Fedora Servers :: Samba Shares And Windows Vista - Cannot Authenticate
May 22, 2009
I had an older fedora box (I think it was Core 3) that acted as my file server in my small network (4). It worked fine when I had all XP clients connecting to it. Recently we decided to get all new computers. So now I have a fedora 10 box acting as my file/print server and all Vista Home premium computers as the clients. For the life of me I can not get samba to work. When I try to map the network drives on windows it will not let me authenticate. I install swat and try it that way, still no luck. Here is a copy of my smb.conf file:
Code:
# Samba config file created using SWAT
# from UNKNOWN
# Date: 2009/05/19 21:47:31
[global]
workgroup = AIVILANET
server string = Bighat Samba Server
interfaces = eth0
null passwords = Yes
smb passwd file = /etc/samba/smbpasswd
passdb backend = tdbsam
username map = /etc/samba/smbusers
syslog only = Yes
announce version = 5.0
name resolve order = hosts wins bcast
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = CUPS
wins support = Yes
[HP-LaserJet-1200]
comment = HP LaserJet 1200
path = /var/spool/samba
read only = No
printable = Yes
printer name = HP-LaserJet-1200
oplocks = No
share modes = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[home]
path = /home/savona/
username = savona
valid users = @Users
admin users = savona
write list = savona
force user = savona
force group = savona
read only = No
hosts allow = 10.0.0.2
I setup shares on a fresh install of Ubuntu 9.10 via the shared folders application from here: [URL]. The shares are visible on my vista laptop but when I go to open them I get an error "you might not have permission to use this network resource". I set the smbpswd to nothing via the method in the above article as well and my /etc/samba/smd.conf has the follow lines:
[300] path = /media/Secondary Storage available = yes browsable = yes public = yes writable = no
[500] path = /media/New Volume available = yes browsable = yes public = yes writable = no
The company I work for, as usual, is Microsoft-centric. I'm attempting to integrate my Ubuntu server into the domain to allow domain users to authenticate to the server and access file shares using Samba. Here's my current configuration:
Intent is to use samba+winbind to authenticate Ubuntu desktop against a Windows 2008 R2 domain (seems like I was able to get it working temporarily but it stopped working after some time). Quick overview of the issue: winbind is failing to lookup group ID's for a domain user causing the domain user to receive group errors on login and an inability to use domain groups in other configuration (sudoers, etc)
- Very basic install, boot to Ubuntu Desktop 10.04 LTS 64bit install, basic install options, perform software updates
- Following an Ubuntu AD HowTo [URL]
- Install kerberos, samba, winbind packages
- Make changes to krb5.conf, smb.conf, files in pam.d/ (to make the home directory and restrict login based on group membership, which works even in the half-working state but requires SID instead of text name)
After a reboot I can login as a domain account but I get the following error(s):
groups: cannot find name for group ID #####
##### is usually a number that ranges from 10000 to 10020, based on the smb.conf line regarding idmap I will get multiple group errors (one for each group that the user belongs to that winbind can't lookup for whatever reason, some groups can be resolved - see below) If I log-out and then log-in as a local user I can run the following command: id username The output returns something similar to the following:
uid=10002(username) gid=10003(domain users) groups=10003(domain users),10033,10032,10031,10030,10029,10028,10027,1 0026,10025,10024,10023,10022,10021(some group),10020,10019,10018(some other group),10017,10016,10015,10014,10013,10012,10011(s ome other other group),10010,10009,10008,10007
On a working system (Ubuntu 10.10 and when 10.04 decides to work) each group is followed by parenthesis' and the name of the group, this result clearly shows that some groups can be looked up but for some reason other groups are failing An output of /var/log/samba/log.winbind produces the following entries (that are logged when you run the id command)
The above repeats for what looks to be each group that fails (based on count of entries)If I use wbinfo I can resolve text group name to SID and SID to GID
wbinfo -n groupname (returns proper SID) wbinfo -s SID (returns proper text group name) wbinfo -Y SID (returns proper linux mapped group ID)
Following that process for a group that my user belongs to that is not resolving (via the id username command) will return the group ID (GID) properly (even though id username fails to lookup info for that same GID) Version Information:
uname -a Linux hostname 2.6.32-33-generic #71-Ubuntu SMP Wed Jul 20 17:27:30 UTC 2011 x86_64 GNU/Linux lsb_release -a No LSB modules are available.
