[Samba] How do users access shares?

Rob Campbell robcampbell08105 at gmail.com
Tue Nov 9 20:43:10 UTC 2021 

My photo editing software won't recognize the network share if it's not
mounted (darktable).


I have samba ad dc and on a different member I have a file server.

Domain Controller = Debian 11 (DC01)
Domain Member (File Server) = Fedora 34 (FS01)
Domain Member (Workstation) = Fedora 34 (F01)

Here are the mount points (F01)

/multimedia/Photos
/multimedia/Movies
/multimedia/Music
/multimedia/Videos

smb.conf (FS01)

# Global parameters
[global]
    dedicated keytab file = /etc/krb5.keytab
    kerberos method = secrets and keytab
    realm = HOME.TEST-SERVER.LAN
    security = ADS
    template homedir = /home/HOME/%U
    template shell = /bin/bash
    username map = /etc/samba/user.map
    winbind refresh tickets = Yes
    winbind use default domain = Yes
    workgroup = HOME
    idmap config * : range = 10000-24999999
    idmap config * : backend = autorid
    map acl inherit = Yes
    vfs objects = acl_xattr


[homes]
    browseable = No
    comment = Home Directories
    read only = No
    valid users = %S


[printers]
    browseable = No
    comment = All Printers
    path = /var/spool/samba
    printable = Yes


[Photos]
    comment = Photos
    inherit acls = Yes
    path = /multimedia/Photos
    read list = "@HOME\Domain Users"
    read only = No
    valid users = "@HOME\Media Admins" @HOME\Photographers
    write list = @HOME\Photographers


[Videos]
    comment = Videos
    inherit acls = Yes
    path = /multimedia/Videos
    read only = No
    valid users = "@HOME\Video Users"


[Movies]
    comment = Videos
    inherit acls = Yes
    path = /multimedia/Movies
    read only = No
    valid users = "@HOME\Domain Users"


[Music]
    comment = Videos
    inherit acls = Yes
    path = /multimedia/Music
    read only = No
    valid users = "@HOME\Domain Users"


[seagate]
    comment = Videos
    inherit acls = Yes
    path = /media/seagate
    read only = No
    valid users = "@HOME\Domain Users"


[Backup]
    comment = Backup
    inherit acls = Yes
    path = /media/Seagate_1
    read only = No
    valid users = "@HOME\Domain Users"

gio mount smb://fs01/photos (F01)

gio: smb://fs01/photos/: Failed to mount Windows share: Permission denied

tail /var/log/messages (F01)

Nov  9 15:29:33 FS01 smbd[799696]: [2021/11/09 15:29:33.316583,  0]
../../source3/smbd/service.c:167(chdir_current_service)
Nov  9 15:29:33 FS01 smbd[799696]:  chdir_current_service:
vfs_ChDir(/multimedia/Photos) failed: Permission denied. Current
token: uid=211104, gid=210513, 8 groups: 211104 210513 211112 211113
109999 109990 109982 10001

Above worked at one time but no longer working

sudo mount -vvv -t cifs //fs01/photos /multimedia/Photos/ -o
credentials=/root/.smb (F01)

domain=FS01
mount.cifs kernel mount options:
ip=10.0.0.10,unc=\\fs01\photos,user=redhat,domain=FS01,pass=********
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and
kernel log messages (dmesg)

dmesg (F01)

[ 7092.213424] CIFS: Attempting to mount \\fs01\photos
[ 7092.222559] CIFS: Status code returned 0xc000006d STATUS_LOGON_FAILURE
[ 7092.222564] CIFS: VFS: \\fs01 Send error in SessSetup = -13
[ 7092.222571] CIFS: VFS: cifs_mount failed w/return code = -13

How do I mount these so that access is controlled by Samba where I would
just need to update the smb.conf with groups to control access?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In all things, Be Intentional.


On Tue, Nov 9, 2021 at 11:25 AM Robert Marcano via samba <
samba at lists.samba.org> wrote:

