samba - Dec 2016 - Why I can not login my shared folder under samba + CentOS 7

Following is output of smbclient -L \\127.0.0.1  -U test1:



    Sharename       Type      Comment
    ---------       ----      -------
    data            Disk      data
    IPC$            IPC       IPC Service (Samba Server Version 4.2.10)
    test1           Disk      Home Directories
    hp5550-1:7      Printer   hp5550-1
    e-STUDIO283:2   Printer   e-STUDIO283
    FX3D490A:3      Printer   FX3D490A
    HPCP2025:9      Printer   HPCP2025
    HPM2727:10      Printer   HPM2727
    hp5550-2:8      Printer   hp5550-2
    hp-color-LaserJet-5550-172-16-10-214:4 Printer  
hp-color-LaserJet-5550-172-16-10-214
    ML-1660-Series:1 Printer   ML-1660-Series
    ML-1660-Series:11 Printer   ML-1660-Series
    topdf:12        Printer   topdf
    HP5100:6        Printer   HP5100
    hp5000-1:5      Printer   hp5000-1

    Server               Comment
    ---------            -------
    LOCALHOST            Samba Server Version 4.2.10

    Workgroup            Master
    ---------            -------
    MYGROUP              LOCALHOST


And following is content of my smb.conf under /etc/samba:


# This is the main Samba configuration file. For detailed information about the
# options listed here, refer to the smb.conf(5) manual page. Samba has a huge
# number of configurable options, most of which are not shown in this example.
#
# The Official Samba 3.2.x HOWTO and Reference Guide contains step-by-step
# guides for installing, configuring, and using Samba:
# http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
#
# The Samba-3 by Example guide has working examples for smb.conf. This guide is
# generated daily: http://www.samba.org/samba/docs/Samba-Guide.pdf
#
# In this file, lines starting with a semicolon (;) or a hash (#) are
# comments and are ignored. This file uses hashes to denote commentary and
# semicolons for parts of the file you may wish to configure.
#
# Note: Run the "testparm" command after modifying this file to check
for basic
# syntax errors.
#
#---------------
# Security-Enhanced Linux (SELinux) Notes:
#
# Turn the samba_domain_controller Boolean on to allow Samba to use the useradd
# and groupadd family of binaries. Run the following command as the root user to
# turn this Boolean on:
# setsebool -P samba_domain_controller on
#
# Turn the samba_enable_home_dirs Boolean on if you want to share home
# directories via Samba. Run the following command as the root user to turn this
# Boolean on:
# setsebool -P samba_enable_home_dirs on
#
# If you create a new directory, such as a new top-level directory, label it
# with samba_share_t so that SELinux allows Samba to read and write to it. Do
# not label system directories, such as /etc/ and /home/, with samba_share_t, as
# such directories should already have an SELinux label.
#
# Run the "ls -ldZ /path/to/directory" command to view the current
SELinux
# label for a given directory.
#
# Set SELinux labels only on files and directories you have created. Use the
# chcon command to temporarily change a label:
# chcon -t samba_share_t /path/to/directory
#
# Changes made via chcon are lost when the file system is relabeled or commands
# such as restorecon are run.
#
# Use the samba_export_all_ro or samba_export_all_rw Boolean to share system
# directories. To share such directories and only allow read-only permissions:
# setsebool -P samba_export_all_ro on
# To share such directories and allow read and write permissions:
# setsebool -P samba_export_all_rw on
#
# To run scripts (preexec/root prexec/print command/...), copy them to the
# /var/lib/samba/scripts/ directory so that SELinux will allow smbd to run them.
# Note that if you move the scripts to /var/lib/samba/scripts/, they retain
# their existing SELinux labels, which may be labels that SELinux does not allow
# smbd to run. Copying the scripts will result in the correct SELinux labels.
# Run the "restorecon -R -v /var/lib/samba/scripts" command as the
root user to
# apply the correct SELinux labels to these files.
#
#--------------
#
#======================= Global Settings ====================================
[global]

# ----------------------- Network-Related Options -------------------------
#
# workgroup = the Windows NT domain name or workgroup name, for example,
MYGROUP.
#
# server string = the equivalent of the Windows NT Description field.
#
# netbios name = used to specify a server name that is not tied to the hostname.
#
# interfaces = used to configure Samba to listen on multiple network interfaces.
# If you have multiple interfaces, you can use the "interfaces ="
option to
# configure which of those interfaces Samba listens on. Never omit the localhost
# interface (lo).
#
# hosts allow = the hosts allowed to connect. This option can also be used on a
# per-share basis.
#
# hosts deny = the hosts not allowed to connect. This option can also be used on
# a per-share basis.
#
# max protocol = used to define the supported protocol. The default is NT1. You
# can set it to SMB2 if you want experimental SMB2 support.
#
    workgroup = MYGROUP
    server string = Samba Server Version %v

;    netbios name = MYSERVER

;    interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
;    hosts allow = 127. 192.168.12. 192.168.13.

;    max protocol = SMB2

# --------------------------- Logging Options -----------------------------
#
# log file = specify where log files are written to and how they are split.
#
# max log size = specify the maximum size log files are allowed to reach. Log
# files are rotated when they reach the size specified with "max log
size".
#

    # log files split per-machine:
    log file = /var/log/samba/log.%m
    # maximum size of 50KB per log file, then rotate:
    max log size = 50

# ----------------------- Standalone Server Options ------------------------
#
# security = the mode Samba runs in. This can be set to user, share
# (deprecated), or server (deprecated).
#
# passdb backend = the backend used to store user information in. New
# installations should use either tdbsam or ldapsam. No additional configuration
# is required for tdbsam. The "smbpasswd" utility is available for
backwards
# compatibility.
#

    security = user
    passdb backend = tdbsam


# ----------------------- Domain Members Options ------------------------
#
# security = must be set to domain or ads.
#
# passdb backend = the backend used to store user information in. New
# installations should use either tdbsam or ldapsam. No additional configuration
# is required for tdbsam. The "smbpasswd" utility is available for
backwards
# compatibility.
#
# realm = only use the realm option when the "security = ads" option
is set.
# The realm option specifies the Active Directory realm the host is a part of.
#
# password server = only use this option when the "security = server"
# option is set, or if you cannot use DNS to locate a Domain Controller. The
# argument list can include My_PDC_Name, [My_BDC_Name], and [My_Next_BDC_Name]:
#
# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
#
# Use "password server = *" to automatically locate Domain
Controllers.

