CentOS 5 Server :: Cannot Acess Samba Share Unless SElinux Is Off?
May 8, 2009
I don't think it has anything to do with the config file.More to do with SElinux. I need to know how to configure SElinux so I can see my samba share when SELinuxis on. When I setenforce 0 I can seen all the files and folders set it to setenforce 1 cannot see anything.Here is the output when I ran [root@fileserver /]# getsebool -a | grep smballow_smbd_anon_write --> onsmbd_disable_trans --> onThese two options were off I tried turning them on.This is another one of the commands I tried running. I did change a few options but I am not sure which I do need to change. I am running a stand alone server so I don't need the DC option.
[root@fileserver /]# getsebool -a | grep samba
samba_domain_controller --> off
samba_enable_home_dirs --> off
I'm running a Samba server (3.5.2-60.fc13) on Fedora 13 (64 bit). I want to share the user home directories and want to allow following of symlinks out of the share tree. So in smb.conf I used
unix extensions = no wide links = yes
For SELinux I did:
setsebool -P samba_enable_home_dirs=1 getsebool -a | grep samba samba_create_home_dirs --> off samba_domain_controller --> off
[code]....
However I can't follow the symlinks when mounting my home directory on a Windows machine, unless I disable SeLinux.
I'm using CentOS 5.3, and I want to allow my samba server from selinux. I disabled my selinux and it works fine, but I want to keep my seline firewall on and want to allow other workstation to access my samba server.
I don't think it has anything to do with the config file. More to do with SElinux. I need to know how to configure SElinux so I can see my samba share when SELinux is on. When I setenforce 0 I can seen all the files and folders set it to setenforce 1 cannot see anything.
Here is the output when I ran [root@fileserver /]# getsebool -a | grep smb allow_smbd_anon_write --> on smbd_disable_trans --> on
These two options were off I tried turning them on.
This is another one of the commands I tried running. I did change a few options but I am not sure which I do need to change. I am running a stand alone server so I don't need the DC option.
[root@fileserver /]# getsebool -a | grep samba samba_domain_controller --> off samba_enable_home_dirs --> off samba_export_all_ro --> on samba_export_all_rw --> off samba_share_nfs --> off use_samba_home_dirs --> on
I'm trying to set up a test system for Windows 7. I've been having trouble getting it to map drives on the domain where I work, so I wanted to set up a test system with a similar setup so I can play around with settings without mucking up our network. Only problem is I can't get it configured to even work with XP, which does work on our domain.
When I type \server in the Run box I get the explorer window showing all of the test shares I've set up. But when I try to access them, it says the network path could not be found. Here is my smb.conf file:
[global] workgroup = MAJOR netbios name = VPN realm = MAJOR.COM
I installed Samba on CentOS, create a principal share called "public" . I want to populate this share with subfolders, and to grant access rights to specific folders for specific users. The content of "public" will be visible for all Samba users, but they will have read/write access only to the specified subfolders based on my security policy. I need the best way for doing this kind of stuff...
I can't be the first one with this problem. What am I missing?
I have setup Samba servers in the past, just none under SELinux. The last one I configured was a couple years ago, so I wouldn't doubt I'm a bit rusty.
---- Environment summary: Clean server install of CentOS 5.4 includes SELinux - lets call this 'server' - updated samba to 3.0.33-3.15.el5_4.1
Client1 - Windows XP sp4 - WINS configuration uses 'server' noted above Client2 - Windows Vista - WINS configuration uses 'server' noted above
---- What works / what doesn't ------ Clients can see the server (XP and vista) in network neighborhood. The following does not work from windows (xp or vista) net view net view \server net view \server-ip net view \servershare
This does work on the server smbclient -L \server smbclient -L \server --user validuser smbclient -L \client1 --user validuser
---- What I have configured and tried (config/output below) -------- firewall ports for samba are open SELinux enforcing or permissive file context is set on share samba booleans are set
***firewall -A RH-Firewall-1-INPUT -s 192.168.0.0/24 -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.0.0/24 -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.0.0/24 -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.0.0/24 -m state --state NEW -m tcp -p udp --dport 139 -j ACCEPT
***SELinux mode/booleans # sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: permissive Mode from config file: enforcing Policy version: 21 Policy from config file: targeted
# getsebool -a | grep smb allow_smbd_anon_write --> off smbd_disable_trans --> on
# getsebool -a | grep samba samba_domain_controller --> on samba_enable_home_dirs --> on samba_export_all_ro --> off samba_export_all_rw --> off samba_share_fusefs --> off samba_share_nfs --> off use_samba_home_dirs --> on virt_use_samba --> off
I'm trying to set up a VPN connection between our CentOS 5.3 server at work and my bosses XP computer at home. At this point, we are kinda locked into Quickbooks. I'm testing the connection from my XP boot at home to see if it works. I can log into our servicemanuals easily enough from XP at home however, the windows takes forever to update. I have the Samba server only listening on port 445 because is seems to work more efficiently at work. I connect to the Samba shares via linux from home and everything works well but, when I try to do anything with the shares from Windows client at home, it's very slow!
I'm thinking that it must have something either to do with the Windows OpenVPN client or the client.conf file. Is there anything I should look at in the .conf file for answers?
I'm trying to set up quota limit in samba-3.0.33-3.15.el5_4.1 in CentOS 5.5, by means of the module vfs objects. In the samba howto [1] I found a very brief explanation, but it isn't working for me. The basic idea is to setup a user called 'quota2g' (uid 499) and setup the [homes] share, as it comes by default, to enforce the quota on each user share.quota2g:x:499:499:User quota 2GB:/home/quota2g:/bin/bash
I am trying to mount a file server directory on a client machine. I tried using NFS, but could not mount the share on the client. Several respobses were given to a post on this problem. but I still was not able mount the NFS share. I decided to try instead to mount the directory as a Samba share because I can already access it using Samba from windows, or from KDE or Gnome using smb://fileserver as a desktop location icon URL. When I try to mount the Samba share I get error messages that nearly identical those that occurred with NFS. . Here are some of the setup parameters
CentOS 5.4 on client and server behind a D-Link router server IP: 192.168.0.44 (can ping it client) client IP: 192.168.0.101 (can ping from server)
[code]....
This is the only error message that these commands have produced in the messages log, secure log or smbd log for either machine. My immediate goal is to set up the simplest possible local mount that will allow Grsync to backup to the file server.
I have set up a Samba share via my CentOS 5 server (the samba share is actually a mounted filesystem, not local machine space). I have been successful in adding permissions for my windows users within the smb.conf, but have an additional need that I cannot figure out. I would like for my Windows administrators to be able to create folders and assign permissions from their machines (and their Windows GUI). Ultimately I need the folders on the Samba share to behave correctly when Windows group permissions are applied by these administrators.
When the folders are created, the "Everyone" identity cannot be deleted and sometimes "Creator Owner" or "Creater Group" show up. I have seen several threads start down this path, but haven't seen a definite answer (I may have just missed it!).
I've to make a Windows 2000 share on my Server Linux CentOS 5.1 with all the updates installed with yum. I've a directory on a Windows 2000 that contains some images for a catalogue. I have my internet site on CentOS 5.1 with a Apache - Mysql - PHP web server. I have to mount my directory on a share in /mnt/catalogueimages and made a symbolic link from my /var/www/html/mysite/catimages to this samba share.
This is what I do following your guide a this link: [URL] I have placed in my /etc/fstab this line: //SERVER/C/Catalogue /mnt/catalogueimages cifs user,username=Administrator,password=,uid=apache,gid=apache 0 0 My Windows 2000 server have no password.
After that I made the symbolic link: ln -s /mnt/catalogueimages /var/www/html/mysite/catimages All it's OK.
The problem is that I can't see the images via browser. I have tried also to put some images in the directory /mnt/catalogueimages, deleting the mount point, in order to see if the problem was in apache: the images are visible via browser. Why I don't reach to see the images mounted with samba?
i did install and configure samba buy google tutorials. I can ping the centos box from windows but cannt access folder which is on centos. I can ping the machine.
cannot restrict share access to a single user. I've played with the security and valid users options in the smb.conf and I can get it to mount if I remove the valid users option, but this does not provide the access restriction I need. I also left it open and tried making the folder permissions rwx for backupadmin only and that didn't work. I'm using a credentials file which I include below, but I've tried manually entering them in the command too.
[root@aaphst02 /]# mount -t cifs //aapsan01/aapxen01 /mnt/aapxen01 --verbose -o credentials=/root/smbcreds mount.cifs kernel mount options: unc=//aapsan01aapxen01,ip=10.0.1.34,user=backupadmin,ver=1,rw,credentials=/root/smbcreds,pass=********
I always thought that whenever /usr/sbin/setsebool was used, it would write either a "0" or a "1" into the corresponding boolean file. All SELinux boolean files are in /selinux/booleans but If I check, for example, this boolean ...
$ sudo /usr/sbin/getsebool ftp_home_dir ftp_home_dir --> on
It returns a positive, but if I do
$ sudo less /selinux/booleans/ftp_home_dir
I get ... read error (Press Return)
Furthermore, if I list the boolean file itself, it shows it to be empty
$ sudo ls -l /selinux/booleans/ftp_home_dir -rw-r--r-- 1 root root 0 Aug 9 11:09 /selinux/booleans/ftp_home_dir
I just installed my HP DeskJet 1220C printer on my CentOS 5.2 server, and it's working apart from one GIANT issue: It only prints from my Windows machines via its Samba share. It won't print from any of my Linux machines, not even the machine itself. I seem to be stumped here, I cannot find a reason why its doing this.
The file permissions on the folder are RW for user,group and world.(umask=0000) My main problem is with SELinux, I've tried to audit2allow and that seemed to work, all I had to do then was chcon the directory and files to type samba_share_t but the tool fails with Operation Not Supported. Am I to assume you simply cannot share files from a mounted ntfs drive under SELinux? Because I've just spent 2 hours trying and I've just about ready to just give up and just go back to windows when I need to share those folders. There's no way i can copy the folder contents to my Linux partition, far too big for that. Has anyone EVER been able to do this? Do I have to disable SELinux to do it?
I have Linux installed on one machine with samba running and a second machine running XP. They are going through my router and I am using the same username/passwords for both machines and I have even gone to the point of allowing access to everyone for the share I created and the worgroup in samba is MSHOME just like my XP machine. When I view (or search) my workgroup computers my Linux machine shows up and so do the shares I created but when I try to open them I just get a message that permission is denied and I may not have permission to use this resource. I even tried setting access to the shared folder to 777 but still I can't open this share. Has anyone got any idea of why this is?
I'm able to connect to ftp as a virtual user. It was also difficult as nowhere mentioned, that it should be done with SSL. Anyway I found the answer and got connection. But now I can't connect to ftp server as system user. It gives me "530 Permission denied", or if I delete the user from the file denied_users, - "530 Login incorrect".
1. Still I can't understand, how I can log in to FTP server with a system user.Also some other questions regarding this matter:
2. My httpd server Apache has a virtual hosts located in "/home" directory.The scripts create users in "/var/ftp virtual_users". Will it cause any problem if I will change them to "/home"? All I need to do with this is ability to have several virtual hosts in one server with separate access to each of them via FTP. And 1 account with access to all files in "/home".
3. In my ftp client I can see the owner of virtual host "ftp" instead of username.
I have a LAN of about 70 computers that I would like to share media files between. I have gotten to the point with Samba that I can view the files without a username/password from client PC's. I would like to make all the folders read only except for one which will be writable for everyone. The thing that I am having a hard time with is allowing a couple of administrators (on Windows 7 machines) read/write access for all files/folders. I am completely new to Ubuntu and Samba so please make explanations thorough. Here is /etc/samba/smb.conf file:
Have an issue with my CentOS server. I have a fully updated Centos 5.5 server and I have samba set up to serve shares to a couple of groups in my home office. I have it set up to force user/group and force directory create mode 770 and force file mode of 770. This set up works perfectly well for normal connections to the server; no matter who connects, all files and directories are owned by the specified users/group and create modes I specify. The problem is when I try to rsync some files to the same shares. When I do this, rsync ignores the directory/file forced create mode. It will honor the user/group, however. As an example, if I create a directory on one machine connected to the samba share, I get the following:
I've setup a samba server on a centos 5 machine and am trying to connect to it via a windows 7. The problem I'm encountering is that the only share I am able to connect to is the tmp share. It doesn't matter if it is a protected share or not, I always get a "network path could not be found error" when trying to open the share from windows.
Fairly new Linux user, running Fedora 12, attempting to set up a simple Samba share to share files with a Windows box. I've gotten to the point where I can connect from the Windows box, and see a home directory and the directory I'm trying to share. The home directory is accessible and works as expected, but when I try to access the other directory I get "The network path could not be found."
I have a Samba Share which is mounted on various linux systems throughout the network. Whenever any of my user access those files using vim, Gedit it works fine and get perfect permissions to read/write those files. but whenever they try to open with any php IDE (quanta plus, geany, eclipse-pdt) they get error while saving those files. I dont think it is a permission or samba issue because we are able to edit/save those files using normal editors..
This is my first post. I am not all that new to Linux. I have done lots of reading on the OS but always felt a little timid when it came to trying out stuff.Here is my problem I have a stand alone samba server I am trying to setup to share all my digital photos and other doc. I can see the share from other machines. On the windows machines you can see the users home directory and the share itself in an folder icon. Whenever I try to access the share it asks for a passwd. I enter the passwd and the share folder is visible when I click on the folder I get and error message.
using OEL 5.4, which uses Gnome 2.16 interface I can see my share from Windows, but whatever I do, I get messages that my share is not accessible. The whole user thing is quite complex, dont understand what user I should use on Windows, what password, what user should have what rights on linux.
I'll post smb.conf tomorrow ... The problem is that Windows lacks any decent error message, stating what kind of error message. Is there no Samba client for Windows?
I want to share a same directory so that it can be accessed by both Linux clients & windows clients. how can i do this? i want to share that directory with both NFS & samba services. Is it possible to do this?
I have to rename a group of machines in my little samba domain (tbd backend) but there is an ugly bug that makes this impossible. have set 'rename user script' variable corectly, also checked all configurations.When i change computer name in my windows box, it shows an error saying something like "Error calling remote procedure"Looking on server side, username for the machine gets correctly changed in /usr/passwd, and also in samba database.But samba log says:
=============================================================== [2009/10/08 11:10:32, 0] lib/fault.c:fault_report(42) INTERNAL ERROR: Signal 11 in pid 11052 (3.0.33-3.7.el5_3.1)
I am using Cen OS 5. I have configured Samba server on it. I create a accounts suppose tom and 2nd is jarry in my samba server and map it in my windows xp computer as P drive (Private Drive) where the users can access their home directories. When tom tom enter into own account he can access his own home folder and same position with jarry. I want to create a common share drive using samba where all samba users can keep their data with their respective folders normally s drive i.e share drive. They can create file and folders and even all users can access the files of each others. Like tom can access jarry files and jarry can access tom files or folders to share their office work with each others.I want to know is it possible in samba to create a common share drive where all users share their files each others.
