RE: [SLE] Using Samba
From: Greg Wallace (jgregw_at_acsalaska.net)
Date: 06/17/05
- Previous message: Ken Schneider: "Re: [SLE] Wireless pcmcia card"
- In reply to: Susemail: "Re: [SLE] Using Samba"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: <suse-linux-e@suse.com> Date: Fri, 17 Jun 2005 05:01:55 -0800
On Thursday, June 16, 2005 @ 4:43 PM, Jerome wrote:
>On Wednesday 15 June 2005 02:54, Greg Wallace wrote:
>> On Tuesday, June 14, 2005 @5:02 PM, Jerome wrote:
>> >On Monday 13 June 2005 01:25, Greg Wallace wrote:
>> >> I share a linux directory with my Windows machine. Try adding --
>> >>
>> >> wins support = yes
>> >> security = share
>> >>
>> >> to your [global] section.
>Done
>> >>
>> >> Also, I have the following for my "share" (I called it Shareddocs just
>> >> to have it stick out as a Windows share). I'm forcing the user to the
>> >> Linux built-in nobody group.
>> >>
>> >> [SharedDocs]
>> >> path = /etc/samba/smbusers
>> >> guest ok = yes
>> >> guest account = nobody
>> >> force group = MYHOME
>> >>
>Done
>> >> Also, be sure the nobody user is set up as a member of the MYHOME
group
>>
>> on
>I used Yast to set up the group 'myhome' and myself and nobody are members.
>The user nobody belongs to the groups myhome,nogroup and nobody.
>>
>> >> your Linux machine. Whatever privileges you give it, that's what
you'll
>>
>Using Yast I could not set privileges for 'nobody' but I did notice nobody
has
>a predefined password. I've seen this before with other system users.
I've
>never been able to find out what the password is. I'm going to delete it
to
>see if that helps. Usually the system will recreate it though. In this
case
>it's a six token password.
>ps: Yast insists on a password so I'll use my user password instead of the
one
>supplied.
>pps: It changed the password back to the system one (Suse 9.3) anyone know
what it is?
>> be
>>
>> >> able to do from your Windows machine. Also, your Windows machine has
to
>>
>> be
>>
>> >> using the MYHOME workgroup, which I assume it does.
>> >>
>It does
>> >> Greg Wallace
>> >
>> >The problem is when I enter the User name and password in the login
window
>> >Windows prepends the name of my Windows machine to my User name like
this:
>> >
>> >MYVIAO/MyUserName
>> >
>> >and reopens the login window. Windows does give a hint:
>> >
>> >Example:
>> >User Name
>> >username@domain
>> >DOMAIN\username
>> >
>> >How do I interpet this? I tried myusername@Linux\myusername and
>> >myusername@LinuxLINUX\myusername . Nothing is prepended but hitting
enter
>> >reopens the login window.
>Now I see. The "Example" is actually three examples and MYVIAO/MyUserName
is
>the system telling me which example it expects.
>> >
>> >Thanks,
>> >Jerome
>>
>> Jerome:
>> I don't even get a Login Window. I click on My Network Places and
>> there's a folder there with the pipeline under it that you see on a
network
>> share. I double click on it and I'm in my Linux folder. I don't need any
>> security because of the
>I set up the Network Share on XP using the Setup Wizard. When I click on
it I
>get this message:
>\\Linux\shareddocs is not accessable. You might not have permission to use
>this network resourse (Which is the core of my problem now). The group
name
>could not be found.
>I wonder where it's looking?
>>
>> guest account = nobody
>>
>> option I specified for [SharedDocs]. I also have the following line
under
>> [global]
>>
>> map to guest = bad user
>Default setting.
>> You probably have some additional setup work to do on Linux before you
try
>> to connect from the Windows machine. Here's an off the top of my head
>> checklist --
>>
>> *) Whatever workgroup you are using in Windows needs to be set up as a
>> group on your Linux machine.
>>
>MY Samba Server Workgroup is MYHOME. My Linux group is myhome.
>Is any of this case sensitive? My XP Workgroup is MYHOME.
>> *) Set up the folder in Linux that matches the path= name. Mine is
>> shareddocs (and at the root level; i. e., /shareddocs on Linux). The
owner
>> of shareddocs is user nobody (built-in Linux user) and the group is the
>> group I set up that matches my Windows workgroup name.
>>
>See smb.conf below.
>> *) Make sure any users that will access the share are assigned to that
>> group on your Linux machine. I assigned the built-in "nobody" user to
the
>> group and, with the "guest account = nobody" option in Samba, that's the
id
>> that is in use when I'm working on my Linux machine from Windows (If I
add
>> a file, it shows up with that user when I look at the file over on
Linux).
>> I also added my Linux user id to that group and also root, giving me
access
>> to the folder on the Linux side.
>>
>I holding off adding root for now.
>> Once all of that was done, I went to "My Network Places" and added
>> \\Linux\SharedDocs (yes, I named my Linux machine Linux -- lots of
>> imagination at work there huh!). Now, if I double click on that folder,
>> I'm looking at all of the files and directories in the Linux shareddocs
>> directory from my Windows machine (sub-directories show up as folders).
