Samba Problem

Home » CentOS » Samba Problem
CentOS 20 Comments

Hello,

I am trying to learn how to use Samba. I first just want to get it to work, then I’ll make it better. I am not concerned about security since everything is on a private network. I am following the material in “CentOS 6 Linux Server Cookbook” by Jonathan Hobson. I am using two virtual computers with Virtual Box running on Fedora 19.
Both virtual computers have bridged networking. One virtual computer is Win7, the other is CentOS 6.4. They are both up to date. There is only one user, “admin”, on the CentOS
virtual computer.

The Win7 computer can successfully ping the CentOS computer.

My Win7 computer can not see the share on the Samba server.

The command “# testparm” shows no errors.

The command below gives the following error:

[admin@CentOS ~]$ smbclient //CentOS/admin Enter admin’s password:
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.9-151.el6_4.1]
tree connect failed: NT_STATUS_ACCESS_DENIED

My smb.conf file, below, is taken from the book I am using.

Any suggestions or help would be much appreciated.

Thank you, Joe Hesse

[global]
unix charset = UTF-8
dos charset = CP932
workgroup = WORKGROUP
server string = CentOS
netbios name = CentOS
dns proxy = no wins support = no interfaces = 127.0.0.0/8 192.168.0.0/24 eth0
bind interfaces only = no log file = /var/log/samba/log.%m max log size = 1000
syslog only = no syslog = 0
panic action = /usr/share/samba/panic-action %d security = user encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\
spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes map to guest = bad user usershare allow guests = no domain master = no local master = no preferred master = no os level = 8
[homes]
comment = Home Directories browseable = yes writable = yes valid users = %S
create mask 55
directory mask 55

20 thoughts on - Samba Problem

  • Hello Joseph,

    Is the samba service runing?

    $ service smb start
    $ service nmb start

    You will also need to configure the firewall for the following ports,
    137, 138, 139 and 445.

  • Both services are running. I checked with “service smb status” and
    “service nmb status” Also checked with chkconfig –list The ports are open. I checked with “system-config-firewall” and the ports for Samba and Samba Client are open.

  • Did you create the a samba account “admin”, to test you can do the following
    $ smbclient -L localhost -U “sambausername”

    You will also need to check the SELinux label for the directory that you are sharing.

    Kind Regards Earl Ramirez GPG Key: http://trinipino.com/PublicKey.asc

  • you’ll need to run

    smbpasswd -a admin

    on the samba server, and give the ‘admin’ SMB user a password. Samba can’t use the unix /etc/password|shadow combination as the hashes used by SMB aren’t compatible.

  • I used “smbpasswd “to assign a Samba password to user “admin”. My Win7
    virtual machine still couldn’t see the share. It is my impression that the smb.conf file in the book I am using allows passwordless access to the shares.

    Also, if it helps, here is some more output.

    [root@CentOS ~]# smbclient -L localhost -U
    Enter root’s password:
    Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.6.9-151.el6_4.1]

    Sharename Type Comment
    ——— —- —–

  • Passwordless? I don’t think so. Are you using ‘connect as different user’ when you try to map the share? If you aren’t authenticating as the ‘admin’ user you won’t even see the home share for that user. If you are logged in as admin on the windows box in the same workgroup it might just happen to work without re authenticating.


  • Are you able to authenticate to the samba server from the Windows 7
    machine?

    What is the out put from smbclient -L localhost -U admin?

    I saw that you have the home directory enabled, by default SELinux does not permit access to the home directory, unless you enable the boolean

    $ sudo setsebool -P samba_enable_home_dirs on

    When you try to access the samba share from the windows 7 machine, what is happening? Are you being prompt for the credentials?

    If you do not have a backup of the smb.conf file, I have placed a copy from a clean install [0]

    [0] http://trinipino.com/share/smb.conf

  • You can connect to a samba share without user or password authentication. That’s how I have my server setup at my house. I dont know the settings off hand but illpost them shortly

    —–Original Message—

  • You can set “security = share”

    I had mine set to see the user share but I changed my setup

    —–Original Message—

  • are share passwords even supported anymore? that was the default mode for windows 3.x and 95-98 sharing, each share could have two passwords, one for read-only and one for write, and there was no concept of a user.

    what Ive always found works adequately is to create a smbpassword for each windows user, with the same password as they log onto their desktop. then windows will just autoconnect. if you have unix clients, use nfs, not smb!!

    what works *best* is to have active directory or another ldap+kerberos implementation, and have all your windows systems joined to the domain and users logging onto domain accounts. THEN you share to the domain accounts and its all good.

    windows 7 and newer default to requiring more strict encryption and authentication, which older systems may not provide by default.

  • when I set it to share I don’t need a password….its configure like an anonymous file server. but I can tune the settings in actual shared section of the conf file

    —–Original Message—–
    From: John R Pierce Sent: Friday, October 04, 2013 11:43 PM
    To: CentOS@CentOS.org Subject: Re: [CentOS] Samba problem

    are share passwords even supported anymore? that was the default mode for windows 3.x and 95-98 sharing, each share could have two passwords, one for read-only and one for write, and there was no concept of a user.

    what Ive always found works adequately is to create a smbpassword for each windows user, with the same password as they log onto their desktop. then windows will just autoconnect. if you have unix clients, use nfs, not smb!!

    what works *best* is to have active directory or another ldap+kerberos implementation, and have all your windows systems joined to the domain and users logging onto domain accounts. THEN you share to the domain accounts and its all good.

    windows 7 and newer default to requiring more strict encryption and authentication, which older systems may not provide by default.


    john r pierce 37N 122W
    somewhere on the middle of the left coast

  • This intrigued me enough, to fire up two VMs in VirtualBox, one Win7, one CentOS, bridged network, and copied your Samba configuration, used it as you pasted it in the original message.

