Samba Set Up Trouble

[Craig White]

On Sun, 2007-12-23 at 18:22 -0700, John Wheat wrote:
> Craig White wrote:
> > On Sun, 2007-12-23 at 15:36 -0700, John Wheat wrote:
> >   
> >> I am trying to set up Samba to use with my wife's Vista laptop. My 
> >> System the samba server is Debian Etch and I have added an account for 
> >> her (Holly) on my debian sysytem but whn I try to login to the shares on 
> >> my Debian system from the laptop it will only allow me to login with my 
> >> Linux account and not hers. Is this because I (user "john") is the 
> >> account that is logged into the Debian host? Should I be able to access 
> >> these shares essentially my /home from the laptop logging in with 
> >> Holly's credentials.  Would have something to do with tis line in teh 
> >> smb.conf file:
> >> # By default, \\server\username shares can be connected to by anyone
> >> # with access to the samba server.
> >> # The following parameter makes sure that only "username" can connect
> >> # to \\server\username
> >> # This might need tweaking when using external authentication schemes
> >>    valid users = %S
> >> I don't know what this means  "valid users = %----
> 
> >> #1 - have sympathy on lists and remove comment lines. You can do this
> >>      easily with smb.conf by typing 'testparm -s > /tmp/samba.conf'
> >>      and giving us the output of that file (/tmp/samba.conf)
> >>
> >> #2 - The 'Macros' like %S are described in samba man page which can
> >>      be gotten by typing 'man smb.conf' in a console/terminal or
> >>      opening Konqueror and typing 'man smb.conf' in the address bar
> >>
> >> #3 - Samba's requirement for users is that they are a user in Linux
> >>      and a samba user too (same name)...therefore, after you create
> >>      the user 'holly' in Debian, get a terminal and type...
> >>
> >>      smbpasswd -a holly
> >>
> >>      which will then prompt you for a password for 'user' holly
> >>
> >> Craig
> >>
> >> ---------------------------------------------------
> >> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> >> To subscribe, unsubscribe, or to change your mail settings:
> >> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >>
> >>     
> 
> This is the output of testparm -s
> [global]
>     workgroup = JHBBZ
>     server string = %h server
>     obey pam restrictions = Yes
>     passdb backend = tdbsam
>     passwd program = /usr/bin/passwd %u
>     passwd chat = *Enter\snew\sUNIX\spassword:* %n\n 
> *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
>     syslog = 0
>     log file = /var/log/samba/log.%m
>     max log size = 1000
>     printcap name = cups
>     dns proxy = No
>     wins support = Yes
>     panic action = /usr/share/samba/panic-action %d
>     invalid users = root
> 
> [homes]
>     comment = Home Directories
>     valid users = %S 
>     read only = No
>     create mask = 0775
>     directory mask = 0700
> 
> [printers]
>     comment = All Printers
>     path = /var/spool/samba
>     create mask = 0700
>     printable = Yes
>     browseable = No
> 
> [print$]
>     comment = Printer Drivers
>     path = /var/lib/samba/printers
> 
> [John]
>     path = /home/john
>     valid users = holly, Holly
>     read only = No
>     guest ok = No
> 
> Is the %S in [homes] restricting access to "user" john only for 
> /home/john ?
> 
> I have added "user" holly to smbpasswd and her account cannot login from 
> vista do I need to specify an absolute path to smbpasswd?
----
nah...Windows can be funky.

If you have signed onto Windows and mounted //SERVER/HOMES as one user,
you probably can't mount it as another user unless you reboot, possibly
log off (but if you are using Vista 'HOME' logging off isn't likely to
work because of 'fast user switching').

Make sure that you can access it from Linux...it's very easy to test.
Watch...

$ smbclient //srv1/homes -U craig
Password:
Domain=[AZAPPLE] OS=[Unix] Server=[Samba 3.0.23b-0.1.el4.kde]
smb: \> ls
  .                                   D        0  Tue Aug 29 15:38:22
2006
  ..                                  D        0  Tue Jun 24 06:22:14
2003

                34451 blocks of size 2097152. 3134 blocks available
smb: \> quit

[craig at lin-workstation ~]$ smbclient //srv1/homes -U administrator
Password:
Domain=[AZAPPLE] OS=[Unix] Server=[Samba 3.0.23b-0.1.el4.kde]
lssmb: \> ls
  .                                   D        0  Tue Aug 29 15:38:22
2006
  ..                                  D        0  Tue Jun 24 06:22:14
2003

                34451 blocks of size 2097152. 3134 blocks available
smb: \> quit

Once you know the 'user' (-U USER_NAME) can access the files, whether
you access from Linux or Windows isn't material since smbclient is a
real cifs/smb client, just like a Windows computer.

The problem exists however, that it's really not possible [1] to connect
to the same server (in this case, your samba server) as 2 different
users simultaneously and sometimes even though you tell a Windows
desktop computer to disconnect, it doesn't completely disconnect as user
A so you can connect as user B. Take your complaints to Microsoft as it
is their problem.

Also, noting 'holly / Holly' - if you make all your users lower case,
you never have issues. Windows networking schema is not case sensitive.
Therefore, to samba holly=Holly. To Linux though holly!=Holly
Generally, life is simpler when you use 'groups' and john and holly both
belong to Linux group called 'Users' and samba group called 'users' (you
can actually 'groupmap' them and then you don't have to even create a
samba group at all...and then 'valid users = @users'

Craig

[1] it is technically possible to simultaneously connect as 2 different
users but you would have to set 'security = share' in smb.conf which is
a REALLY BAD IDEA. This is a mode that mimics the very much outdated
Windows 95/98 networking mechanics which means that a separate
user/password is needed for each share, it is slated for removal and is
a real PITA (and may not even be supported by Vista client...I have no
idea)