I am running Ubuntu 10.10 and have 5 shares that I have setup for Samba (assume names of share1, ..., share5). I find that shares(2,3,4) are accessible from my MS Windows system, but the share1 and share5 are listed but Windows gives an error accessing them that I may not have permissions.I have reviewed the sharesve the same owner, group, and permissions.Is this a known Samba bug or configuration issue? I have gone through the smb.conf file multiple times as well as examining the directories and do not see what the issue might be.
Does anybody know if there is a quick and easy way to simply disable samba security to avoid "Access Denied" errors when trying to access shares via Windows XP?
I'm having trouble setting up samba to work with my vista machine. Whenever I try to mount certain shares I'm getting error 13- permission denied. Specifically, I'm trying to mount my entire C: with this command at the console:
The funny thing is that I CAN mount some other shares, but not all. My distro is slack-current. I've been following as many relevant threads on this issue for a while now and have tried as many of the suggestions as I could understand, but it's getting to the point that I've lost track of what I've tried and what I haven't. Things I have tried:
Checking permissions on the shares: seem to be ok enabling encrypted passwords: not sure if I did it right. editing the registry for LmCompatablity
I'm having some troubles with my samba shares on a fresh install of Fedora 10 x86_64 on my laptop. The laptop has only the KDE Desktop environment. I'm trying to share between this computer and my homebrew server via a wrt54g linksys router running DD-WRT firmware. The server is running Fedora 9 i386.
The shares on the server can be read by the laptop, and I have been consistently able to mount the server shares on the laptop using mount.cifs, but only when the firewall on the server is down. Shares are only visible between the machines when the firewall is down on the machine containing the share. I set up the shares using the system-config-samba tool, and the firewalls are both set to allow samba server and samba client. I can typically see the laptop from the server, but not the shares, and only when the laptop firewall is disabled. I can access the Laptop shares from the laptop. When trying to mount the laptop shares on the server, a warning message stating that the mount failed appears. Shares show up as correct in both the system-config-samba tool, and the KDE sharing tools. The share shows a "shared" icon in the dolphin browser.
From all that I know, the shares should work perfectly. I've searched the web, perused the man pages and how-to's, and combed through the forums, and everything I've found tells me that the shares should be working. Since they are not working, it leads me to believe that I must have made a mistake someone and not noticed it.
I setup a Samba share and I cannot connect. I can mount in on local host but when I CD to the folder I mounted the share on I get access denied when I run ls.
I am in the process of migrating my small workplace to a basic spin i've created of f14. Everything is suave but some file browser windows eg: file upload in gmail, hotmail etc, does not show my samba shortcuts i've created nor even the option to browse the network in the "places" section. It shows other locally created shortcuts but no samba ones. Just to test it, even creating an ftp:// shoftcut yeilds no dice. I had a quick search through the forums and I couldn't find anything. I have a feeling this has an easy solution that my inferior brain cannot comprehend! Loving F14 on my macbook pro and so are my employees in my office! Feels much less bloated than Ubuntu IMHO.
I have set up a file server (Ubuntu Server Edition) for our lab. People can connect to common Samba file shares from their personal laptops/desktops, which run either Windows Vista or Mac OSX. The guys with OSX have upload/download speeds of ~2 MB/s, while the Vista machines are slogging away at ~200kb/s for downloads and ~400kb/s for uploads. In both cases, the connection are through wired ethernet ports which should function identically. Since the Macs work fine on the same network, I assume this is a Vista issue.
I have tried troubleshooting one of the Vista machines by: 1. Turning off the Remove Differential Compression feature 2. Disabling autotuning following these instructions 3. Adding a registry key following the same link above.
But nothing has improved. Anybody have any advice on addition tweaks to the Vista machine? Is there a chance that this is actually a server-side/samba issue?
I'm trying to use Windows 7 to connect to a Samba server (running Ubuntu 11.04).
Server is named Mars. Below is my Samba configuration file. I can ping the server, and connect to it via RDP and ssh, so i know its not a network connectivity issue. What else could it be?
Code: [global] log file = /var/log/samba/log.%m server string = %h server (Samba, Ubuntu) winbind enum users = no force group = nobody
I had a Samba server that worked as expected, but after four years of operation, I had to upgraded for a different reason. After much pain and agony, Samba *almost* works.The Big Problem: On XP, the Samba server "Scully" appears in "My Network Places". On the Vista and Win7, the server is not seen in "Network". The shares can be accessed and mapped if the name \Scully or IP address is provided \192.168.X.Y, but it can not be browsed.
