PLEASE HELP ME!!!
For some reason, I can not change any of my shares! I just started trying to
configure samba yesterday.
Here is what I have: (2) Windows 98 SE Systems
(1) Debian 2.2 r 3 Linux System running Samba
The username on the Windows machines is "Name" and I want to be able
to access a few shares on the Samba machine.
So I started configuring the smb.conf file to let me be able to do so but no
matter what I try, I can not change my shares.
I can view them, but not change them. I even made a user on the Linux system
called "Name" and added "Name" as a
Samba user with the password, "password". I have tried everything from
security = share to force user = root! I can't
create files or directories, delete files or directories, or even rename files!
PLEASE help me!!!
Below is my smb.conf
Thanks!
; /etc/smb.conf
;
; Sample configuration file for the Samba suite for Debian GNU/Linux
;
; Please see the manual page for smb.conf for detailed description of
; every parameter.
;
[global]
; printing = bsd
; printcap name = /etc/printcap
; load printers = yes
guest account = nobody
invalid users = root
force user = root
fstype = fat
hosts allow = 1.1.
; "security = user" is always a good idea. This will require a Unix
account
; in this server for every user accessing the server.
security = share
; Change this for the workgroup your Samba server will part of
workgroup = WORKGROUP
server string = %h server (Samba %v)
; If you want Samba to log though syslog only then set the following
; parameter to 'yes'. Please note that logging through syslog in
; Samba is still experimental.
syslog only = no
; We want Samba to log a minimum amount of information to syslog. Everything
; should go to /var/log/{smb,nmb} instead. If you want to log through
; syslog you should set the following parameter to something higher.
syslog = 0;
; This socket options really speed up Samba under Linux, according to my
; own tests.
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096
; Passwords are encrypted by default. This way the latest Windows 95 and NT
; clients can connect to the Samba server with no problems.
encrypt passwords = yes
; It's always a good idea to use a WINS server. If you want this server
; to be the WINS server for your network change the following parameter
; to "yes". Otherwise leave it as "no" and specify your WINS
server
; below (note: only one Samba server can be the WINS server).
; Read BROWSING.txt for more details.
wins support = no
; If this server is not the WINS server then specify who is it and uncomment
; next line.
; wins server = 172.16.0.10
; Please read BROWSING.txt and set the next four parameters according
; to your network setup. There is no valid default so they are commented
; out.
; os level = 0
; domain master = no
; local master = no
; preferred master = no
; What naming service and in what order should we use to resolve host names
; to IP addresses
name resolve order = lmhosts host wins bcast
; This will prevent nmbd to search for NetBIOS names through DNS.
dns proxy = no
; Name mangling options
preserve case = yes
short preserve case = yes
; This boolean parameter controlls whether Samba attempts to sync. the Unix
; password with the SMB password when the encrypted SMB password in the
; /etc/samba/smbpasswd file is changed.
unix password sync = false
; For Unix password sync. to work on a Debian GNU/Linux system, the following
; parameters must be set (thanks to Augustin Luton
; <aluton@hybrigenics.fr> for sending the correct chat script for
; the passwd program in Debian Potato).
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
; The following parameter is useful only if you have the linpopup package
; installed. The samba maintainer and the linpopup maintainer are
; working to ease installation and configuration of linpopup and samba.
; message command = /bin/sh -c '/usr/bin/linpopup "%f"
"%m" %s; rm %s' &
; The default maximum log file size is 5 MBytes. That's too big so this
; next parameter sets it to 1 MByte. Currently, Samba rotates log
; files (/var/log/{smb,nmb} in Debian) when these files reach 1000 KBytes.
; A better solution would be to have Samba rotate the log file upon
; reception of a signal, but for now on, we have to live with this.
max log size = 1000
[homes]
comment = Home Directories
browseable = no
; By default, the home directories are exported read only. Change next
; parameter to "no" if you want to be able to write to them.
read only = no
; File creation mask is set to 0700 for security reasons. If you want to
; create files with group=rw permissions, set next parameter to 0775.
create mask = 0775
; Directory creation mask is set to 0700 for security reasons. If you want to
; create dirs. with group=rw permissions, set next parameter to 0775.
directory mask = 0700
writable = yes
[music]
comment = MP3's
browseable = yes
create mask = 0777
directory mask = 0777
path = /music
create mask = 0777
directory mask = 0777
writable = yes
read only = no
;[printers]
; comment = All Printers
; browseable = no
; path = /tmp
; printable = yes
; public = no
; writable = no
; create mode = 0700
; A sample share for sharing your CD-ROM with others.
