Samba Set Up Trouble

John Wheat jwheat71 at cox.net
Sun Dec 23 20:02:45 MST 2007 

Craig White wrote:
> On Sun, 2007-12-23 at 18:22 -0700, John Wheat wrote:
>   
>> Craig White wrote:
>>     
>>> On Sun, 2007-12-23 at 15:36 -0700, John Wheat wrote:
>>>   
>>>       
>>>> I am trying to set up Samba to use with my wife's Vista laptop. My 
>>>> System the samba server is Debian Etch and I have added an account for 
>>>> her (Holly) on my debian sysytem but whn I try to login to the shares on 
>>>> my Debian system from the laptop it will only allow me to login with my 
>>>> Linux account and not hers. Is this because I (user "john") is the 
>>>> account that is logged into the Debian host? Should I be able to access 
>>>> these shares essentially my /home from the laptop logging in with 
>>>> Holly's credentials.  Would have something to do with tis line in teh 
>>>> smb.conf file:
>>>> # By default, \\server\username shares can be connected to by anyone
>>>> # with access to the samba server.
>>>> # The following parameter makes sure that only "username" can connect
>>>> # to \\server\username
>>>> # This might need tweaking when using external authentication schemes
>>>>    valid users = %S
>>>> I don't know what this means  "valid users = %----
>>>>         
>>>> #1 - have sympathy on lists and remove comment lines. You can do this
>>>>      easily with smb.conf by typing 'testparm -s > /tmp/samba.conf'
>>>>      and giving us the output of that file (/tmp/samba.conf)
>>>>
>>>> #2 - The 'Macros' like %S are described in samba man page which can
>>>>      be gotten by typing 'man smb.conf' in a console/terminal or
>>>>      opening Konqueror and typing 'man smb.conf' in the address bar
>>>>
>>>> #3 - Samba's requirement for users is that they are a user in Linux
>>>>      and a samba user too (same name)...therefore, after you create
>>>>      the user 'holly' in Debian, get a terminal and type...
>>>>
>>>>      smbpasswd -a holly
>>>>
>>>>      which will then prompt you for a password for 'user' holly
>>>>
>>>> Craig
>>>>
>>>> ---------------------------------------------------
>>>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>>>
>>>>     
>>>>         
>> This is the output of testparm -s
>> [global]
>>     workgroup = JHBBZ
>>     server string = %h server
>>     obey pam restrictions = Yes
>>     passdb backend = tdbsam
>>     passwd program = /usr/bin/passwd %u
>>     passwd chat = *Enter\snew\sUNIX\spassword:* %n\n 
>> *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
>>     syslog = 0
>>     log file = /var/log/samba/log.%m
>>     max log size = 1000
>>     printcap name = cups
>>     dns proxy = No
>>     wins support = Yes
>>     panic action = /usr/share/samba/panic-action %d
>>     invalid users = root
>>
>> [homes]
>>     comment = Home Directories
>>     valid users = %S 
>>     read only = No
>>     create mask = 0775
>>     directory mask = 0700
>>
>> [printers]
>>     comment = All Printers
>>     path = /var/spool/samba
>>     create mask = 0700
>>     printable = Yes
>>     browseable = No
>>
>> [print$]
>>     comment = Printer Drivers
>>     path = /var/lib/samba/printers
>>
>> [John]
>>     path = /home/john
>>     valid users = holly, Holly
>>     read only = No
>>     guest ok = No
>>
>> Is the %S in [homes] restricting access to "user" john only for 
>> /home/john ?
>>
>> I have added "user" holly to smbpasswd and her account cannot login from 
>> vista do I need to specify an absolute path to smbpasswd?
>>     
> ----
> nah...Windows can be funky.
>
> If you have signed onto Windows and mounted //SERVER/HOMES as one user,
> you probably can't mount it as another user unless you reboot, possibly
> log off (but if you are using Vista 'HOME' logging off isn't likely to
> work because of 'fast user switching').
>
> Make sure that you can access it from Linux...it's very easy to test.
> Watch...
>
> $ smbclient //srv1/homes -U craig
> Password:
> Domain=[AZAPPLE] OS=[Unix] Server=[Samba 3.0.23b-0.1.el4.kde]
> smb: \> ls
>   .                                   D        0  Tue Aug 29 15:38:22
> 2006
>   ..                                  D        0  Tue Jun 24 06:22:14
> 2003
>
>                 34451 blocks of size 2097152. 3134 blocks available
> smb: \> quit
>
> [craig at lin-workstation ~]$ smbclient //srv1/homes -U administrator
> Password:
> Domain=[AZAPPLE] OS=[Unix] Server=[Samba 3.0.23b-0.1.el4.kde]
> lssmb: \> ls
>   .                                   D        0  Tue Aug 29 15:38:22
> 2006
>   ..                                  D        0  Tue Jun 24 06:22:14
> 2003
>
>                 34451 blocks of size 2097152. 3134 blocks available
> smb: \> quit
>
> Once you know the 'user' (-U USER_NAME) can access the files, whether
> you access from Linux or Windows isn't material since smbclient is a
> real cifs/smb client, just like a Windows computer.
>
> The problem exists however, that it's really not possible [1] to connect
> to the same server (in this case, your samba server) as 2 different
> users simultaneously and sometimes even though you tell a Windows
> desktop computer to disconnect, it doesn't completely disconnect as user
> A so you can connect as user B. Take your complaints to Microsoft as it
> is their problem.
>
> Also, noting 'holly / Holly' - if you make all your users lower case,
> you never have issues. Windows networking schema is not case sensitive.
> Therefore, to samba holly=Holly. To Linux though holly!=Holly
> Generally, life is simpler when you use 'groups' and john and holly both
> belong to Linux group called 'Users' and samba group called 'users' (you
> can actually 'groupmap' them and then you don't have to even create a
> samba group at all...and then 'valid users = @users'
>
> Craig
>
> [1] it is technically possible to simultaneously connect as 2 different
> users but you would have to set 'security = share' in smb.conf which is
> a REALLY BAD IDEA. This is a mode that mimics the very much outdated
> Windows 95/98 networking mechanics which means that a separate
> user/password is needed for each share, it is slated for removal and is
> a real PITA (and may not even be supported by Vista client...I have no
> idea)
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>   
Part of my issue is cleared up she will just have to login with my user.
I cannot even connect to the share from Linux as "user" john. I also 
cannot do so from windows anymore either. I am not sure now what I have 
messed up. I am going to see if I can find a mostly working config I had 
in Ubuntu.

More information about the PLUG-discuss mailing list