I have samba allowing only known users, and on the ubuntu side, I have the folder permission 777. I have the same exact samba smb.conf file(locations of course matching new server), but I can't get it to authenticate with the new server(Old server is up and running too) and I'm lost. I thought I had it figured out when I did my last server, but I seem to be missing something on this one.
I'm running Ubuntu 10.04 on a VM and I'm trying to automatically mount two shares from the Windows Vista SP2 host. Currently this is failing with the message "mount error(112): Host is down".
I recently upgraded VMWare Server. Before the upgrade I was able to mount shares without a problem. I can still mount shares on the host using the builtin "Connect to server" feature in Gnome. The problem I'm running into is mounting shares via the command line or via fstab. The relevant lines from my fstab are below.
Just a couple notes: the IP address of the host is static on the virtual network, so using the IP address as the server name should not be an issue. Also, I am able to ping the host fine (which obviously must be true for me to mount using the Gnome feature).
This is (I suspect) a Mac OS issue but they've given no help (or replies!) on Mac forums so I'll ask here.I've just got a Mac and I can connect to shares on my Ubuntu (10.04) server, read files and create directories but I cannot write. I get this error:"The operation cannot be completed because you do not have sufficient privileges for some of the items."I can connect from the command line with smbclinet and write fine. I have tried several different users on both the Mac (cannot write) and Ubuntu clients (can write).Is this something to do with the ._filename files that finder creates? Or is there something wrong with the way I've set up my server? This is the first time I've used it with a Mac client.
I have a fresh installation of Ubuntu 10.04 LTS I have installed Boxee on it that is all and I am trying to set it up as a Samba Server. I have followed the instructions on following page:[URL]..On the box that I am trying to setup as a Samba Server using Nautilus I can view the shares no problem. On another Ubuntu box no such luck. I can get too Windows Network and I can see my workgroup. When I try and open the workgroup I get the following dialogue box for some time: Opening "WORKGROUP". You can stop this operation by clicking cancel. And then this error dialogue box:
Unable to mount location Failed to retrieve share list from server I have spent sometime trying to resolve this myself but have had little luck. As far as I know I have no firewalls in place; Ubuntu does not have one by default is that correct? At this time I don't have a Windows computer to try to connect too the server at this time, but plan to in the future that is why I want to use Samba.
I am connecting the two boxes with an D-Link DIR-825 router; both boxes are on the same subnet. Are there settings in the router that could be affecting this?
Last night i updated to 9.10, all good except i can no longer access my samba shares!!
here is the info from log.smbd after i stared it this afternoon
Code: smbd version 3.4.0 started. Copyright Andrew Tridgell and the Samba Team 1992-2009 [2010/01/12 16:35:57, 1] param/loadparm.c:6355(map_parameter) Unknown parameter encountered: "executable" [2010/01/12 16:35:57, 0] param/loadparm.c:7449(lp_do_parameter)
provide support for a small business that uses Windows machines to access files stored on an Ubuntu server which has just been upgraded from 8.04 to 10.04 (32 bit version). Before the upgrade the users accessed their share by this batch file:
Code:
net use x: \servernamesharename /user:username
This would then prompt the user for his or her password which they would enter to allow them access to the share.Since upgrading to 10.04, the user gets a "system error 58" stating "The specified server cannot perform the requested operation"If the batch file command is changed to:
Code:
net use x: \servernamesharename
The same error message is given. The only work around I have found is to modify the file to read:
Code:
net use x: \servernamesharename /user:username password
This is not ideal at all as it makes the password protection useless.When I performed the upgrade I left the smb.conf unchanged. The smb.conf file is:
Code:
# # Sample configuration file for the Samba suite for Debian GNU/Linux. # # # This is the main Samba configuration file. You should read the
I recently upgraded my ubuntu samba fileserver to 10.04 along with increasing the size of my RAID 1 /home directory.I am using the same smb.conf file setup I have used on intrepid ibis setup and hardy heron setup before that.On my new setup, I can see the ubuntu server on my windows 7 machines, but I can't see the shares and can't access them.In checking the logs (/var/log/samba), one log continues to look for a printer share from one Windows machine that I have not set up on samba yet.
I have found a few people who have reported similar problems online, even a few who have filed bugs, but then they say "my computer started working suddenly. I don't know what happened." so they closed the bug. or "my computer started working after I rebooted my machine." I have rebooted all machines on the network. That doesn't fix it.
clean install of Slackware 13.1 64-bit. From day 1 I have been unable to browse Samba servers and shares on my home network. NFS, FTP, SSH, etc all seem to be working fine. I've been updating it regularly in case this was a bug, but I'm not so sure any more.