>>
>> Hope this is enough to get you started.
>>
>> Greg
>Thanks Greg, is was enough to get me started (all of yesterday) and almost
>finished. But there is still a permissions roadblock.
>When I run 'net use x:' on XP to log into any of the predefined shares on
my
>Samba Server I get these messages:
>C:\Documents and Settings\adriel>net use x: \\LINUX\adriel [enter]
>The password is invalid for \\LINUX\adriel
>(Apparently there's a password sent here that is incorrect)
>Enter the username for 'LINUX' : adriel@Linux (or Linux\\adriel or
>Linux\adriel or LINUX\\adriel or LINUX\adriel)
>(Examples of valid usernames are username@domain and domain\\username.)
>Should
domain\\username be domain\username?
>Enter the password for LINUX: myuserpassword
>System error 5 has occurred.
>Access is denied
>So, access from Linux to XP is still denied. Access from a Linux browser
to
>Xp shares using smb:// works just fine, I have learned today. However
using
>the Linux Desktop icon: Network Browsing, gets me to this address:
>slp://awws/[awws://192.168.0.2:3703?name=MyVaio&version=2.0&guid=73780010->
28e9-1e0e-a750-9f349deee3b3]
>That displays this message:
>Service Attributes
>awws://192.168.0.2:3703
>Instead of the Windows share.
>In the 9.3 Administration guide on p.542 it says:
>security = share: 'A password is firmly assigned to a share.'
>Do shares have passwords assigned to them automatically?
>I'm including a copy of my smb.conf file, maybe there's something I
>overlooked
>or did wrong. Right now all I need is access.
>I have moved the pictures using smb:// over to my Share on XP, so in that
>sense the problem is solved, but now I want to learn how to make this work
>for it's own sake.
>Jerome
># smb.conf is the main Samba configuration file. You find a full commented
># version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
># samba-doc package is installed.
># Date: 2005-04-04
>[global]
> passdb backend = smbpasswd:Neshamas
> workgroup = MYHOME
> printing = cups
> printcap name = cups
> printcap cache time = 750
> cups options = raw
> printer admin = @ntadmin, root, administrator
> username map = /etc/samba/smbusers
> map to guest = Bad User
I don't have the line below, but I don't see why it would be a problem
> include = /etc/samba/dhcp.conf
I don't have any of the lines from here..
> logon path = \\%L\profiles\.msprofile
> logon home = \\%L\%U\.9xprofile
> logon drive = P:
> add machine script = /usr/sbin/useradd -c Machine -d
/var/lib/nobody
>-s /bin/false %m$
> domain logons = Yes
... to here
> domain master = No
For the line above, I have
Domain master = False
> idmap gid = 10000-20000
> idmap uid = 10000-20000
> wins support = yes
The line below should say security = share
> security = user
I also have the following lines
unix extensions = Yes
socket options = ISO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
veto files = /* .eml/* .nws/riched20.dll/*.{*}/
syslog = 0
log level = 1
>[homes]
> comment = Home Directories
> valid users = %S
> browseable = No
> read only = No
> inherit acls = Yes
> create mask = 0640
> directory mask = 0750
>[profiles]
> comment = Network Profiles Service
> path = %H
> read only = No
> store dos attributes = Yes
> create mask = 0600
> directory mask = 0700
>
>[users]
> comment = All users
> path = /home
> read only = No
> inherit acls = Yes
> veto files = /aquota.user/groups/shares/
> create mask = 0640
> directory mask = 0750
>;
>[groups]
> comment = All groups
> path = /home/groups
> read only = No
> inherit acls = Yes
>[printers]
> comment = All Printers
> path = /var/tmp
> printable = Yes
> create mask = 0600
> browseable = No
>
>[print$]
> comment = Printer Drivers
> path = /var/lib/samba/drivers
> write list = @ntadmin root
> force group = ntadmin
> create mask = 0664
> directory mask = 0775
>## Share disabled by YaST
># [netlogon]
># comment = Network Logon Service
># path = /var/lib/samba/netlogon
># write list = root
>[shareddocs]
>
> path = /home/adriel/shareddocs
> guest ok = yes
> guest account = nobody
> force group = MYHOME
I also have the following lines
force create mode = 0060
force directory mode = 0070
create mask = 0770
directory mask = 0770
read only = no
Now, if I were using /home/adriel/shareddocs for my share, then if I did
cd /home/adriel
dir
I would see
drwxrwx--- ... nobody ... myhome ... shareddocs
It being a linux share, in order to mount the directory you need x
privileges on that directory. That security is enforced across to Windows,
so windows cannot even look at what's in the directory unless it (nobody)
has that privilege. I don't have to enter a password to display the "share"
on Windows. I had, I think, the same errors as you when I first started
setting this up. I believe you're definitely down to getting the security
right on Linux. Once you do that, you should be able to change to that
directory on Windows.
Greg Wallace
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
- Previous message: Ken Schneider: "Re: [SLE] Wireless pcmcia card"
- In reply to: Susemail: "Re: [SLE] Using Samba"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