> On 11/9/21 9:21 AM, Rob Campbell wrote:
> > What I would want is for all users to have a mnt directory in their home
> > that these shares would mount to.  So user 'tester' would have
> > /home/tester/mnt/Photos /home/tester/mnt/Videos /home/tester/mnt/Music.
> > I guess I could create a standard mount point like /mnt/Photos
> > /mnt/Videos /mnt/Music but then, how do I restrict access to what the
> > share says @HOME\"Media Users"?  And how do I do I give write access to
> > only @HOME\"Media Admins"?
> >
> > I used gio mount smb://fs01/Photos and that created the share in
> > Nautilus but I can't use my programs with that.  I tried the symlink ln
> > -s /run/user/2002/gvfs/smb-share\:server\=fs01\,share\=Photos but that
> > symlink didn't work at all.
> >
>
> Please provide more details about "I can't use my programs with that"
> and "symlink didn't work at all" because here any program can use files
> on the mounted directory at /run/user/<uid>/gvfs and even the a link
> testing it here.
>
> What will not happen is the link to automount, you will always need to
> do the gio mount thing, Maybe from a login script.
>
> The idea of these FUSE based tools is for the drives to be mounted on
> demand. The problem start with programs that don't use the current
> desktop way of mounting things, so they don't know how to show these
> mounted directories on their Load/Save dialogs. So I get why you want
> some kind of way to have a known directory inside the user home for
> these files.
>
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > In all things, Be Intentional.
> >
> >
> > On Mon, Nov 8, 2021 at 11:57 PM Robert Marcano via samba
> > <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote:
> >
> >     I forgot to add that if you only want one simple mount, to a fixed
> >     directory but restricted, so not everyone could read or write to it,
> you
> >     can still indicate which user, group, file mode bits, etc, the
> >     mounted file
> >     appear so you can control who can access them.
> >
> >     The options from mount.cifs works for the mount command directly or
> >     to be
> >     set on fstab.
> >
> >     On Mon, Nov 8, 2021, 9:02 PM Robert Marcano
> >     <robert at marcanoonline.com <mailto:robert at marcanoonline.com>>
> >     wrote:
> >
> >      >
> >      >
> >      > On Mon, Nov 8, 2021, 7:02 PM Rob Campbell
> >     <robcampbell08105 at gmail.com <mailto:robcampbell08105 at gmail.com>>
> >      > wrote:
> >      >
> >      >> Thanks Robert.  I have tried that but it requires root or sudo.
> >     OR chmod
> >      >> u+s /bin/mount /bin/umount /usr/sbin/mount.cifs.  But then it
> >     requires I
> >      >> put it in /etc/fstab.  If I do that, it will mount for all
> >     users, right?
> >      >> That's not what I want.
> >      >>
> >      >
> >      > If you want users to be able to mount a share, specially if you
> >     want the
> >      > target directory to be private to each user, you probably will
> >     need to
> >      > check how desktop environments do it for their file managers. I
> >     can only
> >      > talk about GNOME that it is what I use every day.
> >      >
> >      > When you use a file manager like GNOME Files (Nautilus) to access
> >     a smb
> >      > share with a the smb URL scheme (smb://hostname/share), it mounts
> >     a FUSE
> >      > filesystem (file system in userspace) that access the share via a
> >     process
> >      > that uses Samba client libraries.
> >      >
> >      > Maybe you could use gnome-mount or the newer "gio mount", or you
> >     can use
> >      > desktop agnostic FUSE filesystems like smbnetfs or fusesmb.
> >      >
> >      >
> >      >
> >      >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >      >> In all things, Be Intentional.
> >      >>
> >      >>
> >      >> On Mon, Nov 8, 2021 at 3:08 PM Robert Marcano via samba <
> >      >> samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote:
> >      >>
> >      >>> On 11/8/21 11:40 AM, Rob Campbell via samba wrote:
> >      >>> > I am able to smbclient //host/share -U redhat -c 'ls' and
> >     view the
> >      >>> files
> >      >>> > but how do I mount that [as a user]?  All links I find say I
> >     need to
> >      >>> put it
> >      >>> > in /etc/fstab.  If I do that, won't everyone have access?  I
> >     don't want
> >      >>> > that.  You know how you would 'net use' to map in Windows, is
> >     this not
> >      >>> > possible in Linux?
> >      >>> >
> >      >>>
> >      >>> Whe you mount a share on Linux, you are using another client
> >     that is
> >      >>> part of the kernel, not smbclient that is a user space
> >     implementation.
> >      >>>
> >      >>> Try
> >      >>>
> >      >>> mount -t cifs -o username=redhat //host/share /mnt/target_dir
> >      >>>
> >      >>> You will need to have installed the mount.cifs utility. Read
> >     the manual
> >      >>> page of that command if you want to automate more parameters
> >     like the
> >      >>> password.
> >      >>>
> >      >>>
> >      >>> --
> >      >>> To unsubscribe from this list go to the following URL and read
> the
> >      >>> instructions: https://lists.samba.org/mailman/options/samba
> >     <https://lists.samba.org/mailman/options/samba>
> >      >>>
> >      >>
> >     --
> >     To unsubscribe from this list go to the following URL and read the
> >     instructions: https://lists.samba.org/mailman/options/samba
> >     <https://lists.samba.org/mailman/options/samba>
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list