I'm using CentOS 5.3, and I want to allow my samba server from selinux. I disabled my selinux and it works fine, but I want to keep my seline firewall on and want to allow other workstation to access my samba server.
View 8 RepliesI don't think it has anything to do with the config file.More to do with SElinux. I need to know how to configure SElinux so I can see my samba share when SELinuxis on. When I setenforce 0 I can seen all the files and folders set it to setenforce 1 cannot see anything.Here is the output when I ran [root@fileserver /]# getsebool -a | grep smballow_smbd_anon_write --> onsmbd_disable_trans --> onThese two options were off I tried turning them on.This is another one of the commands I tried running. I did change a few options but I am not sure which I do need to change. I am running a stand alone server so I don't need the DC option.
[root@fileserver /]# getsebool -a | grep samba
samba_domain_controller --> off
samba_enable_home_dirs --> off
[code]....
I'm running a Samba server (3.5.2-60.fc13) on Fedora 13 (64 bit). I want to share the user home directories and want to allow following of symlinks out of the share tree. So in smb.conf I used
unix extensions = no
wide links = yes
For SELinux I did:
setsebool -P samba_enable_home_dirs=1
getsebool -a | grep samba
samba_create_home_dirs --> off
samba_domain_controller --> off
[code]....
However I can't follow the symlinks when mounting my home directory on a Windows machine, unless I disable SeLinux.
Is it safe to put Samba Server outside your Firewall?
View 4 Replies View RelatedI always thought that whenever /usr/sbin/setsebool was used, it would write either a "0" or a "1" into the corresponding boolean file. All SELinux boolean files are in /selinux/booleans but If I check, for example, this boolean ...
$ sudo /usr/sbin/getsebool ftp_home_dir
ftp_home_dir --> on
It returns a positive, but if I do
$ sudo less /selinux/booleans/ftp_home_dir
I get ... read error (Press Return)
Furthermore, if I list the boolean file itself, it shows it to be empty
$ sudo ls -l /selinux/booleans/ftp_home_dir
-rw-r--r-- 1 root root 0 Aug 9 11:09 /selinux/booleans/ftp_home_dir
Where is SELinux storing the booleans then?
This is on CentOS 5.4
I'm able to connect to ftp as a virtual user. It was also difficult as nowhere mentioned, that it should be done with SSL. Anyway I found the answer and got connection. But now I can't connect to ftp server as system user. It gives me "530 Permission denied", or if I delete the user from the file denied_users, - "530 Login incorrect".
1. Still I can't understand, how I can log in to FTP server with a system user.Also some other questions regarding this matter:
2. My httpd server Apache has a virtual hosts located in "/home" directory.The scripts create users in "/var/ftp virtual_users". Will it cause any problem if I will change them to "/home"? All I need to do with this is ability to have several virtual hosts in one server with separate access to each of them via FTP. And 1 account with access to all files in "/home".
3. In my ftp client I can see the owner of virtual host "ftp" instead of username.
I have a CentOS + Samba server and Windows XP client machines. Users, passwords and permissions are entered on the server machine.users and passwords ( same as on the server ) are entered in the XP client machine.When attempting to access a public file on the server using a XP client machine and the IP address of my server, I am asked a user name and password and none of the already entered seem to work. I cannot access the server file (prompted again and again to enter user name and password). What did i miss
View 7 Replies View RelatedI have to rename a group of machines in my little samba domain (tbd backend) but there is an ugly bug that makes this impossible. have set 'rename user script' variable corectly, also checked all configurations.When i change computer name in my windows box, it shows an error saying something like "Error calling remote procedure"Looking on server side, username for the machine gets correctly changed in /usr/passwd, and also in samba database.But samba log says:
===============================================================
[2009/10/08 11:10:32, 0] lib/fault.c:fault_report(42)
INTERNAL ERROR: Signal 11 in pid 11052 (3.0.33-3.7.el5_3.1)
[code]....
I will be relocating to a permanent residence sometime in the next year or two. I've recently begun thinking about the best way to implement a home-based network. It occurred to me that the most elegant solution might be the use of VM technology to eliminate as much hardware and wiring as possible.My thinking is this: Install a multi-core system and configure it to run several VMs, one each for a firewall, a caching proxy server, a mail server, a web server. Additionally, I would like to run 2-4 VMs as remote (RDP)workstations, using diskless workstations to boot the VMs over powerline ethernet.The latest powerline technology (available later this year) will allow multiple devices on a residential circuit operating at near gigabit speed, just like legacy wired networks.
In theory, the above would allow me to consolidate everything but the disklessworkstations on a single server and eliminate all wired (and wireless) connections except the broadband connection to the Internet and the cabling to the nearest power outlets. It appears technically possible, but I'm not sure about the various virtual connections among VMs. In theory, each VM should be able to communicate with the other as if it was on the same network via the server data bus, but what about setting up firewall zones? Any internal I/O bandwidth bottlenecks? Any other potential "gotchas", caveats, issues? (Other than the obvious requirement of having enough CPU and RAM).Any thoughts or observations welcome, especially if they are from real world experience in a VM environment. BTW--in case you're wondering why I'm posting here, it's because I run Debian on all my workstations/servers (running VirtualBox as a VM for Windows XP on one workstation).
My host is blocking port 3960 which I need to use for an SVN server, they are telling me that I will have to install my own firewall. I've not done this before and am not sure of what to do or whether anything I can install will be enough protection.
View 2 Replies View RelatedSamba is working correctly if Susefirewall2 is off. I have added Samba client and Samba Services for extern access but samba is not working when firewall is now on. Which services should I also add ?
View 1 Replies View RelatedI've installed CentOS 5.3 on a machine, and I need a Samba version 3.2 or higher. Since 3.4 is out, I thought I'd grab that. But, "yum list|grep samba" gives me only version 3.0.33. Is there a package of Samba I can grab that will upgrade the 3.0 installation so that I don't have two laying around? If not and I need to compile from source, do you have any suggestions for what arguments I should give configure? I'm not used to Linux coming from the BSD world
View 1 Replies View RelatedI need to know is there any way to record or tracking or make logging if when user samba delete files or folders i can know that, cause sometimeon samba server some users complain they lost files, though i have daily backup and i can restore their files, i just want to know if or maybe some other users in one group accidentally move or delete the files.
View 1 Replies View RelatedI configure named and stumble upon the following problem: named is serious about user rights, every config file named uses should be named:named. I set rights to named:named as follows, but they get changed to root:named when I restart named as root. The same thing happens with SELinux context. This results in access denied type errors.
View 1 Replies View RelatedI have a perfectly functional Samba file and print server. I will be adding several Window 2008 servers to serve as terminal server hosts running in virtual machines. I would like to convert my Samba server to a PDC (Primary Domain Controller) for these terminal servers to use. And leave everyone else as a work group (the current situation). I'd like to
1) use /etc/password and /etc/samba/smbpasswd as the source of the user accounts
2) limit what users the terminal servers can see based on a particular group (/etc/group)
So far I have tried the example howto's on the samba site and wound up having to restore /etc/nsswitch.conf in rescue mode.
I have re-installed our operating system (CentOS 5) ,what is the best way to restore our Samba server? Can it be as simple as copying the smb.config and smbpasswd files back into the /etc/samba directory? That's what I am hoping. If I just copy the smb.config and the smbpasswd files back to the samba directory will the machine trusts, users and passwords just work? If not, what is the proper procedure for restoring. Actually i want to make CentOS 5.3 as my Domain Controller, I want to test all Scenario in case of any disaster of DC before putting it into production environment. I have some queries as:
1. Is CentOS 5 is more stable than RHEL 5 etc.
2. How can i take back up of entire samba server if need it in case of any disaster. How can i restore it.
3. How can i use logon scripts like GPO in windows servers.
4. How can add users in samba server and linux at one time with one command.
5. tell me any Web based samba administration tool other than SWAT.
I'm planning to use a virtual CentOS box for web development (to use the same software as on the real server). I configured Samba to have root guest access to /var/www/ but it doesn't let me in /var. Chmod 777 doesn't help. Nethertheless, I have full access to /sbin and /etc.
View 2 Replies View RelatedI'm having problems using Samba+winbind 3.3.8 as a fileserver on a Win2008 domain. - getent and wbinfo are reporting correct information about users. - Ownership of file created from user using the samba mount are working fine. However, my groups directories are allowing people who shouldn't .. From the shell everything is working as expected, but not from samba..
[Code]....
How to configure Samaba Server on CentOS 5.5 and how to synchronize with my Windows Server-2003.
View 2 Replies View RelatedStill new to Linux and especially samba. I have setup samba for 2 shares, will list below shares. 1 which requires a login and 1 temp folder which I would like guest access to. Currently I have security = user which works great for the data folder which requires a login. If I try to access temp I get asked for a user name and password as well. I tried to set security = share which then allowed access to temp with out a login but also allowed access to the data folder. From the data folder I emoved public = yes. I then get asked for a user name and password like I should but the system will not accept it. This is a Centos 5.5 server with a mail server on it.
[data]
comment = Data Folder
path = /home/data/
public = yes
writable = yes
browseable = yes
printable = no
avaliable = yes
write list = glenn,
force create mode = 0660
force directory mode = 0770
[temp]
comment = temp folder
path = /home/temp/
public = yes
writeable = yes
browseable = yes
guest ok = yes
guest only = yes
guest account = nobody
available = yes
force user = nobody
force group = nobody
Set up a new cluster service for a cifs share. Has these properties:
Service name = cifs_cases
Autostart is checked
name=cases type=GFS Scope=shared
[code]....
I would like to setup LDAP (openldap) with Samba. I would like to know what should I setup first? Should I setup LDAP before Samba or Samba before LDAP?
View 1 Replies View RelatedJust completed a fresh install if V5.3. It works fine.
Samba server: I tried to create a Samba user named "root" with Windows user name "administrator". Message is something like "account already exists"? I know "root" exists, but why can't I use it as a login? I don't get this error when I use another existing user account "LouA".
This is important to me because many documents state that "root" is to be used as the user name. I don't want to change these.
Current set-up allows access to all users (there is no Samba user listed) and I can read, write and delete files from Windows just fine.
I recently installed CentOS 5.3. There I select desktop package (Gnome and KDE) didn't select server in CentOS 5.3 installation gui. I want to connect to the windows active directory domain in our company. To do this I want to run the samba service. But it is not listed in the services. (#service --status-all) but I cant see the samba config file smb.conf why I cant run this other services smbd, nmbd is also not listed. But winbind is listed and I started it.
[root@bryan-adams etc]# yum list samba
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: ftp.iitm.ac.in
* updates: ftp.iitm.ac.in
* addons: ftp.iitm.ac.in
* extras: ftp.iitm.ac.in
Available Packages
samba.i386 3.0.33-3.7.el5_3.1 updates
I'm trying to set up a test system for Windows 7. I've been having trouble getting it to map drives on the domain where I work, so I wanted to set up a test system with a similar setup so I can play around with settings without mucking up our network. Only problem is I can't get it configured to even work with XP, which does work on our domain.
When I type \server in the Run box I get the explorer window showing all of the test shares I've set up. But when I try to access them, it says the network path could not be found. Here is my smb.conf file:
[global]
workgroup = MAJOR
netbios name = VPN
realm = MAJOR.COM
[Code]....
Good evening, I get the following error when prompted for my user name and password credentials that have access to the domain rights on the server. After typing in root and the password I get the following.