;    security = domain
;    passdb backend = tdbsam
;    realm = MY_REALM

;    password server = <NT-Server-Name>

# ----------------------- Domain Controller Options ------------------------
#
# security = must be set to user for domain controllers.
#
# passdb backend = the backend used to store user information in. New
# installations should use either tdbsam or ldapsam. No additional configuration
# is required for tdbsam. The "smbpasswd" utility is available for
backwards
# compatibility.
#
# domain master = specifies Samba to be the Domain Master Browser, allowing
# Samba to collate browse lists between subnets. Do not use the "domain
master"
# option if you already have a Windows NT domain controller performing this
task.
#
# domain logons = allows Samba to provide a network logon service for Windows
# workstations.
#
# logon script = specifies a script to run at login time on the client. These
# scripts must be provided in a share named NETLOGON.
#
# logon path = specifies (with a UNC path) where user profiles are stored.
#
#
;    security = user
;    passdb backend = tdbsam

;    domain master = yes
;    domain logons = yes

    # the following login script name is determined by the machine name
    # (%m):
;    logon script = %m.bat
    # the following login script name is determined by the UNIX user used:
;    logon script = %u.bat
;    logon path = \\%L\Profiles\%u
    # use an empty path to disable profile support:
;    logon path 
    # various scripts can be used on a domain controller or a stand-alone
    # machine to add or delete corresponding UNIX accounts:

;    add user script = /usr/sbin/useradd "%u" -n -g users
;    add group script = /usr/sbin/groupadd "%g"
;    add machine script = /usr/sbin/useradd -n -c "Workstation (%u)"
-M -d /nohome -s /bin/false "%u"
;    delete user script = /usr/sbin/userdel "%u"
;    delete user from group script = /usr/sbin/userdel "%u"
"%g"
;    delete group script = /usr/sbin/groupdel "%g"


# ----------------------- Browser Control Options ----------------------------
#
# local master = when set to no, Samba does not become the master browser on
# your network. When set to yes, normal election rules apply.
#
# os level = determines the precedence the server has in master browser
# elections. The default value should be reasonable.
#
# preferred master = when set to yes, Samba forces a local browser election at
# start up (and gives itself a slightly higher chance of winning the election).
#
;    local master = no
;    os level = 33
;    preferred master = yes

#----------------------------- Name Resolution -------------------------------
#
# This section details the support for the Windows Internet Name Service (WINS).
#
# Note: Samba can be either a WINS server or a WINS client, but not both.
#
# wins support = when set to yes, the NMBD component of Samba enables its WINS
# server.
#
# wins server = tells the NMBD component of Samba to be a WINS client.
#
# wins proxy = when set to yes, Samba answers name resolution queries on behalf
# of a non WINS capable client. For this to work, there must be at least one
# WINS server on the network. The default is no.
#
# dns proxy = when set to yes, Samba attempts to resolve NetBIOS names via DNS
# nslookups.

;    wins support = yes
;    wins server = w.x.y.z
;    wins proxy = yes

;    dns proxy = yes

# --------------------------- Printing Options -----------------------------
#
# The options in this section allow you to configure a non-default printing
# system.
#
# load printers = when set you yes, the list of printers is automatically
# loaded, rather than setting them up individually.
#
# cups options = allows you to pass options to the CUPS library. Setting this
# option to raw, for example, allows you to use drivers on your Windows clients.
#
# printcap name = used to specify an alternative printcap file.
#

    load printers = yes
    cups options = raw

;    printcap name = /etc/printcap
    # obtain a list of printers automatically on UNIX System V systems:
;    printcap name = lpstat
;    printing = cups

# --------------------------- File System Options ---------------------------
#
# The options in this section can be un-commented if the file system supports
# extended attributes, and those attributes are enabled (usually via the
# "user_xattr" mount option). These options allow the administrator to
specify
# that DOS attributes are stored in extended attributes and also make sure that
# Samba does not change the permission bits.
#
# Note: These options can be used on a per-share basis. Setting them globally
# (in the [global] section) makes them the default for all shares.

;    map archive = no
;    map hidden = no
;    map read only = no
;    map system = no
;    store dos attributes = yes


#============================ Share Definitions =============================
[homes]
    comment = Home Directories
    browseable = no
    writable = yes
;    valid users = %S
;    valid users = MYDOMAIN\%S

[printers]
    comment = All Printers
    path = /var/spool/samba
    browseable = no
    guest ok = no
    writable = no
    printable = yes

# Un-comment the following and create the netlogon directory for Domain Logons:
;    [netlogon]
;    comment = Network Logon Service
;    path = /var/lib/samba/netlogon
;    guest ok = yes
;    writable = no
;    share modes = no

# Un-comment the following to provide a specific roving profile share.
# The default is to use the user's home directory:
;    [Profiles]
;    path = /var/lib/samba/profiles
;    browseable = no
;    guest ok = yes

# A publicly accessible directory that is read only, except for users in the
# "staff" group (which have write permissions):
;    [public]
;    comment = Public Stuff
;    path = /home/samba
;    public = yes
;    writable = yes
;    printable = no
;    write list = +staff

[data]
    comment = data
    path = /home/myname/data
    valid users = test1
    write list = test1
    create mask = 0754
    sync always = Yes
;    hide dot files = yes
;    writeable = no
;    browseable = yes


Thanks








在 2016-12-02 00:02:41，"Gaiseric Vandal via samba" <samba at
lists.samba.org> 写道：
>Did you configure this as a domain controller or a domain member ?  Or 
>this just a standalone machine.
>
> From the command line  can you try the following
>
>     smbclient -L \\127.0.0.1  -U test1
>
>or maybe
>
>     smbclient -d3 -L \\127.0.0.1  -U test1
>
>
>You may also want to try 'MACHINENAME\test1' as the user name.
>
>
>
>
>
>On 12/01/16 10:17, truename via samba wrote:
>> Hi,
>>
>> I install samba by:
>>
>> sudo yum install samba.x86_64
>>
>> I edit /etc/samba/smb.conf by adding follows：
>>
>> [data]
>>      comment = data
>>      path = /home/myname/data
>>      valid users = test1
>>      write list = test1
>>      create mask = 0754
>>      sync always = Yes
>> ;    hide dot files = yes
>> ;    writeable = no
>> ;    browseable = yes
>>
>> Then take effect my config:
>>
>> service smb restart
>>
>> I create shared folder:
>>
>> cd ~
>> mkdir data
>>
>> I create user:
>>
>> useradd test1
>> smbpasswd -a test1
>> <then password>
>>
>>
>> Then I open my file manager and input:
>>
>> smb://127.0.0.1
>>
>> A login form popup, I enter username: test1 and the password, the login
form returns again, I found I can not enter the shared folder by that account.
>>
>> Thanks
>
>
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba

Are you able to access the share from a windows PC?        When 
accessing from Linux are you using Nautilus or some other file manager 
?      I don't know if nautilus uses the underlying samba  libraries or 
might have its own libraries access samba / windows shares.     I think 
it uses the same libraries that smbclient would use.


