As you haven't posted the complete smb.conf, I guess
>>>>>> you
>>>>>> use tdb. Then have a look at 'smbpasswd' (-e / -a). If Samba uses a
>>>>>> different backend, please provide some more details.
>>>>>>
>>>>>>
>>>>>> Regards,
>>>>>> Marc
>>>>>>
>>>>>>
>>>>>>
>>>>>> You seem to have lost this line:
>>>>>>
>>>>>
>>>> map to guest = Bad user
>>>>
>>>> it was in your first post, this is in man smb.conf:
>>>>
>>>> · Bad User - Means user logins with an invalid password are
>>>> rejected, unless the username does not exist, in which
>>>> case
>>>> it
>>>> is treated as a guest login and mapped into the guest
>>>> account.
>>>>
>>>> So, as you don't have any samba users (and provided you don't have any
>>>> unix users on the machine that is running samba) all users should be able
>>>> to connect.
>>>>
>>>> But then you have the share, where the only valid user is kirash, try
>>>> removing this and then adding 'guest ok = yes'
>>>>
>>>> This should work, unless you have missed telling us something.
>>>>
>>>> Rowland
>>>>
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>
>>>>
>>>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
--
More information about the samba
mailing list