Reboot in WinXP sp3, I can browse fine. My wife's Win7 laptop works fine. My old Slack 12.2 system worked fine. I have not made any changes to the network other than adding this computer to the mix.
Pentium Dual Core e6700 @ 3.2GHz Asus P5G41T-M/CSM 4GB DDR3 Ram 1 TB Hitachi SATA Gigabyte ATI Radeon HD 5670 1GB Video PCIe
I'm trying to connect to a Samba share on a VirtualBox'ed Windows 7 that is connected to an openSUSE host in bridged mode. For reasons beyond my comprehension I cannot use the shared folders feature, so I'm using Samba instead. I configured a share through openSUSE's Samba server configuration tool:
[iTunes] inherit acls = Yes path = /home/myusername/iTunes read only = No valid users = myusername
I also set a password for this user using smbpasswd -a myusername. I can go to smb://192.168.1.6 on the host machine and log in to the share successfully, but on Windows 7 I see this: What am I doing wrong? I can connect to the shares list without any problems. It's just the login that doesn't work.
Update: I noticed that my Samba server is part of the WORKGROUP domain.
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.5.7-1.17.1-2505-SUSE-SL11.4-x86_64] Sharename Type
I have a problem with 'Samba' shares on Ubuntu 8.04. Bringing shared folders over from Windows (on another computer) is not a problem...until I try same process with a Windows backup folder holding .tib data from an 'Acronis' backup.The files appear in Ubuntu Network, everything looks o.k., Ubuntu just won't copy the data to another folder. Other shares work without a problem, its only with these ':.tib' data.
As the subjects states, I cannot see my windows 7 shares from any of my *nix computers. I tend to over complicate things and I may do so here, but I want to try and be as thorough as possible in explaining the situation. I'll state w/ the basic layout of my lan code...
[Administration] comment = Administration path = /home/adm valid users = adm public = no writeable = yes browseable = no
We have two samba users: samba and adm. The first is used to connect to Storage and Backup shares, and adm is used to connect to Administration share. There are two problems:
1) If Storage and Backup shares are connected to a Win7 box, the Administration share cannot be connected. All we get is an error saying that that share is already connected with different username. 2) We have managed to work around this by connecting the Administration share with the IP-address of the server instead of it's name(?!). The problem then becomes that sometimes connecting Administration share this way makes Storage share read-only. Not always though.
Wrong "security" type in smb.conf (was "user", needs to be "share"). For some reason the Storage share still occasionally gets connected read-only. Win7 also tends to forget the passwords/usernames for some shares upon reboot (not all of them, though).
I've a few group shares setup with samba and a PDC (using windows 7 clients) and the home directory for each user gets mounted automatically. I've configured group shares and only members of the respective group have access to them, but my question is how do I tell samba to automount group shares based on the user group?
I am the IT Manager at a research facility. We have a fairly unique network configuration in order to support all of the different projects we have going on. We have Red Hat, Ubuntu, Windows XP/Vista/7, Windows Servers 2003, Ubuntu servers, Red Hat servers, and even a few Netgear ReadyNAS and Buffalo Terastations. Over the last few years, I have been migrating all of my users and accounts to a single ACL list, which I chose to be a Windows AD 2003 server. 95% of my users work on Windows platforms and just use ssh tunnels to develop on our linux boxes.
However, i ran in to a problem with our Linux boxes not being able to symbolic link on my Windows 2003 file shares. Of course, this is a problem with Windows not supporting symbolic links. I know 2008 does support this feature, but given the economy and the budget restraints, we cannot afford to purchase the updates we would need, so now I am moving all of my shares to a Ubuntu 10.04 server using Samba. I have joined the server to my AD domain successfully, i can login using my AD credentials, and even assign ownership and group permissions using AD users/groups.
Here is my question.
I would like to keep the AD permission schemes intact. I have several shares that contain folders that have individual permission settings. For example, I have a /shared directory that contains about 50 different folders. Some of these folders I allow my users to write data to, some just read, and others I deny access to complete groups and just allow key groups to access (for example, personnel data should only be accessed by the Administrative staff).
Is there a way to make this work?
I can assign uid and gid manually per folder in Samba, but i would like to have the possibility to add multiple users and groups with permissions to folders, which I do not believe can be done with the standard chown commands. Currently, I can see the folder permissions from my Windows box, but when I try to edit the permission settings, it defaults back to full access. So my AD permissions are not being saved.
