Results 1 to 7 of 7
Thread: Samba security problem
|
Enjoy an ad free experience by logging in. Not a member yet? Register.
|
|
-
10-20-2011 #1
- Join Date
- Sep 2011
- Location
- Tulsa, Oklahoma
- Posts
- 5
Samba security problem
Thanks in advance.
Clinton
-
10-21-2011 #2
- Join Date
- Oct 2011
- Posts
- 50
You can start by posting your samba configs. Are you authenticating when accessing the share from the xp pc?
-
10-21-2011 #3
- Join Date
- Sep 2011
- Location
- Tulsa, Oklahoma
- Posts
- 5
Samba will let me authenticate to the server as the smb user. I can then see everything in the share so I have read access, but I can't write to it or create a file or directory there. It's got to be a rights issue. I'm just not familiar enough with Samba to see where. I've changed the SMB.CONF file so many times... The current version is:
[global]
workgroup = KEITH
netbios name = UBUNTU
guest account = smbuser
os level = 65
valid users = smbuser
admin users = smbuser
read list = smbuser
write list = smbuser
[home]
path = /home
username = smbuser
force group = root
read only = no
create mask = 0775
directory mask = 0775
As I said, I've changed this so many times that my brain is numb. Any help would be greatly appreciated!
Clinton
-
10-22-2011 #4
- Join Date
- Oct 2011
- Posts
- 50
Change the [home] section to this:
Code:[USERhome] path = /home/USER force group = root read only = no create mask = 0775 directory mask = 0775 valid users = USER
If you login to the whole /home dir using smbuser username then you won't have write permissions because the files from /home are owned by other users
-
10-27-2011 #5
- Join Date
- Sep 2011
- Location
- Tulsa, Oklahoma
- Posts
- 5
OK, so I tried that and it didn't work. Since the server hasn't gone production yet I decided to 'punt'.
I rebuilt the server from scratch so that everything would be in the 'known state'. I created all the users at build time. Then I installed Samba, and then set up the users using smbpasswd. Then I setup the server as a PDC and my workstation as a member of the domain. I can login to the domain. I can see the /home directory. I can read all of it , but I cannot create anything even though my ID is a member of the 'root' group. Here is the contents of the smb.conf file. For the record, I'm going to call someone who knows more about this than I do and pay them money to fix this.
[global]
workgroup = Keith
netbios name = UBUNTU
passdb backend = tdbsam
os level = 65
preferred master = auto
domain master = yes
local master = yes
security = user
domain logons = yes
guest ok = no
admin users = @root
encrypt passwords = yes
[netlogon]
path = /var/lib/samba/netlogon
read only = yes
[home]
path = /home/
read only = no
create mask = 0775
directory mask = 0775
browsable = yes
Regards
Clinton
-
11-03-2011 #6
i'd suggest adding:
Code:writeable = yes
also, you need to make sure your UNIX permissions are set accordingly. Samba permissions do not override UNIX permissions. if you are logging on as user1 and user1 or the group(s) user1 belong to do not have write permission to a file/directory, it won't happen.linux user # 503963
-
11-09-2011 #7
- Join Date
- Sep 2011
- Location
- Tulsa, Oklahoma
- Posts
- 5
Hi All,
Just so you know... I had the expensive guys out on Monday and after 2 hours their expert was at the same point that I was at six weeks ago. Then he got frustrated and left with a copy of the .conf file and the CD I used to install the OS. I haven't seen him since. I don't bother people with simple questions. The server is working now and I wanted to have a copy of this online so that I can access it if I should need it later...
The OS is CENT6 and SAMBA 3.5.9 (I think, whatever is current)
1) Install OS and updates
2) Create users ( and home directories)
3) Install SAMBA
4) Create users as SAMBA users (smbpasswd -a <userID>)
5) Make directory structure as needed (in my case create a 'Shared' directory)
6) Setup SELinux
A) Setsebool -t samba_share_t /home (there is a -R (recursive) in there somewhere that flags all this.)
B) Setsebool again to flag all this 'RW' (I think the default is 'read only')
7) Write the smb.conf file. I tried everything and in the end I wrote the file form scratch using a text editor. The one that came with SAMBA is...
Requirements:
A user ID and password must be required for access.
All workstations must have access. ( OS versions include XP Home, Pro, Media Edition, as well as Vista and 7.)
No other servers exist so ADS won't work. The machine running 'Home' is the accountant's so the Domain model won't work as well. This leaves 'share' or 'user' security. Share is 'depricated' so that leaves 'user'.
Here is the smb.conf file:
[global]
workgroup = Keith
netbios name = Ubuntu
security = user
[home]
path = /home/
writable = yes
force group = Keith
browseable = yes
I created a group on the Linux box called 'Keith' that my users are part of. Each of the users mapped their drives using their own UID. Life is good!
Best Regards,
Clinton