you may want to set
     max protocol=NT1




On 12/01/16 15:39, truename via samba wrote:
> Following is output of smbclient -L \\127.0.0.1  -U test1:
>
>
>
>      Sharename       Type      Comment
>      ---------       ----      -------
>      data            Disk      data
>      IPC$            IPC       IPC Service (Samba Server Version 4.2.10)
>      test1           Disk      Home Directories
>      hp5550-1:7      Printer   hp5550-1
>      e-STUDIO283:2   Printer   e-STUDIO283
>      FX3D490A:3      Printer   FX3D490A
>      HPCP2025:9      Printer   HPCP2025
>      HPM2727:10      Printer   HPM2727
>      hp5550-2:8      Printer   hp5550-2
>      hp-color-LaserJet-5550-172-16-10-214:4 Printer  
hp-color-LaserJet-5550-172-16-10-214
>      ML-1660-Series:1 Printer   ML-1660-Series
>      ML-1660-Series:11 Printer   ML-1660-Series
>      topdf:12        Printer   topdf
>      HP5100:6        Printer   HP5100
>      hp5000-1:5      Printer   hp5000-1
>
>      Server               Comment
>      ---------            -------
>      LOCALHOST            Samba Server Version 4.2.10
>
>      Workgroup            Master
>      ---------            -------
>      MYGROUP              LOCALHOST
>
>
> And following is content of my smb.conf under /etc/samba:
>
>
> # This is the main Samba configuration file. For detailed information about
the
> # options listed here, refer to the smb.conf(5) manual page. Samba has a
huge
> # number of configurable options, most of which are not shown in this
example.
> #
> # The Official Samba 3.2.x HOWTO and Reference Guide contains step-by-step
> # guides for installing, configuring, and using Samba:
> # http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
> #
> # The Samba-3 by Example guide has working examples for smb.conf. This
guide is
> # generated daily: http://www.samba.org/samba/docs/Samba-Guide.pdf
> #
> # In this file, lines starting with a semicolon (;) or a hash (#) are
> # comments and are ignored. This file uses hashes to denote commentary and
> # semicolons for parts of the file you may wish to configure.
> #
> # Note: Run the "testparm" command after modifying this file to
check for basic
> # syntax errors.
> #
> #---------------
> # Security-Enhanced Linux (SELinux) Notes:
> #
> # Turn the samba_domain_controller Boolean on to allow Samba to use the
useradd
> # and groupadd family of binaries. Run the following command as the root
user to
> # turn this Boolean on:
> # setsebool -P samba_domain_controller on
> #
> # Turn the samba_enable_home_dirs Boolean on if you want to share home
> # directories via Samba. Run the following command as the root user to turn
this
> # Boolean on:
> # setsebool -P samba_enable_home_dirs on
> #
> # If you create a new directory, such as a new top-level directory, label
it
> # with samba_share_t so that SELinux allows Samba to read and write to it.
Do
> # not label system directories, such as /etc/ and /home/, with
samba_share_t, as
> # such directories should already have an SELinux label.
> #
> # Run the "ls -ldZ /path/to/directory" command to view the
current SELinux
> # label for a given directory.
> #
> # Set SELinux labels only on files and directories you have created. Use
the
> # chcon command to temporarily change a label:
> # chcon -t samba_share_t /path/to/directory
> #
> # Changes made via chcon are lost when the file system is relabeled or
commands
> # such as restorecon are run.
> #
> # Use the samba_export_all_ro or samba_export_all_rw Boolean to share
system
> # directories. To share such directories and only allow read-only
permissions:
> # setsebool -P samba_export_all_ro on
> # To share such directories and allow read and write permissions:
> # setsebool -P samba_export_all_rw on
> #
> # To run scripts (preexec/root prexec/print command/...), copy them to the
> # /var/lib/samba/scripts/ directory so that SELinux will allow smbd to run
them.
> # Note that if you move the scripts to /var/lib/samba/scripts/, they retain
> # their existing SELinux labels, which may be labels that SELinux does not
allow
> # smbd to run. Copying the scripts will result in the correct SELinux
labels.
> # Run the "restorecon -R -v /var/lib/samba/scripts" command as
the root user to
> # apply the correct SELinux labels to these files.
> #
> #--------------
> #
> #======================= Global Settings
====================================>
> [global]
>
> # ----------------------- Network-Related Options -------------------------
> #
> # workgroup = the Windows NT domain name or workgroup name, for example,
MYGROUP.
> #
> # server string = the equivalent of the Windows NT Description field.
> #
> # netbios name = used to specify a server name that is not tied to the
hostname.
> #
> # interfaces = used to configure Samba to listen on multiple network
interfaces.
> # If you have multiple interfaces, you can use the "interfaces ="
option to
> # configure which of those interfaces Samba listens on. Never omit the
localhost
> # interface (lo).
> #
> # hosts allow = the hosts allowed to connect. This option can also be used
on a
> # per-share basis.
> #
> # hosts deny = the hosts not allowed to connect. This option can also be
used on
> # a per-share basis.
> #
> # max protocol = used to define the supported protocol. The default is NT1.
You
> # can set it to SMB2 if you want experimental SMB2 support.
> #
>      workgroup = MYGROUP
>      server string = Samba Server Version %v
>
> ;    netbios name = MYSERVER
>
> ;    interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
> ;    hosts allow = 127. 192.168.12. 192.168.13.
>
> ;    max protocol = SMB2
>
> # --------------------------- Logging Options -----------------------------
> #
> # log file = specify where log files are written to and how they are split.
> #
> # max log size = specify the maximum size log files are allowed to reach.
Log
> # files are rotated when they reach the size specified with "max log
size".
> #
>
>      # log files split per-machine:
>      log file = /var/log/samba/log.%m
>      # maximum size of 50KB per log file, then rotate:
>      max log size = 50
>
> # ----------------------- Standalone Server Options
------------------------
> #
> # security = the mode Samba runs in. This can be set to user, share
> # (deprecated), or server (deprecated).
> #
> # passdb backend = the backend used to store user information in. New
> # installations should use either tdbsam or ldapsam. No additional
configuration
> # is required for tdbsam. The "smbpasswd" utility is available
for backwards
> # compatibility.
> #
>
>      security = user
>      passdb backend = tdbsam
>
>
> # ----------------------- Domain Members Options ------------------------
> #
> # security = must be set to domain or ads.
> #
> # passdb backend = the backend used to store user information in. New
> # installations should use either tdbsam or ldapsam. No additional
configuration
> # is required for tdbsam. The "smbpasswd" utility is available
for backwards
> # compatibility.
> #
> # realm = only use the realm option when the "security = ads"
option is set.
> # The realm option specifies the Active Directory realm the host is a part
of.
> #
> # password server = only use this option when the "security =
server"
> # option is set, or if you cannot use DNS to locate a Domain Controller.
The
> # argument list can include My_PDC_Name, [My_BDC_Name], and
[My_Next_BDC_Name]:
> #
> # password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
> #
> # Use "password server = *" to automatically locate Domain
Controllers.
>
> ;    security = domain
> ;    passdb backend = tdbsam
> ;    realm = MY_REALM
>
> ;    password server = <NT-Server-Name>
>
> # ----------------------- Domain Controller Options