;[cdrom]
; comment = Samba server's CD-ROM
; writable = no
; locking = no
; path = /cdrom
; public = yes
;
; The next two parameters show how to auto-mount a CD-ROM when the
; cdrom share is accesed. For this to work /etc/fstab must contain
; an entry like this:
;
; /dev/scd0 /cdrom iso9660 defaults,noauto,ro,user 0 0
;
; The CD-ROM gets unmounted automatically after the connection to the
;
; If you don't want to use auto-mounting/unmounting make sure the CD
; is mounted on /cdrom
;
; preexec = /bin/mount /cdrom
; postexec = /bin/umount /cdrom
-------------- next part --------------
HTML attachment scrubbed and removed
You don't really have to use !!!!! to get help. There is nothing to panic
about.
Likely, you are a new user of linux. Likely, you don't know anything about
permissions and the like, so, I would try the following:
Make up a simple smb.conf, which doesn't involve passwords:
Here is what I do for mine:
[global]
netbios name = JHAMMER6
server string = Samba %v Your Server
security = SHARE
guest account = ftp
read only = No
guest ok = Yes
[public]
comment = Root directory
path = /
create mask = 0766
I think this will let anyone log on to your samba server as a user called
ftp.
ftp has few privileges on your machine. You could make the guest account
some regular user name, just to try things out.
Anyway, you could make the path = some directory like /SambaShares and
chmod 777 /SambaShares (make sure /SambaShares exists).
That should allow everyone to read, write, execute, etc. off the drive.
Naturally, you will want to arrange things to be more secure in the future.
Joel
Joel, This is a nice setup, I've been having problems with passwords too even though I did the samba password thing -- I think my problems are that I took the option with Redhat Linux 7.1 Pro Server install to do password shadowing and MD5 passwords. I think that has caused me a lot of problems. I don't need any security on my samba network except to freeze out anything beyond the Linksys firewall (cable router/firewall). I have a 4 user PC network in my home so all stations are personal family members. Is there a way to modify the below script so that only those hardwardwire-connected to the local ethernet lan have access? Yes, I'm just learning the ropes on sysadmin Linux (although I've been an AIX programmer for over 10 years but never had root authority until I got my Linux machine a month ago). Thanks! Roleigh Martin At 09:40 PM 11/9/01, you wrote:>You don't really have to use !!!!! to get help. There is nothing to panic >about. >Likely, you are a new user of linux. Likely, you don't know anything about >permissions and the like, so, I would try the following: >Make up a simple smb.conf, which doesn't involve passwords: >Here is what I do for mine: >[global] > netbios name = JHAMMER6 > server string = Samba %v Your Server > security = SHARE > guest account = ftp > read only = No > guest ok = Yes > >[public] > comment = Root directory > path = / > create mask = 0766 > >I think this will let anyone log on to your samba server as a user called >ftp. >ftp has few privileges on your machine. You could make the guest account >some regular user name, just to try things out. >Anyway, you could make the path = some directory like /SambaShares and >chmod 777 /SambaShares (make sure /SambaShares exists). >That should allow everyone to read, write, execute, etc. off the drive. >Naturally, you will want to arrange things to be more secure in the future. >Joel > > >--
You can get some security without passwords.
In your [global] place this:
hosts allow = 192.168. 24.101.23.59 127.0.0.
suitably modified for your ip's.
I use the 24. ip for my gateway machine.
You can make samba listen to just one of two NIC's in a double homed
machine. In [global]:
interfaces = 192.168.0.2
makes my gateway machine ignore all internet traffic.
You should arm yourself against NIMDA, which is still alive and well on the
internet. In [global]:
veto files = /*.eml/*.nws/riched20.dll/
veto files = /*.{*}/
You can even have some user or machine based security without passwords.
For example:
comment = Root directory
path = /
read only = Yes
create mask = 0766
include = /usr/local/samba/lib/smb.conf.public.%U
The include statement points to a file based on the name of the user logging
onto the machine:
If it doesn't exist, the global guest account is used.
If it exists, for example: /usr/local/samba/lib/smb.conf.public.jlh
it might contain this:
read only = No
guest = jlh
You can base it on other of the built in variables that samba generates when
a client connects:
client machine NetBios name = cc111111-a (%m) <----Useful
Primary goup name of u = ftp (%G)
IP address of client = 192.168.0.2 (%I) <---Useful
Netbios name of server = jhammer6 (%L)
Internet DNS of client= hammer2.jhammer.org (%M) <---Useful
NIS home directory= jhammer6 (%N)
Protocal level = NT1 (%R)
Current time and date= 2001/11/10 07:54:14 (%T)
Session user name (one the client wanted)= jlh (%U) <--Very useful
Architecture of remote machine= Samba (%a) <---Useful
Process ID of current server= 10428 (%d)
Internet DNS hostname of server= jhammer6 (%h)
Path of services home directory from NIS= (%p)
Samba version= 2.2.1a (%v)
Home directory of user in u= /home/ftp (%H)
Root directory of current service = / (%P)
Name of current service = public (%S)
Primary group name of u in share = ftp (%g)
User name of current service = ftp (%u)
Joel
On Fri, Nov 09, 2001 at 10:36:56PM -0600, Roleigh Martin
wrote:> Joel,
>
> This is a nice setup, I've been having problems with passwords too
> even though I did the samba password thing -- I think my problems
> are that I took the option with Redhat Linux 7.1 Pro Server install
> to do password shadowing and MD5 passwords. I think that has caused
> me a lot of problems. I don't need any security on my samba network
> except to freeze out anything beyond the Linksys firewall (cable
> router/firewall). I have a 4 user PC network in my home so all
> stations are personal family members. Is there a way to modify the
> below script so that only those hardwardwire-connected to the local
> ethernet lan have access?
