Server :: Getting Samba Shares To Work Across Subnet Boundaries
Jul 8, 2011
My environment in a nutshell is like this:
- I'm a member of a Windows AD domain environment that spans many different subnets.
- My client workstation (Windows XP) is part of this domain and resides on one subnet.
- The server I'm trying to get Samba working on (SLES 10) is part of the same domain but resides on a different subnet.
- I want to access shares on the SLES 10 box from my workstation.
Here is what does work:
1. I can ping the workstation from the SLES box, both by hostname and ip.
2. I can ping the SLES box from my workstation, both by hostname and ip.
3. netstat -an shows that the SLES box is listening on ports 139 and 445.
4. I can telnet from my workstation to the SLES box on ports 139 and 445.
5. Output from smbclient -L coolserver (hostname obfuscated):
Code:
Anonymous login successful
Domain=[COOLDOMAIN] OS=[Unix] Server=[Samba 3.5.8-30.4-2516-SUSE-CODE10-x86_64] .....
Code:
Enter cooluser's password:
Domain=[COOLDOMAIN] OS=[Unix] Server=[Samba 3.5.8-30.4-2516-SUSE-CODE10-x86_64]
smb: >
So, cross-subnet communication seems to be working in a general sense and I have verified that my share is present and accessible by my chosen user id.
Here's what doesn't work (from the workstation):
1. Output from net view \coolserver:
Code:
System error 64 has occurred.
The specified network name is no longer available.
2. Output from net view \coolservercoolshare:
Code:
System error 5 has occurred.
Access is denied.
3. Same output as above if I try to connect via IP.
However, when I run any of the above commands from my workstation, I see the following in log.smbd on the SLES box:
Code:
coolworkstation (10.49.140.36) connect to service coolshare initially as user cooluser (uid=12171, gid=500) (pid 29039)
[2011/07/08 00:39:29.098422, 1] smbd/service.c:1251(close_cnum)
coolworkstation (10.49.140.36) closed connection to service coolshare
I'm not really sure how to interpret this because those are the exact same entries that get logged when I connect to the share locally, via the smbclient utility on the SLES box, which works fine... but from the Windows box I get the "Access is Denied" or "The specified network name is no longer available" errors. I also occasionally see this in log.smbd:
Code:
[2011/07/08 01:01:19.858308, 1] smbd/server.c:240(cleanup_timeout_fn)
Cleaning up brl and lock database after unclean shutdown
[2011/07/08 01:01:33.828692, 0] printing/print_cups.c:108(cups_connect)
Unable to connect to CUPS server localhost:631 - Connection refused
[2011/07/08 01:01:33.832127, 1] smbd/server.c:282(remove_child_pid)
Could not find child 29781 -- ignoring
I don't know if that is relevant. I created the Samba user via the smbpasswd utility and my smbusers file maps the system user directly to the Samba user, both of which have the same password. Here is my smb.conf:
Code:
[global]
workgroup = COOLDOMAIN
netbios name = coolserver
domain master = no
preferred master = yes
local master = yes
wins support = no .....
My workstation and the SLES box are both pointing to the same WINS server, which services the entire domain (which is also one of the DC's and one of the DNS servers). I'm really not sure what's going on. I'm guessing it probably has something to do with the subnet boundaries or the WINS configuration or something along those lines. I just don't understand because the smb daemon seems to be logging "successful" sessions from my workstation... but then the session just insta-closes.
View 1 Replies
ADVERTISEMENT
Sep 13, 2009
I have a machine acting as a gateway for a private network. While it can ping hosts on that private network, I can't use samba (smbclient or smbmount) to access shares on hosts on the private network from that machine. Other machines on the private network can access shares on other machines - just not the gateway server.
Here's how the gateway is configured:
When I try to connect to ports 139 or 445 (via smbclient or smbmount) the mount() system call times out. As I mentioned above, I can ping those hosts, so UDP packets work but TCP packets seem to get blocked or lost.
View 1 Replies
View Related
Jun 17, 2011
I want to setup a Linux File Server for a small windows network (around 50 users). I do know that I am gona need Smb service/pkg for that. I haven't used Samba for a while now and as per the best of my knowledge, entire communication (including usernames and passwords) between a samba server & windows client machines will be plain text. Is there any way to secure all this communication??
Secondly, if i remember correctly, MS windows wont let me mount more than one samba shares as network disk when all my shares can be accessed by different smb users with different passwords?? is there a solution to this problem? OR may be if there is any other package available for this purpose so that i wont have to use samba?
View 4 Replies
View Related
Jul 28, 2010
I am working as a Linux administrator in a very small data centre with 5 servers with following routine tasks.
1. Managing SAMBA shares and giving user specific access for the shares.
2. Scheduling backup of some mount points with rsycn to store data in remote hard disk
3. User and group administration, with sudo access.
4. Creating and Managing Xen Virtual machines and giving access to other project teams.
5. Automating some tasks with Shell Scripting.
6. Managing FTP server for user uploads.
I have practiced a lot in my home laptop without RHEL training, Cleared RHCE and LPIC1. I want to do some advanced system admin tasks, but do not have option in my current data centre. With Above skills is it possible to get a job ?
View 9 Replies
View Related
May 10, 2010
I have an Ubuntu 9.10 Samba file server. I have set up Ubuntu 10.04 netbook remix in a home network which also has Windows XP home and Vista computers already present in the network. The XP and Vista machines have no problem accessing the file shares.
The server is running mhddfs with FlexRaid. The security is set to share level access. I have a hosts allow line in the smb.conf file to permit access to certain IP addresses and have added the 10.04 netbook remix IP address to this hosts allow line.
I cannot access shares from the 10.04netbook remix machine if the hosts allow line is active, but have no problem from the windows machines. If i comment out the hosts allow line, all machines can access the share, including the netbook remix machine. I am fairly new to Linux and would appreciate any help in solving this problem.
View 1 Replies
View Related
Jan 25, 2010
I have a problem with 'Samba' shares on Ubuntu 8.04. Bringing shared folders over from Windows (on another computer) is not a problem...until I try same process with a Windows backup folder holding .tib data from an 'Acronis' backup.The files appear in Ubuntu Network, everything looks o.k., Ubuntu just won't copy the data to another folder. Other shares work without a problem, its only with these ':.tib' data.
View 3 Replies
View Related
Jul 24, 2011
First off a little history of me lol. I'm not completely a Linux noobie, but I'm not the most advanced user either. With that said I have a few interesting problems with Samba.First off I can see the NetBios name under Windows Networking (Windows 7), however everytime I try to connect to it I get an Access Denied and/or "Incorrect Password/Username" error. I have gone into secpol.msc and changed the values that other posts have suggested. Both the server and the workstation are located under the same group, and I have used the smbpasswd -a <username>. The server is not configured to be a Primary Domain Controller so.. I'm lost. Infact my brain hurts from 3 days of this. I have posted my SMB.CONF file to see if that helps. Hum.. Maybe I'm just trying to access a file share that isn't there..
View 13 Replies
View Related
Dec 4, 2010
Still new to Linux and especially samba. I have setup samba for 2 shares, will list below shares. 1 which requires a login and 1 temp folder which I would like guest access to. Currently I have security = user which works great for the data folder which requires a login. If I try to access temp I get asked for a user name and password as well. I tried to set security = share which then allowed access to temp with out a login but also allowed access to the data folder. From the data folder I emoved public = yes. I then get asked for a user name and password like I should but the system will not accept it. This is a Centos 5.5 server with a mail server on it.
[data]
comment = Data Folder
path = /home/data/
public = yes
writable = yes
browseable = yes
printable = no
avaliable = yes
write list = glenn,
force create mode = 0660
force directory mode = 0770
[temp]
comment = temp folder
path = /home/temp/
public = yes
writeable = yes
browseable = yes
guest ok = yes
guest only = yes
guest account = nobody
available = yes
force user = nobody
force group = nobody
View 1 Replies
View Related
Jun 28, 2010
As the subjects states, I cannot see my windows 7 shares from any of my *nix computers. I tend to over complicate things and I may do so here, but I want to try and be as thorough as possible in explaining the situation. I'll state w/ the basic layout of my lan code...
View 7 Replies
View Related
Oct 20, 2010
I have a samba server set up on my computer, and I can only access the shares over the network by loging in as my main user. This works for all shares, on any drive. When I log in using my fileshare guest account, I get the list of shares, but after selecting one to connect to, it gives an error that the server isn't available. Any share off the boot drive won't work. I don't know if it has to do with permissions, or it's a config problem.
View 5 Replies
View Related
Aug 23, 2010
We have a samba server with a couple of shares defined as follows:
Code:
[Storage]
comment = Storage
browseable = yes
path = /home/samba
writable = yes
[Backup]
comment = Backup
browseable = yes
path = /mnt/hd2/home/samba
writable = no
[Administration]
comment = Administration
path = /home/adm
valid users = adm
public = no
writeable = yes
browseable = no
We have two samba users: samba and adm. The first is used to connect to Storage and Backup shares, and adm is used to connect to Administration share. There are two problems:
1) If Storage and Backup shares are connected to a Win7 box, the Administration share cannot be connected. All we get is an error saying that that share is already connected with different username.
2) We have managed to work around this by connecting the Administration share with the IP-address of the server instead of it's name(?!). The problem then becomes that sometimes connecting Administration share this way makes Storage share read-only. Not always though.
Wrong "security" type in smb.conf (was "user", needs to be "share"). For some reason the Storage share still occasionally gets connected read-only. Win7 also tends to forget the passwords/usernames for some shares upon reboot (not all of them, though).
View 1 Replies
View Related
Sep 24, 2010
I'm trying to setup two samba shares on ubuntu server 10.04.1 lts x64
The first is a Read-Only share for windows users that doesn't require a password. This i've managed to do so far.
The second is a Password protected Upload share. So far I am able to have both shares (which access the same directory) but am unable to log in to the pass word protected share.
I know i'm not doing things quite right, and would like a little bit of help
The smb.conf file is the default ubuntu file with these added shares:
Code:
[NAS]
Comment = Network Attached Storage
path = /media/RAID/NAS
browseable = yes
[Code].....
View 5 Replies
View Related
Feb 23, 2010
I recently switched from centos to fedora as my server choice. Probably not the best decision but I like trying new things. Now before I switched I had my samba server setup just they way I wanted it. Now I'm having a hard time getting it back to that way. Here is my smb.conf
Code:
[global]
workgroup = workgroup
netbios name = netbios name
server string = Linux Server
security = user
wins support = yes
encrypt passwords = Yes
domain logons = yes
[homes]
comment = Home Directories
browseable = yes
writable = yes
valid users = %S
[me]
path = /home/me
read only = no
public = yes
create mask = 0777
directory mask = 0777
browseable = yes
writable = yes
Now I did throw away my old smb.conf because it wasn't that complicated and I figured I could reproduce it.. aside from that everything is working except for the fact that I can access any share I want to listed without it requesting a password. I have a username and password setup with smbpasswd and I think everything else is setup correctly involving samba shares but I have no idea why it won't request a password.
View 1 Replies
View Related
Jul 7, 2010
So I setup the newest Ubuntu on my old desktop on a 30g HD and have 2 200G HDs with a ntfs file system on those two. I got SSH and FTP configured, then went on to setup Samba.I have it (seemingly) set up well. /dev/sb1 gets mounted on /data1 /dev/sc1 gets mounted on /data2.I want anyone connected to my router to be able to see this machine and be able to read and write to both shares.
I configured WINS on my laptop to point to the linux box. and i've seen the pc in question (TECH-PC) in "My Network Places" on both of our laptops.Long story short, I try to connect to my network share and it says i don't have permission and i need to contact my network admin. This computer is the only one with Linux installed, the rest are windows-OS.Let me know if you need more info, pretty stumped here, have searched, read, scrapped my install and started from scratch, maybe i need to sleep on it
View 5 Replies
View Related
Feb 9, 2011
this is really a brainstorming thread seeking advise on how to setup some samba shares within a small office network. For the quick judgers:
-no I'm not an IT expect and I'm not even the IT at the office, I just fill in this gap too.
