Page 1 of 3 123 LastLast
Results 1 to 10 of 26

Thread: SAMBA and permissions

  1. #1
    Join Date
    Sep 2008
    Beans
    17

    SAMBA and permissions

    Background:
    My Ubuntu "Server" (Desktop install with Samba, moving to server install in December) motherboard crashed and burned last week. Due to the age I decided to upgrade to a newer board/processor/memory. The upgrade went fine, but the system was having issues with many missing/different drivers, and still being new to Linux I just re-installed 13.04 (Fresh install) and figured I needed practice setting things up anyway.

    Everything loaded and worked great, until I got to Samba, that is where the saga started. I come here after 2 days of searching forums (here and others) and being unable to solve my problem).

    Setup:
    - Trinity: Ubuntu 13.04 "Server" w/Samba on static IP address (192.168.0.5)
    - Roadrunner: My workstation on Windows 7 using router DHCP
    - Nelly: Wife's computer on Windows 7 using router DHCP

    -Twinpeaksr: My user on all systems, same password on all systems (Also administrator on all systems)
    -Mary: My wife's user on all systems, same password on all systems (Not administrator on any systems)
    -twinpeaks: group on server that we are both member of, also listed as group that owns the folder being shared

    Issue:
    The problem is simple: I have the shares setup and can access them fine with my user on any system. My wife's user can not access the shares, gets the "You do not have permissions" error when trying to access, it worked before I rebuilt the system.

    What I tried:
    I have tried many things to fix this and look to the intelligence of this forum to help me identify what I am missing.

    1. Have created both Samba (smbpasswd) and Unix user on server
    2. Have created a group (twinpeaks) with both users in it and added to samba valid users
    3. changed ownership of the folder to the "twinpeaks" group that we both are in
    4. Added her user to my group (twinpeaksr)
    5. Changed permissions to full permissions for everyone on the folder (chmod 0775 and 0777 tried)
    6. enabled guest account in Samba
    7. removed password on unix/samba user for her account
    8. added password back on to match windows machine
    9. verified that on the same computer, I can access shares if I login
    10. added her account to the valid users in samba directly
    11. made her an administrator on the server
    12. re-installed Samba
    13. set myself as the guest account


    I have also restarted SMBD and NMBD after every change. I have restarted the Windows machine, I have restarted the server. All of this has the same results: I can access the share without issue with my user, she has no access. I am sure the issue is on the server/samba side, but I am running out of options. I have tired a few diagnostic items as well:

    1. tried 'smbclient nellly -NL', could not access the samba client
    2. tried 'smbclient roadrunner - NL' (where I am logged in), get a response that says it is good
    3. Network connections are confirmed good, and I can see the shares at '//trinity/', but when I click on the shares they give the permission error only with her login
    4. verified that she was added to the twinpeaks user group using 'groups mary'


    smb.conf
    Code:
    [global]
        ; General server settings
        netbios name = trinity
        server string =
        workgroup = workgroup
        announce version = 5.0
        socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192
    
        passdb backend = tdbsam
        security = user
        unix password sync = yes
        ; null passwords = true
        username map = /etc/samba/smbusers
        name resolve order = hosts wins bcast
    
        wins support = yes
    
        syslog = 1
        syslog only = yes
    
    [Shared]
        path = /media/data500G/Shared
        browseable = yes
        read only = no
        guest ok = yes
        guest account = twinpeaksr
        valid users = @twinpeaks mary twinpeaksr
        create mask = 0644
        directory mask = 0755
    I am running out of options, anyone have any other ideas I can try tonight?

    Thanks!

  2. #2
    Join Date
    May 2010
    Location
    Tewkesbury uk
    Beans
    7,916
    Distro
    Ubuntu Development Release

    Re: SAMBA discriminates against my wife

    Thread moved to server platforms with a redirect in the old sub-forum.

    There may be more samba users here.
    If you believe everything you read, you better not read. ~ Japanese Proverb

    If you don't read the newspaper, you're uninformed. If you read the newspaper, you're mis-informed. - Mark Twain

  3. #3
    Join Date
    Sep 2008
    Beans
    17

    Re: SAMBA discriminates against my wife

    Thanks for the move, sorry, was not sure the best place to post.

  4. #4
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: SAMBA discriminates against my wife

    Double check the permissions. If you have enabled guest sharing via smb.conf and they still cannot connect, it is more than likely a permissions issue. Also run this:

    Code:
    smbtree
    It will ask your user password.
    Last edited by CharlesA; June 18th, 2013 at 03:25 PM. Reason: typo
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  5. #5
    Join Date
    Mar 2010
    Location
    Metro-ATL; PM free zone.
    Beans
    Hidden!
    Distro
    Lubuntu 14.04 Trusty Tahr

    Re: SAMBA discriminates against my wife

    Wow. Seems like you've done everything I could have suggested. I can only suggest that you double-check for small errors - perhaps typing everything in backwards to ensure you do not make an unconscious mistake?