>
> Yes, I'm just learning the ropes on sysadmin Linux (although I've
been
> an AIX programmer for over 10 years but never had root authority until
> I got my Linux machine a month ago).
>
> Thanks!
>
> Roleigh Martin
>
> At 09:40 PM 11/9/01, you wrote:
> >You don't really have to use !!!!! to get help. There is nothing to
panic
> >about.
> >Likely, you are a new user of linux. Likely, you don't know
anything about
> >permissions and the like, so, I would try the following:
> >Make up a simple smb.conf, which doesn't involve passwords:
> >Here is what I do for mine:
> >[global]
> > netbios name = JHAMMER6
> > server string = Samba %v Your Server
> > security = SHARE
> > guest account = ftp
> > read only = No
> > guest ok = Yes
> >
> >[public]
> > comment = Root directory
> > path = /
> > create mask = 0766
> >
> >I think this will let anyone log on to your samba server as a user
called
> >ftp.
> >ftp has few privileges on your machine. You could make the guest
account
> >some regular user name, just to try things out.
> >Anyway, you could make the path = some directory like /SambaShares and
> >chmod 777 /SambaShares (make sure /SambaShares exists).
> >That should allow everyone to read, write, execute, etc. off the drive.
> >Naturally, you will want to arrange things to be more secure in the
future.
> >Joel
> >
> >
> >--
Thanks for the additional advice Joel. I have gotten Samba to work now, I'm going to use much of your advice. Two questions though: I assume that having this line allows everyone behind my firewall at home in to the system (along with your other lines) and that even though these ip addresses exist behind everybody's firewall that nobody can come into my samba server masquerated as such - in other words -- only people in my house can come in with an ip address of below, correct? hosts allow = 192.168.1. 127. also, when you talk about nimda, you're talking about protection from someone in my house who inadvertently caught the nimda bug, correct? (I take this advice seriously, I opened up my port 80 for 20 minutes once and got flooded with code red, so I shut it down to the internet at that point although my apache server was not vulnerable to it, it was quickly filling up my error log files.) p.s. what's an easy way like you've shown already to allow my linux samba host to see the directories on my samba win98 clients? thanks again Roleigh Martin
No. What this means is this: User fred on a windows (or linux) machine accesses the samba server. His name might be fred. With my set up, samba will make note of that but will assign him the user name of ftp, with all the rights of user ftp, including ftp's group, which is likely also ftp. This will be transparent to to the fred, except for the limitation placed on his actions by being assigned user ftp. Joel On Sat, Nov 10, 2001 at 08:43:17PM -0600, WebSoft wrote:> Oh, okay, thanks, so on the Windows machines will I have to use the account > FTP instead of Name? > > ----- Original Message ----- > From: Joel Hammer <Joel@HammersHome.com> > To: WebSoft <websoft@ix.netcom.com>; <samba@lists.samba.org> > Sent: Friday, November 09, 2001 9:40 PM > Subject: Re: Permissions or what!?! <: \ > > > > You don't really have to use !!!!! to get help. There is nothing to panic > > about. > > Likely, you are a new user of linux. Likely, you don't know anything about > > permissions and the like, so, I would try the following: > > Make up a simple smb.conf, which doesn't involve passwords: > > Here is what I do for mine: > > [global] > > netbios name = JHAMMER6 > > server string = Samba %v Your Server > > security = SHARE > > guest account = ftp > > read only = No > > guest ok = Yes > > > > [public] > > comment = Root directory > > path = / > > create mask = 0766 > > > > I think this will let anyone log on to your samba server as a user called > > ftp. > > ftp has few privileges on your machine. You could make the guest account > > some regular user name, just to try things out. > > Anyway, you could make the path = some directory like /SambaShares and > > chmod 777 /SambaShares (make sure /SambaShares exists). > > That should allow everyone to read, write, execute, etc. off the drive. > > Naturally, you will want to arrange things to be more secure in the > future. > > Joel > >