I installed Samba on CentOS, create a principal share called "public" . I want to populate this share with subfolders, and to grant access rights to specific folders for specific users. The content of "public" will be visible for all Samba users, but they will have read/write access only to the specified subfolders based on my security policy. I need the best way for doing this kind of stuff...
View 1 RepliesI am using samba t share my files.I am sharing /media/MEDIA folder. it is a ntfs partition mounted with ntfs-3g with write/read access from linux.I can see and browse my shares and also create files in the root of this partition, ie /media/MEDIA, but in its subfolders i do not have write permissions.
another interesting thing is that i have permission to create directory and delete files everywhere and in any folder, subfolder but when trying to create files i get not enough free disk space error.by the way i dont know if this config file is correct, i find as template in internet.
I'm trying to set up a test system for Windows 7. I've been having trouble getting it to map drives on the domain where I work, so I wanted to set up a test system with a similar setup so I can play around with settings without mucking up our network. Only problem is I can't get it configured to even work with XP, which does work on our domain.
When I type \server in the Run box I get the explorer window showing all of the test shares I've set up. But when I try to access them, it says the network path could not be found. Here is my smb.conf file:
[global]
workgroup = MAJOR
netbios name = VPN
realm = MAJOR.COM
[Code]....
I can't be the first one with this problem. What am I missing?
I have setup Samba servers in the past, just none under SELinux. The last one I configured was a couple years ago, so I wouldn't doubt I'm a bit rusty.
---- Environment summary:
Clean server install of CentOS 5.4 includes SELinux
- lets call this 'server'
- updated samba to 3.0.33-3.15.el5_4.1
Client1 - Windows XP sp4 - WINS configuration uses 'server' noted above
Client2 - Windows Vista - WINS configuration uses 'server' noted above
---- What works / what doesn't ------
Clients can see the server (XP and vista) in network neighborhood.
The following does not work from windows (xp or vista)
net view
net view \server
net view \server-ip
net view \servershare
This does work on the server
smbclient -L \server
smbclient -L \server --user validuser
smbclient -L \client1 --user validuser
---- What I have configured and tried (config/output below) --------
firewall ports for samba are open
SELinux enforcing or permissive
file context is set on share
samba booleans are set
***firewall
-A RH-Firewall-1-INPUT -s 192.168.0.0/24 -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.0.0/24 -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.0.0/24 -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.0.0/24 -m state --state NEW -m tcp -p udp --dport 139 -j ACCEPT
***SELinux mode/booleans
# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: permissive
Mode from config file: enforcing
Policy version: 21
Policy from config file: targeted
# getsebool -a | grep smb
allow_smbd_anon_write --> off
smbd_disable_trans --> on
# getsebool -a | grep samba
samba_domain_controller --> on
samba_enable_home_dirs --> on
samba_export_all_ro --> off
samba_export_all_rw --> off
samba_share_fusefs --> off
samba_share_nfs --> off
use_samba_home_dirs --> on
virt_use_samba --> off
***filesystem
# semanage fcontext -a -t samba_share_t �/share/photos(/.*)?�
# restorecon -R -v /share/photos
***Disks
]# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/sda3 9920624 2070872 7337684 23% /
/dev/sda1 101086 19146 76721 20% /boot
tmpfs 1846656 0 1846656 0% /dev/shm
/dev/mapper/VolGroup00-xen
100791728 202540 95469188 1% /xen
/dev/mapper/VolGroup00-photo00
251981556 191716 238989840 1% /share/photos
/dev/mapper/VolGroup00-dmsdoc00
100791728 192256 95479472 1% /share/alfresco
none 1846656 104 1846552 1% /var/lib/xenstored
***smb.conf
[global]
workgroup = workgroup
netbios name = server
security = user
name resolve order = wins hosts lmhosts bcast
encrypt passwords = yes
hosts allow = 192.168.0.
hosts deny = 192.168.122.