"The specified computer account could not be found. Contact an administrator to verify the account is in the domain. If the account has been deleted, unjoin, reboot and rejoin the domain."
Posted below is my smb.conf file, however I feel like I am screwing up the last steps with group-mapping, net commands, and creating accounts.
[global]
workgroup = SCRUGGSHOME
passdb backend = tdbsam
printcap name = cups
add user script = /usr/sbin/useradd -m %u
[Code].....
I've been testing a PDC with samba and LDAP these days with the following unsolved issue. 1. I can add the client PC (Windows XP SP3) with the Domain Admin user (Manager) from the client PC, but when i try to add a user I get this message "The trust relationship between this workstation and primary domain failed", so as it can be added later I ignored this message and choose 'close' and reboot the PC. 2. Since the login screen is showed, the message 'Duplicate name exists on the network' appears. So I try to log on with a valid domain username and password after pressing ctrl+alt+del and get the error message: "System cannot log you on because domain rmprb is not available"
[Code]...
I have a small home-office network. On that network I have two linux computers, one is a client the other a server.
On the server I have NFS Server setup and mount some NFS exports on the client computer.
On the server I have the firewall on and here it becomes a little tricky.
Since both the server and the client connect to the router the interface (eth1) is theoretically both an internal & external zone.
The router is commercial grade and therefore has a good firewall on it which is also setup. Therefore the firewall on the server is really more of a backup than a necessity. But that's fine, and by having the server's firewall on 'fail2ban' is able to work which I like to have working so I don't want to just turn off the server firewall even though I have good security from the router.
However, when I turn on the server's firewall, the client computer cannot see the NFS server when scanning for server -- done by: clicking on "Choose" next to "NFS Server Hostname" when adding an NFS share in the NFS Client in YaST. Clearly something is being blocked even though I have both "NFS Client" and "NFS Server Service" allowed in the server firewall. The Firewall config. files for these are below.
The Firewall configuration is pretty much "out of the box". That is I have the services I need opened up for the external zone, the other zones are left at their default which means the internal zone, although not used (i.e.: attached to any interface), is completely open.
The perfect solution I guess would be to setup my client computer to connect through a different NIC (perhaps eth0), make that the "Internal Zone" and therefore allow all traffic through to it while still blocking the server from the external zone. However, I cannot make that physical change to my network for now so I am looking for an in between (non-perfect) solution.
In this case I am guessing that means opening up extra NFS ports to the external zone so I have full NFS functionality. I don't mind this because like I said, the router firewall is the main line of defense anyway.
So, given all of the above could someone tell me what I would need to additionally open up in the server firewall to make the NFS server detection work on the client while the firewall was on. Or, if you have a cleverer/better solution without me changing my physical network that would be great.
Hopefully I have written this in enough detail and clearly enough so that all the parameters are clear but if not, feel free to ask me what you like and I'll try to make it clear.
Code:
## Description: Firewall Configuration for NFS kernel server.
#
# Only the variables TCP, UDP, RPC, IP and BROADCAST are allowed.
# More may be supported in the future.
code....
I've tried to followed exactly the steps in:
[URL]
on how to setup Samba PDC w/ LDAP backend. I've reach far up to page two of the tutorial. However I'm stucked in the middle of the part of page two:
[URL]
in the part of the Start the LDAP Samba installation up and I should type the :
#useradd user1
#smbldap-useradd -a -G 'Domain Users' -m -s /bin/bash -d /home/user2 -F "" -P user1
I get this error:
Error looking for next uid in sambaDomainName=sambaDomain,dc=DOMAINNAME:No such object at /usr/lob/perl5/vendor_perl/5.8.8/smbldap_tools.pm line 1194.why does this appear, Is there any configurations missing?
if there are any repositories with the newest samba version? I'm having a hard time installing it with my W2k8 Server.
View 1 Replies View Related