I have a 2Win2k, 1Linux (server) LAN; the server is running FC3 and
Samba 3.0.14a. I am unable to get both users access to their individual
shares. Essentially, I'm working through the Accounting Office example
(pgs 31-35) of John Terpstra's 2004 Samba-3 By Example, and I'm doing
something foolish and wrong on a basic level. I can get access to, and
manipulate the files in, my share (ehines), but neither I, nor the other
user, can get access to the other share (ahines). That I cannot access
the other share is correct by the example, but the other user just gets
an Access Denied error when trying to access her share (the ahines share).
From the Linux box, she can access her share directly (cd and ls both
work), but from her Win2k box, she gets the above error. From my Win2k
box, I see "archive" (the parent directory of the shared directory,
and
the parent share of the "files" share) and "files" (the
subordinate
share) inside lserver1 (lserver1 is the Linux box), and "archive on
lserver1" up above directly inside My Network Places. From her Win2k
box, she sees only lserver1 in MNP, she can see down into her ahines
share, but she cannot access that. If this isn't clear, the directory
structure of the shares is /archive/ehines and /archive/ahines). Logins
and pass words inside smbpasswd match those on our respective Win2k boxes.
Further, when either of us tries to access the share "files," we just
get an incorrect login error and a dialog box inviting us to enter our
login and password again.
Any help would be very much appreciated. My smb.conf follows, and I
apologize for the long-ish post.
# Global parameters
[global]
workgroup = ASTRA_ENT
server string = Samba Server
log file = /var/log/samba/log.smbd
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = /etc/printcap
show add printer wizard = No
dns proxy = No
wins support = Yes
ldap ssl = no
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[archive]
comment = Backup Parent Node
path = /archive
valid users = ehines
read only = No
[ML-1450]
comment = ML-1450
path = /var/spool/samba
read only = No
guest ok = Yes
printable = Yes
printer name = ML-1450
use client driver = Yes
browseable = No
oplocks = No
share modes = No
[files]
comment = The actual backups
path = /archive/%U
valid users = %S
read only = No
On Saturday 23 April 2005 18:50, E Hines wrote:> I have a 2Win2k, 1Linux (server) LAN; the server is running FC3 and > Samba 3.0.14a. I am unable to get both users access to their individual > shares. Essentially, I'm working through the Accounting Office example > (pgs 31-35) of John Terpstra's 2004 Samba-3 By Example, and I'm doing > something foolish and wrong on a basic level. I can get access to, andLet's find out what is wrong.> manipulate the files in, my share (ehines), but neither I, nor the other > user, can get access to the other share (ahines). That I cannot access > the other share is correct by the example, but the other user just gets > an Access Denied error when trying to access her share (the ahines share). > > From the Linux box, she can access her share directly (cd and ls both > work), but from her Win2k box, she gets the above error. From my Win2k > box, I see "archive" (the parent directory of the shared directory, and > the parent share of the "files" share) and "files" (the subordinate > share) inside lserver1 (lserver1 is the Linux box), and "archive on > lserver1" up above directly inside My Network Places. From her Win2k > box, she sees only lserver1 in MNP, she can see down into her ahines > share, but she cannot access that. If this isn't clear, the directory > structure of the shares is /archive/ehines and /archive/ahines). Logins > and pass words inside smbpasswd match those on our respective Win2k boxes. > > Further, when either of us tries to access the share "files," we just > get an incorrect login error and a dialog box inviting us to enter our > login and password again.Try removing the "valid users = %S" parameter. Make certain that the respective users own their directories and have read and write access to it. What happens when you try (from Linux)?: smbclient //lserver1/files -Uehines%password - John T.> > Any help would be very much appreciated. My smb.conf follows, and I > apologize for the long-ish post. > > # Global parameters > [global] > workgroup = ASTRA_ENT > server string = Samba Server > log file = /var/log/samba/log.smbd > max log size = 50 > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > printcap name = /etc/printcap > show add printer wizard = No > dns proxy = No > wins support = Yes > ldap ssl = no > > [printers] > comment = All Printers > path = /var/spool/samba > printable = Yes > browseable = No > > [archive] > comment = Backup Parent Node > path = /archive > valid users = ehines > read only = No > > [ML-1450] > comment = ML-1450 > path = /var/spool/samba > read only = No > guest ok = Yes > printable = Yes > printer name = ML-1450 > use client driver = Yes > browseable = No > oplocks = No > share modes = No > > [files] > comment = The actual backups > path = /archive/%U > valid users = %S > read only = No-- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production.