    There are some questionable options in your smb.conf. For example, there is an “interfaces” option, which is meant to limit the network interfaces on which Samba listens, but then there is “bind interfaces only = no” which negates the former. Also there is “browsable = yes” in the [homes] share definition, which I think makes one user’s home directory visible to other users, which is not usually what you want. That said, your configuration should still work fine.

    In my case, to get it to work, I had to do “smbpasswd -a admin” and give admin a samba password, which made it possible for user admin to browse his own share _on_the_localhost_ (on CentOS machine).

    To be able to browse if from Windows, either:

    1. You need to also be logged in as “admin” in Windows 7 (worked for me when I logged in as “admin” on Win7) or,

    2. You need to create a user mapping, but adding a line in the [Global]
    section of /etc/samba/smb.conf reading “username map =
    /etc/samba/username.map” and the edit “/etc/samba/usename.map” and add one line in it with “SambaUsername = WindowsUsername”. For example. the line
    “admin = marios” inside /etc/samba/username.map worked for me while logged in Win7 as “marios” (not as admin any more).

    I hope the above are useful.


    Marios Zindilis

  • On some Windows 7 systems (not all in my experience), you’ll need to adjust the LAN Manager authentication level. To do this,
    1. Launch *gpedit.msc*
    2. Then under *Computer Management* drill down to *Windows Settings*->*Security Settings*->*Local Policies*->*Security Options*
    3. On the right hand side, scroll down to *Network security: LAN Manager authentication level* and double-click it
    4. In the drop down, select *Send LM & NTLM – use NTLMv2 session security if negotiated*

    I’m not sure sure what exactly causes some *just-built* Windows 7 PC’s to require this setting. For instance, on the network I manage, I’d say that 30% of just-built Windows 7 PC’s require this settings while others function just fine when it is left as *Not Defined*!

    Hope that helps you!

    ak.

  • What worked for me is to have a Windows user with the same name as the user on the CentOS computer and set a Samba password to be the same on both machines. What confused me is that many times I log on to a service on another computer and only have to know the name and password of the computer I am logging in to.

    My real home network consists of my wife’s Windows computer and multiple Linux desktops. I backup my computers using rsync. For the windows computer I looked at Cygwin which has the rsync program but decided instead to map a drive letter on her computer to a Samba share. She then could use the Windows backup program and backup to the Samba share. Afaik, the Windows backup program mirrors the selected files on the backup device. She has no need of restoring files prior to a certain date.

  • *I* setup BackupPC at work for backing up a hetereogenous development server environment… this runs on a beefy linux box with a big disk farm, and ‘pulls’ the backups from the various target systems (a mix of Windows, Solaris, AIX, and Linux in my case). you can use a variety of different protocols for the backups, including rsync, nfs… for the several windows servers, I use a stripped down cygwin/rsync package, running in ‘services’ mode on the windows box, and pull the files via that. for my database servers, the backup runs a SQL script on the target that does a database dump, then it backs up that dump file rather than the raw datafiles.

    BackupPC does incremental backups that are totally deduplicated by the use of hard links, and compresses the individual files. I’m backing up something like 15 servers and VMs, and have daily incrementals going back a couple weeks, weeklies going back a couple months, and monthlies going back to May when I started, and the WHOLE thing is only using like
    1.5TB of disk space. wow. I planned for up to 32TB, using a whole lot of 3TB drives in raid60, with XFS.

    BackupPC has a web interface so a user can browse their own backups and pull back a file or directory or what from any point in time.

  • Yes, I was going to recommend BackupPC too. The de-dupe scheme lets you keep a fairly long history on line without using a lot of disk space. It can work directly with windows shares, but it is not that much trouble to set up rsync.

  • Hello,

    My only hard drive failed on a private server so I had to replace it and reinstall CentOS 6.5 and Samba. My smb.conf file is OK according to “testparm”. I configured smb and nmb, with chkconfig, to start when the system boots.

    After the system boots if I do “service nmb status” I get the response
    “nmbd dead but pid file exists”. I can delete the pid file manually and start nmb with “service nmb start”. The problem is that when the system shuts down and restarts I still find that “nmbd dead but pid file exists”.

    Any suggestions on how to fix the problem would be much appreciated.

    Thank you, Joe

  • Em 12-05-2014 18:33, Joseph Hesse escreveu:

    Tried looking at samba logs at /var/log/samba/ or even /var/log/messages for related logs? Out in the blue is hard to guess how to fix because we don’t know what’s broken..

    You may want to:
    1. tail -f /var/log/samba/* /var/log/messages | less
    2. service nmb restart
    3. service nmb status if it’s dead again, check the tail output

    Cheers, Marcelo

  • Hi everybody,

    I have to mount a DNS backend on Samba 4. I made a lot of search but all send me to “samba-tool” which will allow me to create the dns backend. I
    wonder if “samba-tool” is absent in the samba package ? :s

    If anyone have a piece of answer, it will be very kind.

    Thank you

LEAVE A COMMENT