------------------------
> #
> # security = must be set to user for domain controllers.
> #
> # passdb backend = the backend used to store user information in. New
> # installations should use either tdbsam or ldapsam. No additional
configuration
> # is required for tdbsam. The "smbpasswd" utility is available
for backwards
> # compatibility.
> #
> # domain master = specifies Samba to be the Domain Master Browser, allowing
> # Samba to collate browse lists between subnets. Do not use the
"domain master"
> # option if you already have a Windows NT domain controller performing this
task.
> #
> # domain logons = allows Samba to provide a network logon service for
Windows
> # workstations.
> #
> # logon script = specifies a script to run at login time on the client.
These
> # scripts must be provided in a share named NETLOGON.
> #
> # logon path = specifies (with a UNC path) where user profiles are stored.
> #
> #
> ;    security = user
> ;    passdb backend = tdbsam
>
> ;    domain master = yes
> ;    domain logons = yes
>
>      # the following login script name is determined by the machine name
>      # (%m):
> ;    logon script = %m.bat
>      # the following login script name is determined by the UNIX user used:
> ;    logon script = %u.bat
> ;    logon path = \\%L\Profiles\%u
>      # use an empty path to disable profile support:
> ;    logon path >
>      # various scripts can be used on a domain controller or a stand-alone
>      # machine to add or delete corresponding UNIX accounts:
>
> ;    add user script = /usr/sbin/useradd "%u" -n -g users
> ;    add group script = /usr/sbin/groupadd "%g"
> ;    add machine script = /usr/sbin/useradd -n -c "Workstation
(%u)" -M -d /nohome -s /bin/false "%u"
> ;    delete user script = /usr/sbin/userdel "%u"
> ;    delete user from group script = /usr/sbin/userdel "%u"
"%g"
> ;    delete group script = /usr/sbin/groupdel "%g"
>
>
> # ----------------------- Browser Control Options
----------------------------
> #
> # local master = when set to no, Samba does not become the master browser
on
> # your network. When set to yes, normal election rules apply.
> #
> # os level = determines the precedence the server has in master browser
> # elections. The default value should be reasonable.
> #
> # preferred master = when set to yes, Samba forces a local browser election
at
> # start up (and gives itself a slightly higher chance of winning the
election).
> #
> ;    local master = no
> ;    os level = 33
> ;    preferred master = yes
>
> #----------------------------- Name Resolution
-------------------------------
> #
> # This section details the support for the Windows Internet Name Service
(WINS).
> #
> # Note: Samba can be either a WINS server or a WINS client, but not both.
> #
> # wins support = when set to yes, the NMBD component of Samba enables its
WINS
> # server.
> #
> # wins server = tells the NMBD component of Samba to be a WINS client.
> #
> # wins proxy = when set to yes, Samba answers name resolution queries on
behalf
> # of a non WINS capable client. For this to work, there must be at least
one
> # WINS server on the network. The default is no.
> #
> # dns proxy = when set to yes, Samba attempts to resolve NetBIOS names via
DNS
> # nslookups.
>
> ;    wins support = yes
> ;    wins server = w.x.y.z
> ;    wins proxy = yes
>
> ;    dns proxy = yes
>
> # --------------------------- Printing Options
-----------------------------
> #
> # The options in this section allow you to configure a non-default printing
> # system.
> #
> # load printers = when set you yes, the list of printers is automatically
> # loaded, rather than setting them up individually.
> #
> # cups options = allows you to pass options to the CUPS library. Setting
this
> # option to raw, for example, allows you to use drivers on your Windows
clients.
> #
> # printcap name = used to specify an alternative printcap file.
> #
>
>      load printers = yes
>      cups options = raw
>
> ;    printcap name = /etc/printcap
>      # obtain a list of printers automatically on UNIX System V systems:
> ;    printcap name = lpstat
> ;    printing = cups
>
> # --------------------------- File System Options
---------------------------
> #
> # The options in this section can be un-commented if the file system
supports
> # extended attributes, and those attributes are enabled (usually via the
> # "user_xattr" mount option). These options allow the
administrator to specify
> # that DOS attributes are stored in extended attributes and also make sure
that
> # Samba does not change the permission bits.
> #
> # Note: These options can be used on a per-share basis. Setting them
globally
> # (in the [global] section) makes them the default for all shares.
>
> ;    map archive = no
> ;    map hidden = no
> ;    map read only = no
> ;    map system = no
> ;    store dos attributes = yes
>
>
> #============================ Share Definitions
=============================>
> [homes]
>      comment = Home Directories
>      browseable = no
>      writable = yes
> ;    valid users = %S
> ;    valid users = MYDOMAIN\%S
>
> [printers]
>      comment = All Printers
>      path = /var/spool/samba
>      browseable = no
>      guest ok = no
>      writable = no
>      printable = yes
>
> # Un-comment the following and create the netlogon directory for Domain
Logons:
> ;    [netlogon]
> ;    comment = Network Logon Service
> ;    path = /var/lib/samba/netlogon
> ;    guest ok = yes
> ;    writable = no
> ;    share modes = no
>
> # Un-comment the following to provide a specific roving profile share.
> # The default is to use the user's home directory:
> ;    [Profiles]
> ;    path = /var/lib/samba/profiles
> ;    browseable = no
> ;    guest ok = yes
>
> # A publicly accessible directory that is read only, except for users in
the
> # "staff" group (which have write permissions):
> ;    [public]
> ;    comment = Public Stuff
> ;    path = /home/samba
> ;    public = yes
> ;    writable = yes
> ;    printable = no
> ;    write list = +staff
>
> [data]
>      comment = data
>      path = /home/myname/data
>      valid users = test1
>      write list = test1
>      create mask = 0754
>      sync always = Yes
> ;    hide dot files = yes
> ;    writeable = no
> ;    browseable = yes
>
>
> Thanks
>
>
>
>
>
>
>
>
> 在 2016-12-02 00:02:41，"Gaiseric Vandal via samba" <samba at
lists.samba.org> 写道：
>> Did you configure this as a domain controller or a domain member ?  Or
>> this just a standalone machine.
>>
>>  From the command line  can you try the following
>>
>>      smbclient -L \\127.0.0.1  -U test1
>>
>> or maybe
>>
>>      smbclient -d3 -L \\127.0.0.1  -U test1
>>
>>
>> You may also want to try 'MACHINENAME\test1' as the user name.
>>
>>
>>
>>
>>
>> On 12/01/16 10:17, truename via samba wrote:
>>> Hi,
>>>
>>> I install samba by:
>>>
>>> sudo yum install samba.x86_64
>>>
>>> I edit /etc/samba/smb.conf by adding follows：
>>>
>>> [data]
>>>       comment = data
>>>       path = /home/myname/data
>>>       valid users = test1
>>>       write list = test1
>>>       create mask = 0754
>>>       sync always = Yes
>>> ;    hide dot files = yes
>>> ;    writeable = no
>>> ;    browseable = yes
>>>
>>> Then take effect my config:
>>>
>>> service smb restart
>>>
>>> I create shared folder:
>>>
>>> cd ~
>>> mkdir data
>>>
>>> I create user:
>>>
>>> useradd test1
>>> smbpasswd -a test1
>>> <then password>
>>>
>>>
>>> Then I open my file manager and input:
>>>
>>> smb://127.0.0.1
>>>
>>> A login form popup, I enter username: test1 and the password, the
login form returns again, I found I can not enter the shared folder by that
account.
>>>
>>> Thanks
>>
>>
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba

Can you access from windows?




I also notice that samba 4.2.10 is no longer a supported version.


On 12/01/16 15:39, truename via samba wrote:
> Following is output of smbclient -L \\127.0.0.1  -U test1:
>
>
>
>      Sharename       Type      Comment
>      ---------       ----      -------
>      data            Disk      data
>      IPC$            IPC       IPC Service (Samba Server Version 4.2.10)
>      test1           Disk      Home Directories
>      hp5550-1:7      Printer   hp5550-1
>      e-STUDIO283:2   Printer   e-STUDIO283
>      FX3D490A:3      Printer   FX3D490A
>      HPCP2025:9      Printer   HPCP2025
>      HPM2727:10      Printer   HPM2727
>      hp5550-2:8      Printer   hp5550-2
>      hp-color-LaserJet-5550-172-16-10-214:4 Printer  
hp-color-LaserJet-5550-172-16-10-214
>      ML-1660-Series:1 Printer   ML-1660-Series
>      ML-1660-Series:11 Printer   ML-1660-Series
>      topdf:12        Printer   topdf
>      HP5100:6        Printer   HP5100
>      hp5000-1:5      Printer   hp5000-1
>
>      Server               Comment
>      ---------            -------
>      LOCALHOST            Samba Server Version 4.2.10
>
>      Workgroup            Master
>      ---------            -------
>      MYGROUP              LOCALHOST
>
>
> And following is content of my smb.conf under /etc/samba:
>
>
> # This is the main Samba configuration file. For detailed information about
the
> # options listed here, refer to the smb.conf(5) manual page. Samba has a
huge
> # number of configurable options, most of which are not shown in this
example.
> #
> # The Official Samba 3.2.x HOWTO and Reference Guide contains step-by-step
> # guides for installing, configuring, and using Samba:
> # http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
> #
> # The Samba-3 by Example guide has working examples for smb.conf. This
guide is
> # generated daily: http://www.samba.org/samba/docs/Samba-Guide.pdf
> #
> # In this file, lines starting with a semicolon (;) or a hash (#) are
> # comments and are ignored. This file uses hashes to denote commentary and
> # semicolons for parts of the file you may wish to configure.
> #
> # Note: Run the "testparm" command after modifying this file to
check for basic
> # syntax errors.
> #
> #---------------
> # Security-Enhanced Linux (SELinux) Notes:
> #
> # Turn the samba_domain_controller Boolean on to allow Samba to use the
useradd
> # and groupadd family of binaries. Run the following command as the root
user to
> # turn this Boolean on:
> # setsebool -P samba_domain_controller on
> #
> # Turn the samba_enable_home_dirs Boolean on if you want to share home
> # directories via Samba. Run the following command as the root user to turn
this
> # Boolean on:
> # setsebool -P samba_enable_home_dirs on
> #
> # If you create a new directory, such as a new top-level directory, label
it
> # with samba_share_t so that SELinux allows Samba to read and write to it.
Do
> # not label system directories, such as /etc/ and /home/, with
samba_share_t, as
> # such directories should already have an SELinux label.
> #
> # Run the "ls -ldZ /path/to/directory" command to view the
current SELinux
> # label for a given directory.
> #
> # Set SELinux labels only on files and directories you have created. Use
the
> # chcon command to temporarily change a label:
> # chcon -t samba_share_t /path/to/directory
> #
> # Changes made via chcon are lost when the file system is relabeled or
commands
> # such as restorecon are run.
> #
> # Use the samba_export_all_ro or samba_export_all_rw Boolean to share
system
> # directories. To share such directories and only allow read-only
permissions:
> # setsebool -P samba_export_all_ro on
> # To share such directories and allow read and write permissions:
> # setsebool -P samba_export_all_rw on
> #
> # To run scripts (preexec/root prexec/print command/...), copy them to the
> # /var/lib/samba/scripts/ directory so that SELinux will allow smbd to run
them.
> # Note that if you move the scripts to /var/lib/samba/scripts/, they retain
> # their existing SELinux labels, which may be labels that SELinux does not
allow
> # smbd to run. Copying the scripts will result in the correct SELinux
labels.
> # Run the "restorecon -R -v /var/lib/samba/scripts" command as
the root user to
> # apply the correct SELinux labels to these files.
> #
> #--------------
> #
> #======================= Global Settings
====================================>
> [global]
>
> # ----------------------- Network-Related Options -------------------------
> #
> # workgroup = the Windows NT domain name or workgroup name, for example,
MYGROUP.
> #
> # server string = the equivalent of the Windows NT Description field.
> #
> # netbios name = used to specify a server name that is not tied to the
hostname.
> #
> # interfaces = used to configure Samba to listen on multiple network
interfaces.
> # If you have multiple interfaces, you can use the "interfaces ="
option to
> # configure which of those interfaces Samba listens on. Never omit the
localhost
> # interface (lo).
> #
> # hosts allow = the hosts allowed to connect. This option can also be used
on a
> # per-share basis.
> #
> # hosts deny = the hosts not allowed to connect. This option can also be
used on
> # a per-share basis.
> #
> # max protocol = used to define the supported protocol. The default is NT1.
You
> # can set it to SMB2 if you want experimental SMB2 support.
> #
>      workgroup = MYGROUP
>      server string = Samba Server Version %v
>
> ;    netbios name = MYSERVER
>
> ;    interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
> ;    hosts allow = 127. 192.168.12. 192.168.13.
>
> ;    max protocol = SMB2
>
> # --------------------------- Logging Options -----------------------------
> #
> # log file = specify where log files are written to and how they are split.
> #
> # max log size = specify the maximum size log files are allowed to reach.
Log
> # files are rotated when they reach the size specified with "max log
size".
> #
>
>      # log files split per-machine:
>      log file = /var/log/samba/log.%m
>      # maximum size of 50KB per log file, then rotate:
>      max log size = 50
>
> # ----------------------- Standalone Server Options
------------------------
> #
> # security = the mode Samba runs in. This can be set to user, share
> # (deprecated), or server (deprecated).
> #
> # passdb backend = the backend used to store user information in. New
> # installations should use either tdbsam or ldapsam. No additional
configuration
> # is required for tdbsam. The "smbpasswd" utility is available
for backwards
> # compatibility.
> #
>
>      security = user
>      passdb backend = tdbsam
>
>
> # ----------------------- Domain Members Options ------------------------
> #
> # security = must be set to domain or ads.
> #
> # passdb backend = the backend used to store user information in. New
> # installations should use either tdbsam or ldapsam. No additional
configuration
> # is required for tdbsam. The "smbpasswd" utility is available
for backwards
> # compatibility.
> #
> # realm = only use the realm option when the "security = ads"
option is set.
> # The realm option specifies the Active Directory realm the host is a part
of.
> #
> # password server = only use this option when the "security =
server"
> # option is set, or if you cannot use DNS to locate a Domain Controller.
The
> # argument list can include My_PDC_Name, [My_BDC_Name], and
[My_Next_BDC_Name]:
> #
> # password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
> #
> # Use "password server = *" to automatically locate Domain
Controllers.
>
> ;    security = domain
> ;    passdb backend = tdbsam
> ;    realm = MY_REALM
>
> ;    password server = <NT-Server-Name>
>