    Besides that, I'd suggest:
    * do not set the guest account to a normal user. use nobody.
    * Check the UNIX file permissions for /media/data500G/Shared - especially the user and group permissions. Be certain that both users are in the UNIX group specified.
    * I've never used Samba groups, only UNIX groups.
    * Verify that all user accounts are lowercase. Do not mix case in user accounts on any systems.
    * R U running a WINS server? If not, disable that.
    * The create mask and directory masks are not good for folders shared by groups. You probably want to relook at that.
    * Consider setting up a [Homes] stanza to give access to /home/{userid}/ folders for each individual.
    * Review the /etc/log/samba/* log files for each connection. Turn up the smbd verbosity until enough information is provided that you see the authentication error.

    Sorry, don't think anything here will give her access, but perhaps.

  6. #6
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: SAMBA discriminates against my wife

    Quote Originally Posted by TheFu View Post
    * Check the UNIX file permissions for /media/data500G/Shared - especially the user and group permissions. Be certain that both users are in the UNIX group specified.
    * I've never used Samba groups, only UNIX groups.
    I've only used UNIX groups as well and did most of the permission stuff via UNIX permissions instead of dealing with Samba itself.

    @OP: If you are still having issues, you might give this tutorial a shot:
    http://charlesa.net/tutorials/ubuntu/samba3-ubuntu.php

    /shamelessplug
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  7. #7
    Join Date
    Sep 2008
    Beans
    17

    Re: SAMBA discriminates against my wife

    Quote Originally Posted by CharlesA View Post
    I've only used UNIX groups as well and did most of the permission stuff via UNIX permissions instead of dealing with Samba itself.

    @OP: If you are still having issues, you might give this tutorial a shot:
    http://charlesa.net/tutorials/ubuntu/samba3-ubuntu.php

    /shamelessplug
    Thanks for the link, the shameless quote has got some good information that I could not find in the other tutorials, I will try out some of the things tonight and let you know how it works.

    The groups I was referring to were Unix groups, not samba groups, just to clarify.

    Quote Originally Posted by TheFu View Post
    Wow. Seems like you've done everything I could have suggested. I can only suggest that you double-check for small errors - perhaps typing everything in backwards to ensure you do not make an unconscious mistake?

    Besides that, I'd suggest:
    * do not set the guest account to a normal user. use nobody.
    * Check the UNIX file permissions for /media/data500G/Shared - especially the user and group permissions. Be certain that both users are in the UNIX group specified.
    * I've never used Samba groups, only UNIX groups.
    * Verify that all user accounts are lowercase. Do not mix case in user accounts on any systems.
    * R U running a WINS server? If not, disable that.
    * The create mask and directory masks are not good for folders shared by groups. You probably want to relook at that.
    * Consider setting up a [Homes] stanza to give access to /home/{userid}/ folders for each individual.
    * Review the /etc/log/samba/* log files for each connection. Turn up the smbd verbosity until enough information is provided that you see the authentication error.

    Sorry, don't think anything here will give her access, but perhaps.
    Glad to hear I at least gave a valiant effort!

    - I will disable the guest account once things get working, that was one of my failed tests.
    - permissions on Shared are I am the owner, group is twinpeaks (with both of us in it) and permissions are 0775.
    - Did verify all users are in lower case on server, will check her machine, one thing I did not think of!
    - I am not intentionally running WINS, so I guess I can disable? I would hope I would know if I have that running!
    - Any recommendations on masks? Still new to all of this permission stuff, my goal is to get it up and running and then tune it up, since it is just my wife and I who have access right now.
    - I have several shares of files that are used on several machines by several users (my wife, me, and some HTPC machines, soon my son), not sure the [Homes] will meet most of those needs, though it may be a good item for the personal directories (FYI, [Shared] is not the only share i have, one of 12, just trying to get one working first)
    - will look a the logs, tried last night but still learning where all of them are.

    Thanks, will let others know how tonight goes with this new information.

  8. #8
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: SAMBA discriminates against my wife

    Good luck! I wrote that tutorial originally when I set up my 10.04 server and ran into a ton of conflicting information. so far it still works for 12.04 and Debian Wheezy.

    Hope it works for you, too.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  9. #9
    Join Date
    Mar 2010
    Location
    Metro-ATL; PM free zone.
    Beans
    Hidden!
    Distro
    Lubuntu 14.04 Trusty Tahr

    Re: SAMBA discriminates against my wife

    I suggested the [Homes] as a way to validate each userid is working. If they can access their [Home], then the password/userid is configured and working. Sorry, I didn't explain that at all.

    I have 3 different shares:
    * [homes] (per-user files)
    * Data (shared for different people)
    * Backups (only way that I've found to actually backup Windows stuff)

  10. #10
    Join Date
    Sep 2008
    Beans
    17

    Re: SAMBA discriminates against my wife

    Understand now!

    Setup with the homes directories and was able to access with both users! I assume that will get me closer to a solution???!?

    One note, if I used 'valid users = %s' in the homes section, I could not access with either user (mine that works on all or hers that works on non) and got a login prompt when clicked on share.

    So with this information what is my next step? I can get it running, but there is still something seriously wrong since I now can only have her account see her home directory.

    Thanks!

Page 1 of 3 123 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •