samba - Dec 2007 - A simple stand-alone scenario but "public" share doesn´t work

Dear list,

For a simple home-network i recently installed Debian Etch on an extra
machine to act as server. It stores my mail, it acts as

webserver, firewall, dns-, dhcp- and database-server. All of these
services are running like a charm. The only thing left is

to get samba running. Well, it is running, but to get it running how i
want it to is a different matter i suppose, for i am

quite stuck here.

First, let me explain what i want. On my network there are two users,
"rolf" and "ingrid". I want both these users to have a

personal share on the server as well as a shared directory. Samba
version 3.0.24 is installed on the computer for this. I?ve

added these two statements in my /etc/samba/smb.conf :

[homes]
    comment = Home Directories
    browseable = no
    path=/home/%U/Documents
    writable = yes
    create mask = 0700
    directory mask = 0700

[shared]
    comment = Shared Directories
    browseable = no
    path=/home/samba/Documents
    writable = yes
    create mask = 0770
    directory mask = 0770
    browseable = yes

I added both users to the smb password database using the smbpasswd
command. After booting my windows XP laptop and logging

into the machine (local logon) with the same username-password
combination as i am known on the server i can see the contents

of \\Myservername. I see a share "rolf" and a share
"shared". I can
access the share "rolf" without a problem, and create and

delete content on it. However, i  cannot get into the "shared" share
getting "access denied". The only way to get to the

share is by doing a "chmod 777" on /home/samba . I dislike this idea
very much. The filesystem-rights on this directory on

the server are as follows:

drwxrwx---  3 root       users      4096 2007-12-27 22:43 /home/samba

As such all groupmembers of the group "users" can access the
directory. They can however not access the "share", even though

they are members of the correct group.

While searching for information about this i am drowning in
information about things like authentication, group membership

and uid-to-sid-mapping. So much that i am losing overview. I therefore
have the following questions (to begin with :-) )

1. Should the above setup work and give the users "rolf" and
"ingrid"
to the "shared" share?
2. Is there anybody else, using the same configuration who is willing
to explain how he/she did this?
3. Is there any documentation about setting the described scenario up?

Like i said, I've searched all over the web, but i found it hard to
find relative information. Some documentation i found

seem to suggest that the setup I've described here should simply work.
Other documentation describe setting up a similar

environment, but want to make the server a domain controller,  and the
samba howto gives so much information that a can not

determine what part of this information is relevant.

Thanks in advance,
Rolf Deenen

Rolf Deenen wrote:
>
> [shared]
>    comment = Shared Directories
>    browseable = no   <===============>    path=/home/samba/Documents
>    writable = yes
>    create mask = 0770
>    directory mask = 0770
>    browseable = yes  <===============
????

Ah, yes. Sorry about that. I tinkered so much that i accidentally must  
have placed "browseable" twice in the directive. I don?t think it  
matters much, because later the correct command is given: "browseable  
= yes". I removed the "browseable = no" and restarted samba. It
makes
no difference. Thanks for the reply though.

Rolf

Quoting Yan Seiner <yan@seiner.com>:
> Rolf Deenen wrote:
>>
>> [shared]
>>   comment = Shared Directories
>>   browseable = no   <===============>>  
path=/home/samba/Documents
>>   writable = yes
>>   create mask = 0770
>>   directory mask = 0770
>>   browseable = yes  <===============>
> ????
>
>

Hello Rolf

To share the documents  it is necessary to tell Samba itself who has 
access to the shares.

If your shared users are in group user, you would have to specify in
your share:

valid users = @users
force group = users



alternatively you can specify:

valid users = rolf ingrid


Be sure that rolf and ingrid are in the group users.  "force group" 
ensures that the documents are accessible by the members of the group 
"users" when different users write the documents.

Regards

Markus








Rolf Deenen wrote:
> Ah, yes. Sorry about that. I tinkered so much that i accidentally must 
> have placed "browseable" twice in the directive. I don?t think it
> matters much, because later the correct command is given: "browseable 
> = yes". I removed the "browseable = no" and restarted samba.
It makes
> no difference. Thanks for the reply though.
>
> Rolf
>
> Quoting Yan Seiner <yan@seiner.com>:
>
>> Rolf Deenen wrote:
>>>
>>> [shared]
>>>   comment = Shared Directories
>>>   browseable = no   <===============>>>  
path=/home/samba/Documents
>>>   writable = yes
>>>   create mask = 0770
>>>   directory mask = 0770
>>>   browseable = yes  <===============>>
>> ????
>>
>>
>
> --To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

Dearest list,

Thank you very much for all the helpfull suggestions and tips. As some  
of you pointed out that the config in itself seemed ok, i checked my  
assumptions once more. There i  did a dreadfull discovery. It seems  
both ingrid and rolf weren't members of the group users. I thought i'd  
explicitly made them a member and i thought i had tested it but  
appearently i didn't. No wonder it didn't work...

Please forgive me,
Rolf Deenen

PS. I'll be off line the following days, lashing myself  ;-)

Quoting Rolf Deenen <rdeenen@home.nl>:
> Dear list,
>
> For a simple home-network i recently installed Debian Etch on an extra
> machine to act as server. It stores my mail, it acts as
>
> webserver, firewall, dns-, dhcp- and database-server. All of these
> services are running like a charm. The only thing left is
>
> to get samba running. Well, it is running, but to get it running how i
> want it to is a different matter i suppose, for i am
>
> quite stuck here.
>
> First, let me explain what i want. On my network there are two users,
> "rolf" and "ingrid". I want both these users to have a
>
> personal share on the server as well as a shared directory. Samba
> version 3.0.24 is installed on the computer for this. I?ve
>
> added these two statements in my /etc/samba/smb.conf :
>
> [homes]
>    comment = Home Directories
>    browseable = no
>    path=/home/%U/Documents
>    writable = yes
>    create mask = 0700
>    directory mask = 0700
>
> [shared]
>    comment = Shared Directories
>    browseable = no
>    path=/home/samba/Documents
>    writable = yes
>    create mask = 0770
>    directory mask = 0770
>    browseable = yes
>
> I added both users to the smb password database using the smbpasswd
> command. After booting my windows XP laptop and logging
>
> into the machine (local logon) with the same username-password
> combination as i am known on the server i can see the contents
>
> of \\Myservername. I see a share "rolf" and a share
"shared". I can
> access the share "rolf" without a problem, and create and
>
> delete content on it. However, i  cannot get into the "shared"
share
> getting "access denied". The only way to get to the
>
> share is by doing a "chmod 777" on /home/samba . I dislike this
idea
> very much. The filesystem-rights on this directory on
>
> the server are as follows:
>
> drwxrwx---  3 root       users      4096 2007-12-27 22:43 /home/samba
>
> As such all groupmembers of the group "users" can access the
> directory. They can however not access the "share", even though
>
> they are members of the correct group.
>
> While searching for information about this i am drowning in
> information about things like authentication, group membership
>
> and uid-to-sid-mapping. So much that i am losing overview. I therefore
> have the following questions (to begin with :-) )
>
> 1. Should the above setup work and give the users "rolf" and
"ingrid"
> to the "shared" share?
> 2. Is there anybody else, using the same configuration who is willing
> to explain how he/she did this?
> 3. Is there any documentation about setting the described scenario up?
>
> Like i said, I've searched all over the web, but i found it hard to
> find relative information. Some documentation i found
>
> seem to suggest that the setup I've described here should simply work.
> Other documentation describe setting up a similar
>
> environment, but want to make the server a domain controller,  and the
> samba howto gives so much information that a can not
>
> determine what part of this information is relevant.
>
> Thanks in advance,
> Rolf Deenen
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>