interfaces = eth0
passdb backend = tdbsam
oslevel = 222
local master = yes
domain master = yes
preferred master = yes
cups options = raw
username map = /etc/samba/smbusers
wins support = yes
log level = 4
guest ok = yes
[photo]
comment = Photos
path = /share/photos
read only = yes
guest ok = yes
I have configure few folders access by 3 users, In common folder only users that create that document can do changes. The rest of the users can only read the file but can not do changes. Ownership of the folder is admin, group is sambashare which already have the access create and delete files. All the 3 users already in sambashare main group, and they only can edit the file that they copy or create to the common folder .........
View 5 Replies View RelatedI have currently have opensuse 11.2 installed. I am trying to setup samba shares which you can only access as certain user. Currently looks like the only way I can access these share is use root username/password!
I want to which GUI I need to use to setup this up properly. And of course what setting to exactly to use.
how to configure samba share that users from ip pool (for example 192.168.1.200-210) have accest without login and rest users form ip pool (192.168.1.2-199 and 192.168.1.211-254) have to past autorization.
View 1 Replies View RelatedI've been reading for a while about samba but I haven't found a solution to my problem yet.I'd like to know if, the configuration I have in mind, is possible at all ("security = user" is what I'm using now).I want a directory to be:
1) read only for guests and some UNIX users;
2) write for some other UNIX users.
The advantage of this configuration would be that every single user in my LAN (with or without a UNIX account) would be able to read the content of the shared directory Music and I (UNIX user andrea) could manage the folder directly trough samba preserving the correct owner/group and permissions on the new files/folder created.
Notes about my configuration above:
1) as it is now every user gets authenticated by samba as nobody so even I (andrea) cannot write in it;
2) commenting out the line "guest ok = yes" I can authenticate as "andrea" and write in it but guest access is not possible any longer.
i did install and configure samba buy google tutorials. I can ping the centos box from windows but cannt access folder which is on centos. I can ping the machine.
View 9 Replies View Relatedcannot restrict share access to a single user. I've played with the security and valid users options in the smb.conf and I can get it to mount if I remove the valid users option, but this does not provide the access restriction I need. I also left it open and tried making the folder permissions rwx for backupadmin only and that didn't work. I'm using a credentials file which I include below, but I've tried manually entering them in the command too.
[root@aaphst02 /]# mount -t cifs //aapsan01/aapxen01 /mnt/aapxen01 --verbose -o credentials=/root/smbcreds
mount.cifs kernel mount options: unc=//aapsan01aapxen01,ip=10.0.1.34,user=backupadmin,ver=1,rw,credentials=/root/smbcreds,pass=********
[Code].....
This is my first post. I am not all that new to Linux. I have done lots of reading on the OS but always felt a little timid when it came to trying out stuff.Here is my problem I have a stand alone samba server I am trying to setup to share all my digital photos and other doc. I can see the share from other machines. On the windows machines you can see the users home directory and the share itself in an folder icon. Whenever I try to access the share it asks for a passwd. I enter the passwd and the share folder is visible when I click on the folder I get and error message.
View 14 Replies View RelatedI'm running Ubuntu 9.1 server on an PII Compaq. Read an article "Samba: How to share files for your LAN without user/password" [URL] and some others and can see and pull up files, can't change or delete. Here is my smb.conf:
# Sample configuration file for the Samba suite for Debian GNU/Linux.
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options most of which
# are not shown in this example
# Some options that are often worth tuning have been included as
# commented-out examples in this file.
# - When such options are commented with ";", the proposed setting
# differs from the default Samba behaviour
# - When commented with "#", the proposed setting is the default
# behaviour of Samba but the option is considered important
# enough to be mentioned here .....
Hi,
I'm pulling my hair out trying to figure out what is wrong with my Samba share. I have set up a directory /samba to serve up some movies, music, etc, on an Ubuntu 10.04 Server box. For now, I have given that directory 777 permissions, along with the subfolders:
Code:
drwxrwxrwx 4 michal michal 4096 2010-06-22 18:02 Apps
drwxrwxrwx 3 michal michal 4096 2010-06-22 19:02 Music
drwxrwxrwx 3 michal michal 4096 2010-08-14 19:27 Pics
drwxrwxrwx 5 michal michal 4096 2010-06-22 19:48 Video
This is how my smb.conf file looks like for this particular share:
Code:
[share1]
comment = share1
browsable = yes
path = /samba
write list = michal
Furthermore, I went ahead and mapped the Samba user to my Linux user account in /etc/samba/smbusers:
Code:
michal = "michal"
When I try to login from a Windows machine using michal as the username, I can see the folders, but I am unable to create new files on the share. Considering that the file system permissions are liberal on the share directory, I have no clue as to why I'm still getting denied write permission.
Any ideas? Thanks!
I have installed Samba and the Guest only share i've created works, I can connect and view, edit, create, delete files fine... However...I can NOT see or create subfolders.Google searches and playing around for six odd hours and no success...
----------smb.conf--------------
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
[code]....
On our web server I want to have a WebDAV folder and I would like customers to be able to log in with MySQL authentication from our customers database (this I have set up with no problems and it works fine). HOWEVER, I want each customer to have their own subfolder and, having logged in with access to the main WebDAV folder, I want each customer ONLY to be able to access their own subfolder(s). I don't mind them seeing other subfolders exist but obviously I don't want them to have access to other customers subfolders.
OK, of course I could achieve this by adding new WebDAV locations to the httpd.conf for every customer but with a large number of customers httpd.conf will become very large and messy. I have tried applying further restrictions by putting an .httaccess file in each subfolder but that doesn't work - indeed the presence of a .htaccess file oddly prevents users from seeing any other files in the subfolder but has no effect on the access.
I don't think it has anything to do with the config file.More to do with SElinux. I need to know how to configure SElinux so I can see my samba share when SELinuxis on. When I setenforce 0 I can seen all the files and folders set it to setenforce 1 cannot see anything.Here is the output when I ran [root@fileserver /]# getsebool -a | grep smballow_smbd_anon_write --> onsmbd_disable_trans --> onThese two options were off I tried turning them on.This is another one of the commands I tried running. I did change a few options but I am not sure which I do need to change. I am running a stand alone server so I don't need the DC option.
[root@fileserver /]# getsebool -a | grep samba
samba_domain_controller --> off
samba_enable_home_dirs --> off
[code]....
Lately I'm getting this question a lot.For every project I want to create a tree like this:
Code:
- project
- drawing
[code]...
I'm using on my smb.conf
# Sincronizacion de cuentas LDAP, NT y LM
# unix password sync = Yes
ldap passwd sync = Yes
[code]....
I'm trying to set up a VPN connection between our CentOS 5.3 server at work and my bosses XP computer at home. At this point, we are kinda locked into Quickbooks. I'm testing the connection from my XP boot at home to see if it works. I can log into our servicemanuals easily enough from XP at home however, the windows takes forever to update. I have the Samba server only listening on port 445 because is seems to work more efficiently at work. I connect to the Samba shares via linux from home and everything works well but, when I try to do anything with the shares from Windows client at home, it's very slow!
I'm thinking that it must have something either to do with the Windows OpenVPN client or the client.conf file. Is there anything I should look at in the .conf file for answers?
I'm trying to set up quota limit in samba-3.0.33-3.15.el5_4.1 in CentOS 5.5, by means of the module vfs objects. In the samba howto [1] I found a very brief explanation, but it isn't working for me. The basic idea is to setup a user called 'quota2g' (uid 499) and setup the [homes] share, as it comes by default, to enforce the quota on each user share.quota2g:x:499:499:User quota 2GB:/home/quota2g:/bin/bash
View 1 Replies View RelatedI have been having off and on issues with my samba file shares. I am sharing a NTFS formated hard drive where the mount point is in my home directory, as well as a printer connected via USB. I am to the point where printing works (using it as an ipp print share, samba is configured for it, but I don't know if it works or not), and I can access the shared folder from Windows, but I can't access the shared folder from any Ubuntu machine. I get the error:
[Code]....
i have created a user like this :
useradd -d /home/testuser -s /bin/bash -c "Test User" testuser
passwd testuser
After this beeing done, i whant to login with this user via ssh using putty. Do i have to set-up something in centos 5.3 to allow user logins via ssh? With root user i can login without problems.
I have setup a Centos5.5 VMWare guest with Samba and Winbind for Active Directory integration, using GUI tools. Authentication works flawlessly, with automatic home directory creation. What I want to achieve now is using local UNIX groups to controll access to shared folders, to avoid bothering AD administrators with groups management. This is my smb.conf global section:
workgroup = COGITANS
password server = domainserver.hq.cogitans.it
realm = HQ.COGITANS.IT
security = ads
[code]....
'finance' is a local UNIX group where I added user 'COGITANSalberto' (I also tried with 'alberto') as a secondary group (primary group is 'domain users' and it cannot be changed). I am sure the user is added, because it is listed in 'getent group'. If I specify user COGITANSalberto in valid users it works, i.e. only that use can access the share, the others get a NT_STATUS_ACCESS_DENIED error. But if I use +finance, access is denied to everybody, and this is the log:
[2010/09/11 14:12:37, 10] smbd/share_access.c:user_ok_token(211)
User COGITANSalberto not in 'valid users'
[2010/09/11 14:12:37, 2] smbd/service.c:make_connection_snum(617)
user 'COGITANSalberto' (from session setup) not permitted to access this share (finance)
[code]....
It seems like winbind cannot recognize finance as a local group. For the same reason, I guess, 'force group = finance' does not work either (files are created with 'domain users' group ownership). My /etc/nsswitch.conf:
passwd: files winbind
shadow: files winbind
group: files winbind
Grants and ownership on the '/repositories/shared/finance' folder are
root:domain users with permissions 775
I'm planning to use a virtual CentOS box for web development (to use the same software as on the real server). I configured Samba to have root guest access to /var/www/ but it doesn't let me in /var. Chmod 777 doesn't help. Nethertheless, I have full access to /sbin and /etc.
View 2 Replies View RelatedHow can I set permissions for users within the share?
Example: I have a share called Programming and some user can create folders within it most others can not, can read the documents.
How do I set permissions?
want to made 2 users in samba by which windows machine we access share, say user1 has read,execute permission, user2 has read write delete update full permission. we have done user1 configuration as premia user. we need your guideline for user2
we change the smb.conf file
# less /etc/samba/smb.conf
[global]
[code]...
when client goes to bind to NFS share on remote server - they are getting access denied when using the mount command; [SERVER] - CentOS 5.3 /etc/exports /mnt/data 192.168.5.199(rw) - implying the client I want to have access
[Code]...
Im trying to config my intranet to be accessible from inside the network (lan) without need of password and ask for a passwd for those who are viewing from Wan ....
Today my intranet can only be accessed from Lan, external access give me an Unauthorized message, I took look around, try #irc and still can get the appropriated help, I hope that someone here could help me on that...
A piece of my config:
Code:
The company I work for, as usual, is Microsoft-centric. I'm attempting to integrate my Ubuntu server into the domain to allow domain users to authenticate to the server and access file shares using Samba. Here's my current configuration:
[Code].....
I've installed Ubuntu Server 7.10 Gutsy and Webmin 1.500 on it. The thing that I want to do is: I want to share a folder an sub folders for windows users ( guest user) I should modify those folders from my ubuntu desktop 9.10 karmic they are all same folders. Is it possible? if yes how can i make it. you can tell from webmin or samba configuration file.
View 8 Replies View Related