I set the Windows password for both ehines and ahines with "smbpasswd -a ehines" and "smbpasswd -a annlee" . And I used the same password for smbpasswd as I used for passwd and for the respective Win2k boxes logins/passwords. The usernames also are the same among passwd, smbpasswd, and the Win2k boxes. ehines owns /archive, and annlee and ehines own the ahines and ehines directories, respectively. The permissions are as follows: drwsrws--x 4 ehines backups 4096 Apr 23 16:53 archive drwsrws--x 2 annlee backups 4096 Apr 23 17:54 ahines drwsrws--x 2 ehines backups 4096 Apr 23 17:34 ehines Thanks Eric Hines John H Terpstra wrote:>On Saturday 23 April 2005 20:57, you wrote: > > >>With the "valid users = %S" parameter removed, there is no effect on my >>accesses. However, ahines, from her machine, now gets the incorrect >>login dialog when she tries to access the top level share: archive. >>Furthermore, I now can get directly into my shared directory (ehines) >>directly via the "files" share, as well as by burrowing down from >>"archive/ehines." ahines still sees, though both "archive" and "files," >>and I still see "archive on lserver1" at the top. >> >>Both users have read/write/sticky bit for user and group for their >>respective directories, and both users are in the same group (backups). >>Other has execute only. >> >>smbclient //lserver1/files -Uehines%password gives me >>NT_STATUS_LOGON_FAILURE. I get the same thing when I use root or ahines >>vice ehines. >> >> > >OK. Have you set the Windows password with?: > > smbpasswd -a ehines > >In executing the smbclient command, did you use the password you entered when >the Windows user account was added to smbpasswd using this command? > >What is the ownership of the /archive directory? What are its permissions? > >- John T. > > > >>Thanks for your help. >> >>Eric Hines >> >>John H Terpstra wrote: >> >> >>>On Saturday 23 April 2005 18:50, E Hines wrote: >>> >>> >>>>I have a 2Win2k, 1Linux (server) LAN; the server is running FC3 and >>>>Samba 3.0.14a. I am unable to get both users access to their individual >>>>shares. Essentially, I'm working through the Accounting Office example >>>>(pgs 31-35) of John Terpstra's 2004 Samba-3 By Example, and I'm doing >>>>something foolish and wrong on a basic level. I can get access to, and >>>> >>>> >>>Let's find out what is wrong. >>> >>> >>> >>>>manipulate the files in, my share (ehines), but neither I, nor the other >>>>user, can get access to the other share (ahines). That I cannot access >>>>the other share is correct by the example, but the other user just gets >>>>an Access Denied error when trying to access her share (the ahines >>>>share). >>>> >>>><snip> >>>> >>>> >>>Try removing the "valid users = %S" parameter. >>> >>>Make certain that the respective users own their directories and have read >>>and write access to it. >>> >>>What happens when you try (from Linux)?: >>> >>> smbclient //lserver1/files -Uehines%password >>> >>>- John T. >>> >>> >><snip> >> >> > > >
Sorry I didn't get back into this for a week--I've been fighting a bug
of a different sort.
Some background/refresher: lserver1 is my Linux box and is the one
running Samba 3.0.14a. mustelidae is a Win2k box, user name ehines.
jupiter is a Win2k box, user name annlee. Both users and their
respective Win2k passwords have been added to smbpasswd. master is the
primary share that's been set up, with authorized users ehines and
annlee and path /archive; files is a subordinate share that's been set
up with authorized users %S and path /archive /%U. The problem is that
I have set up a couple of shares IAW Example 2.4 (or so I thought) of
JHT's Samba-3 by Example, but only ehines can get access--annlee cannot.
And in running the suggested diagnostics, I've discovered that ehines
can get access from jupiter as well as from mustelidae.
It appears that the solution to this was even more basic than the checks
from your referenced docs: I needed to be running winbind, also. This
is a pretty basic mistake, but for someone as new to this stuff as I am,
I must have missed something in the docs that would have made it clear
that I had to be running winbind as well as smb in order for shares to
work. Of course, it also wouldn't be the first time I've "missed
something in the docs" that I should not have missed or should not have
misunderstood.
However, in addition to the question implied at the end of the second
para (why could ehines get in from annlee's machine), if winbind is key
to all of this, why was ehines able to get in at all, and not annlee?
Thanks for your help.
Eric Hines
> The log you sent is not particularly helpful as it looks like some vitals
were
> missed. Suggest you read through the Samba-HOWTO-Collection sections on
> Installation and on Diagnoostics/Debugging - it will help you to isolate
the
> problem.
>
> You can obtain the latest version of both the HOWTO and the "Samba-3
by
> Example" from:
>
> http://www.samba.org/samba/docs/Samba-Guide.pdf
> http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
>
> - John T.
>
>
> > >
> > >