-I have looked into several samba 'by example' tutorials - none seems to fit my needs or answer some of my Qs.
So I seek advise from your experience: What do I know:
-the functionality of the setgid to have subfolders inherit the group owner of the parent folder
-the fact that I don't want samba in 'share' level in order to register the owners of files
-the functionality of acls that enables inheritance of rwx permissions to subfoldrs of a parent folder.
- the groupmod -o option but that doesn't help apparently.
So this is a 25ppl civil engineer consulting office. The physical groups of ppl working here are: engineers, drafters (those who generate the drawings , i'm not sure if thats the correct term), and secretaries. The job usually is done in the following way, once a project commences a project folder gets generated and everything is done in there. incoming mail arrives there (secretaries put it there), engineers do they calculations on speadsheets, write reports and do draft drawings and, finally, drafters take the draft drawings and finalize them. So pretty much everyone of these 3 groups needs write access to the main project folder.
How do I accomplish that? as which group should I create the project folders? It came to mind the notion of group of groups. Now that the actual owner of the file is not so important anymore (several engineers will need to have write access to the folder) and group becomes important, it would be nice to have the ability to add... groups (instead of users) to groups! so that the permissions to a group are inherited by its children groups... Does such functionality exist of can it be implemented somehow?
How do I go about giving access to everyone and at the same time, NOT giving up on the 'user' secutiry level of samba (and NOT just giving rwx permission to 'others'? Is it possible? or Should I instead forget about individuals and match the 'physical groups' to 'linux users' and 'groups of groups' to 'linux groups'? ( This means I should give on ownership of files by individuals )? Since its a small office some work is mixed - engineers might pickup incoming email, a secretary might do abit of drafting work etcetc.
View 4 Replies
View Related
May 10, 2011
Dolphin will only open Samba shares if I open them by typing in smb://SERVER-IP. It also does not show up in the Network section of Explorer under Windows 7. How do I fix this? The only Samba share icon that shows up in Dolphin under Network --> Samba Shares is Workgroup. If I click it it changes smb://workgroup, but then it does nothing and shows no files. Here is my Samba server's smb.conf file.
Code:
[global]
workgroup = WORKGROUP
[code]....
View 4 Replies
View Related
Aug 17, 2010
This one has proven to be a real for me. On one of my Samba shares on my server I have a folder of mp3 files of my CDs. The one I am having an issue with is "Clarence Carter/Dr. C.C." (yes, the one with the ULTIMATE party song). The "Dr. C.C." folder name is normal locally, but across Samba it comes out "DMOU3A~H". I can still access the folder this way, but it would be nice to not have Samba mangle the folder name this way. I am using Samba 3.4.2 on an Athlon64 X2 system running Slackware64.
View 2 Replies
View Related
May 10, 2010
Can anyone point me in the direction of setting up shares for windows machines on centos. I have found a few document but never managed to get it up and running correctly. I need to be able to get access to subfolder etc for different users. Is there any way of doing it with some sort of gui?
View 2 Replies
View Related
Mar 6, 2010
I have set up a file server (Ubuntu Server Edition) for our lab. People can connect to common Samba file shares from their personal laptops/desktops, which run either Windows Vista or Mac OSX. The guys with OSX have upload/download speeds of ~2 MB/s, while the Vista machines are slogging away at ~200kb/s for downloads and ~400kb/s for uploads. In both cases, the connection are through wired ethernet ports which should function identically. Since the Macs work fine on the same network, I assume this is a Vista issue.
I have tried troubleshooting one of the Vista machines by:
1. Turning off the Remove Differential Compression feature
2. Disabling autotuning following these instructions
3. Adding a registry key following the same link above.
But nothing has improved. Anybody have any advice on addition tweaks to the Vista machine? Is there a chance that this is actually a server-side/samba issue?