> # ----------------------- Domain Controller Options
------------------------
> #
> # security = must be set to user for domain controllers.
> #
> # passdb backend = the backend used to store user information in. New
> # installations should use either tdbsam or ldapsam. No additional
configuration
> # is required for tdbsam. The "smbpasswd" utility is available
for backwards
> # compatibility.
> #
> # domain master = specifies Samba to be the Domain Master Browser, allowing
> # Samba to collate browse lists between subnets. Do not use the
"domain master"
> # option if you already have a Windows NT domain controller performing this
task.
> #
> # domain logons = allows Samba to provide a network logon service for
Windows
> # workstations.
> #
> # logon script = specifies a script to run at login time on the client.
These
> # scripts must be provided in a share named NETLOGON.
> #
> # logon path = specifies (with a UNC path) where user profiles are stored.
> #
> #
> ;    security = user
> ;    passdb backend = tdbsam
>
> ;    domain master = yes
> ;    domain logons = yes
>
>      # the following login script name is determined by the machine name
>      # (%m):
> ;    logon script = %m.bat
>      # the following login script name is determined by the UNIX user used:
> ;    logon script = %u.bat
> ;    logon path = \\%L\Profiles\%u
>      # use an empty path to disable profile support:
> ;    logon path >
>      # various scripts can be used on a domain controller or a stand-alone
>      # machine to add or delete corresponding UNIX accounts:
>
> ;    add user script = /usr/sbin/useradd "%u" -n -g users
> ;    add group script = /usr/sbin/groupadd "%g"
> ;    add machine script = /usr/sbin/useradd -n -c "Workstation
(%u)" -M -d /nohome -s /bin/false "%u"
> ;    delete user script = /usr/sbin/userdel "%u"
> ;    delete user from group script = /usr/sbin/userdel "%u"
"%g"
> ;    delete group script = /usr/sbin/groupdel "%g"
>
>
> # ----------------------- Browser Control Options
----------------------------
> #
> # local master = when set to no, Samba does not become the master browser
on
> # your network. When set to yes, normal election rules apply.
> #
> # os level = determines the precedence the server has in master browser
> # elections. The default value should be reasonable.
> #
> # preferred master = when set to yes, Samba forces a local browser election
at
> # start up (and gives itself a slightly higher chance of winning the
election).
> #
> ;    local master = no
> ;    os level = 33
> ;    preferred master = yes
>
> #----------------------------- Name Resolution
-------------------------------
> #
> # This section details the support for the Windows Internet Name Service
(WINS).
> #
> # Note: Samba can be either a WINS server or a WINS client, but not both.
> #
> # wins support = when set to yes, the NMBD component of Samba enables its
WINS
> # server.
> #
> # wins server = tells the NMBD component of Samba to be a WINS client.
> #
> # wins proxy = when set to yes, Samba answers name resolution queries on
behalf
> # of a non WINS capable client. For this to work, there must be at least
one
> # WINS server on the network. The default is no.
> #
> # dns proxy = when set to yes, Samba attempts to resolve NetBIOS names via
DNS
> # nslookups.
>
> ;    wins support = yes
> ;    wins server = w.x.y.z
> ;    wins proxy = yes
>
> ;    dns proxy = yes
>
> # --------------------------- Printing Options
-----------------------------
> #
> # The options in this section allow you to configure a non-default printing
> # system.
> #
> # load printers = when set you yes, the list of printers is automatically
> # loaded, rather than setting them up individually.
> #
> # cups options = allows you to pass options to the CUPS library. Setting
this
> # option to raw, for example, allows you to use drivers on your Windows
clients.
> #
> # printcap name = used to specify an alternative printcap file.
> #
>
>      load printers = yes
>      cups options = raw
>
> ;    printcap name = /etc/printcap
>      # obtain a list of printers automatically on UNIX System V systems:
> ;    printcap name = lpstat
> ;    printing = cups
>
> # --------------------------- File System Options
---------------------------
> #
> # The options in this section can be un-commented if the file system
supports
> # extended attributes, and those attributes are enabled (usually via the
> # "user_xattr" mount option). These options allow the
administrator to specify
> # that DOS attributes are stored in extended attributes and also make sure
that
> # Samba does not change the permission bits.
> #
> # Note: These options can be used on a per-share basis. Setting them
globally
> # (in the [global] section) makes them the default for all shares.
>
> ;    map archive = no
> ;    map hidden = no
> ;    map read only = no
> ;    map system = no
> ;    store dos attributes = yes
>
>
> #============================ Share Definitions
=============================>
> [homes]
>      comment = Home Directories
>      browseable = no
>      writable = yes
> ;    valid users = %S
> ;    valid users = MYDOMAIN\%S
>
> [printers]
>      comment = All Printers
>      path = /var/spool/samba
>      browseable = no
>      guest ok = no
>      writable = no
>      printable = yes
>
> # Un-comment the following and create the netlogon directory for Domain
Logons:
> ;    [netlogon]
> ;    comment = Network Logon Service
> ;    path = /var/lib/samba/netlogon
> ;    guest ok = yes
> ;    writable = no
> ;    share modes = no
>
> # Un-comment the following to provide a specific roving profile share.
> # The default is to use the user's home directory:
> ;    [Profiles]
> ;    path = /var/lib/samba/profiles
> ;    browseable = no
> ;    guest ok = yes
>
> # A publicly accessible directory that is read only, except for users in
the
> # "staff" group (which have write permissions):
> ;    [public]
> ;    comment = Public Stuff
> ;    path = /home/samba
> ;    public = yes
> ;    writable = yes
> ;    printable = no
> ;    write list = +staff
>
> [data]
>      comment = data
>      path = /home/myname/data
>      valid users = test1
>      write list = test1
>      create mask = 0754
>      sync always = Yes
> ;    hide dot files = yes
> ;    writeable = no
> ;    browseable = yes
>
>
> Thanks
>
>
>
>
>
>
>
>
> 在 2016-12-02 00:02:41，"Gaiseric Vandal via samba" <samba at
lists.samba.org> 写道：
>> Did you configure this as a domain controller or a domain member ?  Or
>> this just a standalone machine.
>>
>>  From the command line  can you try the following
>>
>>      smbclient -L \\127.0.0.1  -U test1
>>
>> or maybe
>>
>>      smbclient -d3 -L \\127.0.0.1  -U test1
>>
>>
>> You may also want to try 'MACHINENAME\test1' as the user name.
>>
>>
>>
>>
>>
>> On 12/01/16 10:17, truename via samba wrote:
>>> Hi,
>>>
>>> I install samba by:
>>>
>>> sudo yum install samba.x86_64
>>>
>>> I edit /etc/samba/smb.conf by adding follows：
>>>
>>> [data]
>>>       comment = data
>>>       path = /home/myname/data
>>>       valid users = test1
>>>       write list = test1
>>>       create mask = 0754
>>>       sync always = Yes
>>> ;    hide dot files = yes
>>> ;    writeable = no
>>> ;    browseable = yes
>>>
>>> Then take effect my config:
>>>
>>> service smb restart
>>>
>>> I create shared folder:
>>>
>>> cd ~
>>> mkdir data
>>>
>>> I create user:
>>>
>>> useradd test1
>>> smbpasswd -a test1
>>> <then password>
>>>
>>>
>>> Then I open my file manager and input:
>>>
>>> smb://127.0.0.1
>>>
>>> A login form popup, I enter username: test1 and the password, the
login form returns again, I found I can not enter the shared folder by that
account.
>>>
>>> Thanks
>>
>>
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba

The result of accessing from windows is same as accessing from Linux, after I
input correct username and password and click connect button, the login dialog
re-popup.


Thanks
On 12/02/2016 22:22, Gaiseric Vandal via samba wrote:
Can you access from windows?




I also notice that samba 4.2.10 is no longer a supported version.


On 12/01/16 15:39, truename via samba wrote:
> Following is output of smbclient -L \\127.0.0.1  -U test1:
>
>
>
>      Sharename       Type      Comment
>      ---------       ----      -------
>      data            Disk      data
>      IPC$            IPC       IPC Service (Samba Server Version 4.2.10)
>      test1           Disk      Home Directories
>      hp5550-1:7      Printer   hp5550-1
>      e-STUDIO283:2   Printer   e-STUDIO283
>      FX3D490A:3      Printer   FX3D490A
>      HPCP2025:9      Printer   HPCP2025
>      HPM2727:10      Printer   HPM2727
>      hp5550-2:8      Printer   hp5550-2
>      hp-color-LaserJet-5550-172-16-10-214:4 Printer  
hp-color-LaserJet-5550-172-16-10-214
>      ML-1660-Series:1 Printer   ML-1660-Series
>      ML-1660-Series:11 Printer   ML-1660-Series
>      topdf:12        Printer   topdf
>      HP5100:6        Printer   HP5100
>      hp5000-1:5      Printer   hp5000-1
>
>      Server               Comment
>      ---------            -------
>      LOCALHOST            Samba Server Version 4.2.10
>
>      Workgroup            Master
>      ---------            -------
>      MYGROUP              LOCALHOST
>
>
> And following is content of my smb.conf under /etc/samba:
>
>
> # This is the main Samba configuration file. For detailed information about
the
> # options listed here, refer to the smb.conf(5) manual page. Samba has a
huge
> # number of configurable options, most of which are not shown in this
example.
> #
> # The Official Samba 3.2.x HOWTO and Reference Guide contains step-by-step
> # guides for installing, configuring, and using Samba:
> # http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
> #
> # The Samba-3 by Example guide has working examples for smb.conf. This
guide is
> # generated daily: http://www.samba.org/samba/docs/Samba-Guide.pdf
> #
> # In this file, lines starting with a semicolon (;) or a hash (#) are
> # comments and are ignored. This file uses hashes to denote commentary and
> # semicolons for parts of the file you may wish to configure.
> #
> # Note: Run the "testparm" command after modifying this file to
check for basic
> # syntax errors.
> #
> #---------------
> # Security-Enhanced Linux (SELinux) Notes:
> #
> # Turn the samba_domain_controller Boolean on to allow Samba to use the
useradd
> # and groupadd family of binaries. Run the following command as the root
user to
> # turn this Boolean on:
> # setsebool -P samba_domain_controller on
> #
> # Turn the samba_enable_home_dirs Boolean on if you want to share home
> # directories via Samba. Run the following command as the root user to turn
this
> # Boolean on:
> # setsebool -P samba_enable_home_dirs on
> #
> # If you create a new directory, such as a new top-level directory, label
it
> # with samba_share_t so that SELinux allows Samba to read and write to it.
Do
> # not label system directories, such as /etc/ and /home/, with
samba_share_t, as
> # such directories should already have an SELinux label.
> #
> # Run the "ls -ldZ /path/to/directory" command to view the
current SELinux
> # label for a given directory.
> #
> # Set SELinux labels only on files and directories you have created. Use
the
> # chcon command to temporarily change a label:
> # chcon -t samba_share_t /path/to/directory
> #
> # Changes made via chcon are lost when the file system is relabeled or
commands
> # such as restorecon are run.
> #
> # Use the samba_export_all_ro or samba_export_all_rw Boolean to share
system
> # directories. To share such directories and only allow read-only
permissions:
> # setsebool -P samba_export_all_ro on
> # To share such directories and allow read and write permissions:
> # setsebool -P samba_export_all_rw on
> #
> # To run scripts (preexec/root prexec/print command/...), copy them to the
> # /var/lib/samba/scripts/ directory so that SELinux will allow smbd to run
them.
> # Note that if you move the scripts to /var/lib/samba/scripts/, they retain
> # their existing SELinux labels, which may be labels that SELinux does not
allow
> # smbd to run. Copying the scripts will result in the correct SELinux
labels.
> # Run the "restorecon -R -v /var/lib/samba/scripts" command as
the root user to
> # apply the correct SELinux labels to these files.
> #
> #--------------
> #
> #======================= Global Settings
====================================>
> [global]
>
> # ----------------------- Network-Related Options -------------------------
> #
> # workgroup = the Windows NT domain name or workgroup name, for example,
MYGROUP.
> #
> # server string = the equivalent of the Windows NT Description field.
> #
> # netbios name = used to specify a server name that is not tied to the
hostname.
> #
> # interfaces = used to configure Samba to listen on multiple network
interfaces.
> # If you have multiple interfaces, you can use the "interfaces ="
option to
> # configure which of those interfaces Samba listens on. Never omit the
localhost
> # interface (lo).
> #
> # hosts allow = the hosts allowed to connect. This option can also be used
on a
> # per-share basis.
> #
> # hosts deny = the hosts not allowed to connect. This option can also be
used on
> # a per-share basis.
> #
> # max protocol = used to define the supported protocol. The default is NT1.
You
> # can set it to SMB2 if you want experimental SMB2 support.
> #
>      workgroup = MYGROUP
>      server string = Samba Server Version %v
>
> ;    netbios name = MYSERVER
>
> ;    interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
> ;    hosts allow = 127. 192.168.12. 192.168.13.
>
> ;    max protocol = SMB2
>
> # --------------------------- Logging Options -----------------------------
> #
> # log file = specify where log files are written to and how they are split.
> #
> # max log size = specify the maximum size log files are allowed to reach.
Log
> # files are rotated when they reach the size specified with "max log
size".
> #
>
>      # log files split per-machine:
>      log file = /var/log/samba/log.%m
>      # maximum size of 50KB per log file, then rotate:
>      max log size = 50
>
> # ----------------------- Standalone Server Options
------------------------
> #
> # security = the mode Samba runs in. This can be set to user, share
> # (deprecated), or server (deprecated).
> #
> # passdb backend = the backend used to store user information in. New
> # installations should use either tdbsam or ldapsam. No additional
configuration
> # is required for tdbsam. The "smbpasswd" utility is available
for backwards
> # compatibility.
> #
>
>      security = user
>      passdb backend = tdbsam
>
>
> # ----------------------- Domain Members Options ------------------------
> #
> # security = must be set to domain or ads.
> #
> # passdb backend = the backend used to store user information in. New
> # installations should use either tdbsam or ldapsam. No additional
configuration
> # is required for tdbsam. The "smbpasswd" utility is available
for backwards
> # compatibility.
> #
> # realm = only use the realm option when the "security = ads"
option is set.
> # The realm option specifies the Active Directory realm the host is a part
of.
> #
> # password server = only use this option when the "security =
server"
> # option is set, or if you cannot use DNS to locate a Domain Controller.
The
> # argument list can include My_PDC_Name, [My_BDC_Name], and
[My_Next_BDC_Name]:
> #
> # password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
> #
> # Use "password server = *" to automatically locate Domain
Controllers.
>
> ;    security = domain
> ;    passdb backend = tdbsam
> ;    realm = MY_REALM
>
> ;    password server = <NT-Server-Name>
>
> # ----------------------- Domain Controller Options
------------------------
> #
> # security = must be set to user for domain controllers.
> #
> # passdb backend = the backend used to store user information in. New
> # installations should use either tdbsam or ldapsam. No additional
configuration
> # is required for tdbsam. The "smbpasswd" utility is available
for backwards
> # compatibility.
> #
> # domain master = specifies Samba to be the Domain Master Browser, allowing
> # Samba to collate browse lists between subnets. Do not use the
"domain master"
> # option if you already have a Windows NT domain controller performing this
task.
> #
> # domain logons = allows Samba to provide a network logon service for
Windows
> # workstations.
> #
> # logon script = specifies a script to run at login time on the client.
These
> # scripts must be provided in a share named NETLOGON.
> #
> # logon path = specifies (with a UNC path) where user profiles are stored.
> #
> #
> ;    security = user
> ;    passdb backend = tdbsam
>
> ;    domain master = yes
> ;    domain logons = yes
>
>      # the following login script name is determined by the machine name
>      # (%m):
> ;    logon script = %m.bat
>      # the following login script name is determined by the UNIX user used:
> ;    logon script = %u.bat
> ;    logon path = \\%L\Profiles\%u
>      # use an empty path to disable profile support:
> ;    logon path >
>      # various scripts can be used on a domain controller or a stand-alone
>      # machine to add or delete corresponding UNIX accounts:
>
> ;    add user script = /usr/sbin/useradd "%u" -n -g users
> ;    add group script = /usr/sbin/groupadd "%g"
> ;    add machine script = /usr/sbin/useradd -n -c "Workstation
(%u)" -M -d /nohome -s /bin/false "%u"
> ;    delete user script = /usr/sbin/userdel "%u"
> ;    delete user from group script = /usr/sbin/userdel "%u"
"%g"
> ;    delete group script = /usr/sbin/groupdel "%g"
>
>
> # ----------------------- Browser Control Options
----------------------------
> #
> # local master = when set to no, Samba does not become the master browser
on
> # your network. When set to yes, normal election rules apply.
> #
> # os level = determines the precedence the server has in master browser
> # elections. The default value should be reasonable.
> #
> # preferred master = when set to yes, Samba forces a local browser election
at
> # start up (and gives itself a slightly higher chance of winning the
election).
> #
> ;    local master = no
> ;    os level = 33
> ;    preferred master = yes
>
> #----------------------------- Name Resolution
-------------------------------
> #
> # This section details the support for the Windows Internet Name Service
(WINS).
> #
> # Note: Samba can be either a WINS server or a WINS client, but not both.
> #
> # wins support = when set to yes, the NMBD component of Samba enables its
WINS
> # server.
> #
> # wins server = tells the NMBD component of Samba to be a WINS client.
> #
> # wins proxy = when set to yes, Samba answers name resolution queries on
behalf
> # of a non WINS capable client. For this to work, there must be at least
one
> # WINS server on the network. The default is no.
> #
> # dns proxy = when set to yes, Samba attempts to resolve NetBIOS names via
DNS
> # nslookups.
>
> ;    wins support = yes
> ;    wins server = w.x.y.z
> ;    wins proxy = yes
>
> ;    dns proxy = yes
>
> # --------------------------- Printing Options
-----------------------------
> #
> # The options in this section allow you to configure a non-default printing
> # system.
> #
> # load printers = when set you yes, the list of printers is automatically
> # loaded, rather than setting them up individually.
> #
> # cups options = allows you to pass options to the CUPS library. Setting
this
> # option to raw, for example, allows you to use drivers on your Windows
clients.
> #
> # printcap name = used to specify an alternative printcap file.
> #
>
>      load printers = yes
>      cups options = raw
>
> ;    printcap name = /etc/printcap
>      # obtain a list of printers automatically on UNIX System V systems:
> ;    printcap name = lpstat
> ;    printing = cups
>
> # --------------------------- File System Options
---------------------------
> #
> # The options in this section can be un-commented if the file system
supports
> # extended attributes, and those attributes are enabled (usually via the
> # "user_xattr" mount option). These options allow the
administrator to specify
> # that DOS attributes are stored in extended attributes and also make sure
that
> # Samba does not change the permission bits.
> #
> # Note: These options can be used on a per-share basis. Setting them
globally
> # (in the [global] section) makes them the default for all shares.
>
> ;    map archive = no
> ;    map hidden = no
> ;    map read only = no
> ;    map system = no
> ;    store dos attributes = yes
>
>
> #============================ Share Definitions
=============================>
> [homes]
>      comment = Home Directories
>      browseable = no
>      writable = yes
> ;    valid users = %S
> ;    valid users = MYDOMAIN\%S
>
> [printers]
>      comment = All Printers
>      path = /var/spool/samba
>      browseable = no
>      guest ok = no
>      writable = no
>      printable = yes
>
> # Un-comment the following and create the netlogon directory for Domain
Logons:
> ;    [netlogon]
> ;    comment = Network Logon Service
> ;    path = /var/lib/samba/netlogon
> ;    guest ok = yes
> ;    writable = no
> ;    share modes = no
>
> # Un-comment the following to provide a specific roving profile share.
> # The default is to use the user's home directory:
> ;    [Profiles]
> ;    path = /var/lib/samba/profiles
> ;    browseable = no
> ;    guest ok = yes
>
> # A publicly accessible directory that is read only, except for users in
the
> # "staff" group (which have write permissions):
> ;    [public]
> ;    comment = Public Stuff
> ;    path = /home/samba
> ;    public = yes
> ;    writable = yes
> ;    printable = no
> ;    write list = +staff
>
> [data]
>      comment = data
>      path = /home/myname/data
>      valid users = test1
>      write list = test1
>      create mask = 0754
>      sync always = Yes
> ;    hide dot files = yes
> ;    writeable = no
> ;    browseable = yes
>
>
> Thanks
>
>
>
>
>
>
>
>
> 在 2016-12-02 00:02:41，"Gaiseric Vandal via samba" <samba at
lists.samba.org> 写道：
>> Did you configure this as a domain controller or a domain member ?  Or
>> this just a standalone machine.
>>
>>  From the command line  can you try the following
>>
>>      smbclient -L \\127.0.0.1  -U test1
>>
>> or maybe
>>
>>      smbclient -d3 -L \\127.0.0.1  -U test1
>>
>>
>> You may also want to try 'MACHINENAME\test1' as the user name.
>>
>>
>>
>>
>>
>> On 12/01/16 10:17, truename via samba wrote:
>>> Hi,
>>>
>>> I install samba by:
>>>
>>> sudo yum install samba.x86_64
>>>
>>> I edit /etc/samba/smb.conf by adding follows：
>>>
>>> [data]
>>>       comment = data
>>>       path = /home/myname/data
>>>       valid users = test1
>>>       write list = test1
>>>       create mask = 0754
>>>       sync always = Yes
>>> ;    hide dot files = yes
>>> ;    writeable = no
>>> ;    browseable = yes
>>>
>>> Then take effect my config:
>>>
>>> service smb restart
>>>
>>> I create shared folder:
>>>
>>> cd ~
>>> mkdir data
>>>
>>> I create user:
>>>
>>> useradd test1
>>> smbpasswd -a test1
>>> <then password>
>>>
>>>
>>> Then I open my file manager and input:
>>>
>>> smb://127.0.0.1
>>>
>>> A login form popup, I enter username: test1 and the password, the
login form returns again, I found I can not enter the shared folder by that
account.
>>>
>>> Thanks
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba