[plug] SAMBA on Fedora Core 4

Craig Ringer craig at postnewspapers.com.au
Sat Aug 27 17:55:50 WST 2005


On Sat, 2005-08-27 at 12:56 +0800, Daniel J. Axtens wrote:

> > This sounds like a file pemissions problem..... so I set all read/write
> > permissions on the extra drives to allow "nobody". (basically no secuiry at
> > all), yet Windows still cannot access the shares. 
> 
> >  I don't think SAMBA is the problem.......
> Well, check your /etc/fstab. You may need to set the uid of the file
> system to nobody. Alternately, you may need to set the umask to
> something like 0000.

Note that these are only meaningful if you're trying to share a FAT32
drive, or some other filesystem that doesn't understand POSIX
permissions.



The point here is that there are two levels of permissions involved.
Just like on Windows, you have "share permissions" (which are specific
to network access via SMB) then you have filesystem permissions (which
apply to all users, and which must *ALSO* permit the desired action).

So, to get access to a file, Samba must be able to authenticate you
(note that guest auth can be done automatically) and map your network
identity to a local user. That local user must then have permission to
do what you've asked Samba to do.

This means, for example, that if you're authenticating as "Bob Smith",
should be "bsmith" locally, and are trying to delete /sharedir/fred.txt:

   - You must supply the correct password for "Bob Smith", if any
   - Samba must know that "Bob Smith" is "bsmith" locally. This
     is usually done with the "username map" directive in
     smb.conf .
   - Samba must have been told in its configuration to grant bsmith
     access to /sharedir
   - The filesystem permissions on /sharedir and /sharedir/fred.txt
     must permit bsmith to delete it.

Unfortunately, the Samba log files are remarkably unhelpful in
determining why it's refusing to let you do something, so if you're not
familiar with UNIX permissions etc this can be very frustrating.

Just to make things more fun, Windows encrypts passwords differently to
UNIX systems, so Samba can't use your stored UNIX password to
authenticate you. If you want to use anything other than an anonymous
'guest' account you must use `smbpasswd' to set the password for Samba.

Given all this, it's very hard to say what's wrong without knowing:

  - how Samba is configured (does it treat all unknown users as guest?
    does it permit guest access?)
  - How you're trying to access it (guest? authenticated user?)
  - What setup you've done (do you have the same username
    remotely and locally or have you set up a map to tell Samba who you
    are? have you used smbpasswd to set your Samba password?)

Perhaps posting your smb.conf and /etc/samba/smbusers (this does NOT
contain passwords) would help, along with explaining what your Windows
user name is and how you want your security to work. Do you want
everyone to have guest access with no security? Do you want
username/password logins? etc.

In case you hadn't guessed yet, Samba isn't the easiest tool if you just
want to share a few files. It's kind of like installing MS Win2k3 server
on your laptop to share a printer ;-)

--
Craig Ringer




More information about the plug mailing list