[Samba] Cannot access server error
linux at kukkukk.com
Sat Jan 3 14:26:47 MST 2015
Am 31.12.2014 um 19:25 schrieb Stef:
> I'm having a peculiar problem with my Samba server and have not been able
> to figure out how to solve it. I've had this server for a very long time,
> but recently the main hard drive failed and I only kept backups of the user
> files. I set the server back up with Debian Wheezy and Samba 3.6.6.
> My problem is as follows:
> I have 4 Unix users and groups:
> user1:group1 (admin account, so has a different primary group but also
> belongs to "users" group)
> user2:users (regular user)
> user3:users (regular user)
> public:public (public account, home dir = /home/public, shell = /bin/false)
> Of those, 3 have corresponding Samba users: user1, user2 and user3.
> My smb.conf file looks like (created with testparm -s smb.conf.master >
> workgroup = HOME
> server string = %h server
> map to guest = Bad User
> obey pam restrictions = Yes
> guest account = public
> pam password change = Yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> unix password sync = Yes
> syslog = 0
> log file = /var/log/samba/log.%m
> max log size = 1000
> printcap name = cups
> dns proxy = No
> usershare allow guests = Yes
> panic action = /usr/share/samba/panic-action %d
> idmap config * : backend = tdb
> comment = Home Directories
> valid users = %S
> read only = No
> create mask = 0700
> directory mask = 0700
> browseable = No
> [Public Share]
> path = /home/public
> guest ok = Yes
> comment = All Printers
> path = /var/spool/samba
> create mask = 0700
> printable = Yes
> print ok = Yes
> browseable = No
> comment = Printer Drivers
> path = /var/lib/samba/printers
> I can successfully log into all 3 regular user's home directory with their
> corresponding user names and passwords. That is, whenever I access
> \\SERVER\user1 from Windows 7, I type the username and password and can
> access that user's home dir.
> I can also see "Public Share" out of the list of network folders whenever I
> go to \\SERVER\. In /home/public, I have 2 symlinks: 1. Music ->
> ../user1/Music and 2. Videos -> ../user1/Videos. If I browser the "Public
> Share" folder, and try to access those 2 "folders" (which are really
> symlinks to folders) I get the following error on Windows:
> Windows cannot access \\server\Public Share\Music
> You do not have permission to access \\server\Public Share\Music. Contact
> your network administrator to request access.
> While troubleshooting this problem, I also tried to create a symlink
> /home/user1/somedir -> ../user2/somedir and get the same error.
> The users also belong to the same users group, and permissions are all set
> to 755 for dirs and 644 for files.
> I've tried searching all over the internet for a similar issue but keep
> coming up blank.
> Does anyone here have any idea where I am going wrong?
your used symbolic links point *outside* the shared path, also known
as "wide links".
Cause symlinks are handled differently for connecting *nix vs windows users
when "unix extensions = yes" (default) is set, security issues arise
for the *nix users.
So when you only have windows users (or your *nix users don't need the unix
extensions), do the following:
unix extensions = no
Inside your [share] sections, where you want "wide links", set
follow symlinks = yes # is default, but set it for clarity
wide links = yes
Also have a close look to "man smb.conf" about these parameters!
When "unix extensions = yes" is set, wide links are automatically *disabled*.
Because some users wished to have this *insecure* settings, it was implemented:
allow insecure wide links (G)
which allows wide links even when unix extensions are set.
More information about the samba