Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
For the life of me, I can't believe how difficult it is to get Samba to share files to my WinXP Pro boxes. Here's the low-down on what I've got:
Ubuntu Server 8.10 with Samba 3.2.3, running headless (& apparently brainless - oh, that's me). I've got a RAID5 array mounted and I can see the data in PuTTY.
My WinXP box can see the server in the workgroup, and I can see folders for groups, profiles, users, Printers and Faxes, and "data" - it is "data" to which I need access.
[global]
workgroup = RCH-WORKGROUP
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
include = /etc/samba/dhcp.conf
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
usershare allow guests = No
winbind gid = 10000-20000
winbind uid = 10000-20000
security = user
usershare max shares = 100
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$
domain logons = No
domain master = No
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[profiles]
comment = Network Profiles Service
path = /NW-DATA/
read only = No
store dos attributes = Yes
create mask = 0660
directory mask = 0770
valid users = david,april
admin users = david,april
guest account = admiral
guest ok = yes
[data]
comment =
inherit acls = Yes
path = /NW-DATA/DATA/
read only = No
force create mode = 0660
force directory mode = 0770
writeable = yes
writable = yes
I have created the users david & april in both Linux & Samba, and given each of them the password that we use to log into our WinXP Pro boxes.
It's been suggested that maybe there are traces of SELinux (Security Enhanced), that might be found in the audit.log. So, here is my audit.log (/var/log/audit/audit.log):
I'm no longer sure what I'm looking for. I'm certain there is some simple solution, but for the life of me, I can't find it. I did have a copy of OpenSuSE installed that was working, and I had copied the share section for "data" from that smb.conf to the Ubuntu one (on different HDDs), and it worked. When I went to do a re-install, as a learning exercise, I wiped out the OpenSuSE drive (what I wanted to do), and then reinstalled Ubuntu on the Ubuntu drive (NOT what I wanted to do), which wiped out the working smb.conf on BOTH drives.
I've tried to get OpenSuSE working again, but I'm not having the same problem with IT. In fact, the info above is from OpenSuSE, and I have shared the folders, it shows shared in Konquerer, and the group Users has RW permission.
I can't think of anything else I've failed to mention, but I can provide any other information that is requested.
Any help is greatly appreciated.
Last edited by DarkFlame; 01-10-2009 at 04:35 PM.
Reason: added more info.
To rule out selinux use "sudo setenforce 0" to turn it off, try to connect and turn it back on with "sudo setenforce 1". At least I assume ubuntu uses setenforce.
Bill, I wasn't consciously trying to connect to homes, but the section is there (OpenSuSE - the one I'm working on now - trying to re-install it, but I'll try the same thing on my Ubuntu HDD, too) So, I've added the above code to the homes section. It now looks like this:
Code:
[homes]
comment = Home Directories
path = /home/%u
valid users = %S, %D%w%S
browseable = No
writable = Yes
read only = No
inherit acls = Yes
create mode = 644
directory mode = 755
Quote:
Originally Posted by billymayday
Are you trying to run domains? If not, for now I'd comment out
I've now commented out those lines. The section now looks like this:
Code:
[global]
workgroup = RCH-WORKGROUP
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
include = /etc/samba/dhcp.conf
# logon path = \\%L\profiles\.msprofile
# logon home = \\%L\%U\.9xprofile
# logon drive = P:
# usershare allow guests = No
# winbind gid = 10000-20000
# winbind uid = 10000-20000
security = user
# usershare max shares = 100
# add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$
domain logons = No
domain master = No
log file = /var/log/samba/%m.log
Quote:
Originally Posted by billymayday
Also make sure you have something like
Code:
log file = /var/log/samba/%m.log
That should make your life easier
I have added it to the [global] section. See the last line in the code above.
Quote:
Originally Posted by billymayday
To rule out selinux use "sudo setenforce 0" to turn it off, try to connect and turn it back on with "sudo setenforce 1". At least I assume ubuntu uses setenforce.
I'm going to try the changes above first, then I'll attempt the setinforce command. I want to see if the code changes make the difference, or if it's the setinforce. We're going to try to get the kids into bed, first, so it will take me a little while - an hour at most, I hope.
I also did testparm, & here's the output from that (bold/red emphasis is mine):
Code:
RCH-SERVER:/etc/samba # testparm smb.conf
Load smb config files from smb.conf
Processing section "[homes]"
Processing section "[profiles]"
Global parameter guest account found in service section!
Processing section "[users]"
Processing section "[groups]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[DATA]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
I don't guess that's a fatal error? I couldn't find a "service" section. However, in the [profiles] section there is a reference to the guest account:
Code:
[profiles]
comment = Network Profiles Service
path = /NW-DATA/
read only = No
store dos attributes = Yes
create mask = 0660
directory mask = 0770
valid users = david,april
admin users = david,april
guest account = admiral
guest ok = yes
Can that kill the ability to access the files from the XP boxes?
Try setenforce first - it will take 30 seconds literally
Lose the valid users in homes (at least for now)
Samba has General and Services (ie shares, printers, etc). You'll see in man smb.conf that they put (G) or (S) next to parameters so you know what they apply to (although some work in both but they don't label these (GS).
Nope, the code changes made no difference (OpenSuSE). I can't get into anything.
The setenforce is an invalid command in OpenSuSE. I did try
Code:
set enforce 0
& it made no difference.
I'm going to disconnect the OpenSuSE HDD, connect the Ubuntu HDD, reboot the server, and try the changes there, too. I'll give an update asap - the kids are all in bed, it wasn't as much of an ordeal tonight as I had expected.
root@RCH-SERVER:/home/admiral# setenforce 0
The program 'setenforce' is currently not installed. You can install it by typing:
apt-get install selinux-utils
bash: setenforce: command not found
root@RCH-SERVER:/home/admiral#
Does that mean Ubuntu HAS SELinux, or not? When I tried it in OpenSuSE, it just gave me an error message that the command was not found. Should I install it & try it again? (note, this is not my last build. I'm going to keep building until I can do it by myself and easily. Once I get it working (again), I'm going to make sure not to destroy the smb.conf file. Silly me! astid.)
Ok, I'm going to make the code changes now & will update you when I've done them.
[global]
workgroup = RCH-WORKGROUP
server string = %h server (File & Print Server)
map to guest = Bad User
; obey pam restrictions = Yes
; passdb backend = tdbsam
; pam password change = Yes
; passwd program = /usr/bin/passwd %u
; passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
username map = /etc/samba/smbusers
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
dns proxy = No
usershare allow guests = Yes
usershare owner only = No
panic action = /usr/share/samba/panic-action %d
encrypt passwords = yes
security = user
[homes]
comment = Home Directories
read only = No
[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0700
printable = Yes
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
[DATA]
comment = Network Data Drive
path = /NW-DATA/DATA
valid users = david,april
read only = No
browsable = yes
writeable = yes
create mask = 0664
force create mode = 0660
directory mask = 0775
force directory mode = 0770
None of the domain stuff was there, so I couldn't comment it out. But there were a few things that got me thinking ... The username map & the unix password sync. I guess I could comment them out to see (I'll try that after doing another server reboot.
And, I added the missing text in the [homes] section.
The latest "error" from /var/log/samba/log.rch-david
Code:
[2009/01/10 21:02:06, 0] smbd/service.c:make_connection(1366)
rch-david (192.168.2.81) couldn't find service ::{2227a280-3aea-1069-a2de-08002b30309d}
The latest entry from /var/log/samba/log.smbd
Code:
[2009/01/10 20:59:28, 0] smbd/server.c:main(1213)
smbd version 3.2.3 started.
Copyright Andrew Tridgell and the Samba Team 1992-2008
The bottom one doesn't raise any red flags to me (not that I'd see one if it was draped across my face!). But, the top one seems to think that there's some kind of missing service. I think this may be the "smoking gun" for which I'm looking. I think I need to figure out how to determine what services are needed, and what services are running.
Now I've just found something strange. The system didn't mount my RAID5 array (where the DATA resides). Let me get that mounted & see what I can find from there. When I tried to go to it in Windows Explorer, it just gave me an error saying "the network path was not found" - little wonder on that one!
# re-name or delete the /etc/mdadm/mdadm.conf file
sudo rm mdadm.conf
# remove mdadm
sudo apt-get remove mdadm
# re-boot
sudo shutdown -h now
# re-install mdadm
sudo apt-get install mdadm
#mount the array by running this:
sudo mdadm --assemble --scan
#should result in the following response:
/dev/md/0 has been started with 4 drives.
#Now, make the directory where the mounted array data can be found:
mkdir /NW-DATA
#Now, mount the data:
mount -t ext3 /dev/md/0 /NW-DATA
#& I should then be able to see the folder in PuTTY.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