View 3 Replies
View Related
Mar 15, 2010
I have the follow environment
PDC SAMBA + OPEN LDAP (ubuntu 9.04)
Linux (File Servers) + Windows machines all working well
I'm trying to set up a share drive on my new server using ubuntu 9.10 with samba (v 3.4) and ldapclient and the shares are not working when I defined Valid Users for share folders, that keep me ask me about my user and password, on the logs I have:
[2010/03/15 10:24:10, 1] smbd/service.c:676(make_connection_snum)
create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
This is my smb.conf
[global]
workgroup = FLOWCONNECT
server string = OSLO SAMBA FILE SERVER [code].....
I have the same set up on my File Server (Ubuntu 9.04) which use samba 3.3 is working fine.Someone know if has some different setting between samba 3.3 (ubuntu 9.04) and samba 3.4 (ubuntu 9.10) that could cause this problem ?
View 1 Replies
View Related
Nov 30, 2010
I have a fileserver that I want to share out samba shares. However, i configured samba to have another netbios (SAN) and my windows box still sees whoopn-SAN which is the name I gave to my server when i installed it. Now I am using 9.10 and I know that i can create a share from the gnome gui in nautilus and that appears to be a windows like share. How can I turn OFF the windows like shares that ubuntu does out of the box and use ONLY samba? I ask because there appears to be a conflict of permissions b/w samba and this stuff.
View 7 Replies
View Related
Feb 13, 2011
Trying to setup a Kerberos + OpenLDAP server to manage users for our Samba shares (was going to use just OpenLDAP, but apparently it is less secure than using Kerberos with it). (Distro: CentOS 5.5) Haven't even gotten to the point of connecting either to Samba yet. I have set up a Kerberos server, and configured it as necessary. I am happy that it is working as intended, as I can login and manage principals from both the local terminal and remotely on other clients.
I have setup a server (sv1.myhost.net), and configured it to talk to Kerberos (auth.myhost.net). I have created both a [URL] principal, and a testuser principal. I have set the password on the testuser but not on the host/sv1.myhost.net. I have added the keys for both users to the keytab file on the sv1.myhost.net. I am at a Windows 7 machine (on the same internal network), and have installed the Network Identity Manager. It is able to request a ticket successfully for the testuser account.
When I use putty w/GSSAPI (0.58) to remote login to the system, it says using 'testuser' and then just hangs there. Eventually putty connection times out. The fact that both machines can connect to the auth server to communicate with kerberos correctly suggests firewalls are correct. The relevant entries in sshd_config have been uncommented to tell srv1 to use Kerberos authentication.
View 3 Replies
View Related
Sep 11, 2010
I have setup a Centos5.5 VMWare guest with Samba and Winbind for Active Directory integration, using GUI tools. Authentication works flawlessly, with automatic home directory creation. What I want to achieve now is using local UNIX groups to controll access to shared folders, to avoid bothering AD administrators with groups management. This is my smb.conf global section:
workgroup = COGITANS
password server = domainserver.hq.cogitans.it
realm = HQ.COGITANS.IT
security = ads
[code]....
'finance' is a local UNIX group where I added user 'COGITANSalberto' (I also tried with 'alberto') as a secondary group (primary group is 'domain users' and it cannot be changed). I am sure the user is added, because it is listed in 'getent group'. If I specify user COGITANSalberto in valid users it works, i.e. only that use can access the share, the others get a NT_STATUS_ACCESS_DENIED error. But if I use +finance, access is denied to everybody, and this is the log:
[2010/09/11 14:12:37, 10] smbd/share_access.c:user_ok_token(211)
User COGITANSalberto not in 'valid users'
[2010/09/11 14:12:37, 2] smbd/service.c:make_connection_snum(617)
user 'COGITANSalberto' (from session setup) not permitted to access this share (finance)
[code]....
It seems like winbind cannot recognize finance as a local group. For the same reason, I guess, 'force group = finance' does not work either (files are created with 'domain users' group ownership). My /etc/nsswitch.conf:
passwd: files winbind
shadow: files winbind
group: files winbind
Grants and ownership on the '/repositories/shared/finance' folder are
root:domain users with permissions 775
View 2 Replies
View Related
Oct 4, 2009
It's been awhile since I posted anything which is a good sign my install has been working well and I have been able to handle most everything. However, I'm not able to handle this issue. I recently installed F11 and everything went well. But, when trying to see my other computers on the local network, I cannot. I receive this error message: Unable to mount location Failed to receive shared list from server. I understand the message as it is obvious, but do not know how to fix it.
View 14 Replies
View Related
Sep 23, 2010
I'm having some trouble getting samba to work properly. I'm following this tutorial [URL] when I run
Code: sudo smbclient -L localhost I receive the following: Code: Enter root's password: Anonymous login successful Domain=[SAMBA] OS=[Unix] Server=[Samba 3.4.7]
tree connect failed: NT_STATUS_END_OF_FILE I'm lost!
View 3 Replies
View Related
Jun 12, 2009
I've been running a Samba server under RedHat 8 for five years without a hiccup. I want to cut over to a F10 box but cannot get shares accessible. smbclient attempts fail over NT password error. SELinux is disabled. Server is visible on the network. Users require no password access to shared data.
smb.conf follows:
# Samba config file created using SWAT
# from UNKNOWN (>)
# Date: 2009/06/12 14:15:15
[code]....
View 1 Replies
View Related
May 13, 2010
The company I work for, as usual, is Microsoft-centric. I'm attempting to integrate my Ubuntu server into the domain to allow domain users to authenticate to the server and access file shares using Samba. Here's my current configuration:
[Code].....
View 9 Replies
View Related
Jul 22, 2011
I have TWO L3 + router switch (say switch1 and switch2). I created VLAN100 with VLAN ID 100 in both the switches. I created router 192.168.1.1/24 in Switch1. I created router 192.168.2.1/24 in Switch2. Switch1 is connected with 1.x/24 PCs. PCs are configured with 1.1 gateway. Switch2 is connected with 2.x/24 PCs. PCs are configured with 2.1 gateway. Both Switch1 and switch2 are connected by a trunk to carry VLAN100 data.
1)I have few PCs of 1.x connected to say Switch1 Is it possible for PC with IP 192.168.1.100(x) to ping PC with IP 192.168.2.100(y)?What are the configuration required in both switches to make them communicate ? All the device in both the subnets should ping/communicate with each other.
2)Move PC (192.168.1.100) to switch2. Move PC (192.168.2.100)to switch1.What will happen when PC(1.100) ping (2.100) and vice versa?What will happen when PC(say 1.80 in switch1) pings PC (say 1.100 in switch2) and vice versa? What will happen when PC(say 1.80 in switch1) pings PC (say 2.100 in switch1) and vice versa?
View 2 Replies
View Related
Jul 4, 2011
I installed Redhat Enterprise linux server5. it has two LAN card and two subnet connected to these two LAN card. i can browse network from these two network easily. But i created VLAN on one network card.Now i cant browse network from these VLAN subnet.
View 3 Replies
View Related
Feb 25, 2011
From Konqueror/Dolphin is possible to access samba shares. If your computer is joined to a Active Directory domain and you use a domain user, you can access samba shares with smb://server.domain/share and you are not ask for user/pass (you use a kerberos tiquet). Kde programs as Amarok, K3b, ... can access files in samba shares without problem. But other programs, specially gnome programs (including the popular OpenOffice), are unable to use files in a samba share. If instead of using Konqueror/dolphin you use Nautilus, there is no problem because it maps the share to a local folder ($HOME/.gvfs/share in sever/) and the program are able to access files in samba shares without problems as the folder is mounted locally (as if you use cifs.mount). Its a problem to use konqueror/dolphin and have to change to nautilus to access samba shares.
If you use Windows you can mount it in an easy way. That's what I try to do from konqueror, not having to open a konsole and be able to mount the share in an easy way. I've tried with smb4k, but is has not worked for me (tried in 2 OpenSuse 11.3 and 1 opensuse 11.2). What Nautilus does when accessing a samba shares like smb://server.domain.dom/share is to execute the command: [URL]... What I try is to do the same, but just form Konqueror/Dolphin. I'd like to add a button to Konqueror/dolphin that pressing the button and if the URL points to a samba share, the share is mounted in $HOME/LocalNetwork/server/share. As I say, it can be as easy as executing the gvfs-mount, but don't know how.
View 2 Replies
View Related
