Cannot write to Samba shares

English Network/Internet
1

Using SuSE 11./4 on two machines. Successfully set up a server to share a folder. The client is able to read files from the folder, but not write to them. From the client perspective, the shared folder permissions are read and write if owner, read only for all others. However, the server shared folder has been set up for sharing, and the permissions are set for read and write to all.

One more thing. When the client goes into the samba share, it sees the workgroup. Clicking into that, it sees the name of the server computer. Clicking into that, it sees two folders: “profiles” and “users”. Clicking into “users” goes into the shared folder. I tried setting the permissions from the client side on the “users” folder using root privileges to allow reading and writing without any success.

Any help would be appreciated. Thanks.

2

On Thu September 15 2011 02:16 pm, Parthenolide wrote:

>
> Using SuSE 11./4 on two machines. Successfully set up a server to share
> a folder. The client is able to read files from the folder, but not
> write to them. From the client perspective, the shared folder
> permissions are read and write if owner, read only for all others.
> However, the server shared folder has been set up for sharing, and the
> permissions are set for read and write to all.
>
> One more thing. When the client goes into the samba share, it sees the
> workgroup. Clicking into that, it sees the name of the server computer.
> Clicking into that, it sees two folders: “profiles” and “users”.
> Clicking into “users” goes into the shared folder. I tried setting the
> permissions from the client side on the “users” folder using root
> privileges to allow reading and writing without any success.
>
> Any help would be appreciated. Thanks.
>
>
Parthenolide;

Can you post the contents of /etc/samba/smb.conf. Just replace any sensitive
data (e.g. public IPs) with substitute values. In addition these tutorials
might help:

http://opensuse.swerdna.org/suselanprimer.html
and
http://opensuse.swerdna.org/susesambaserver.html

P. V.
“We’re all in this together, I’m pulling for you.” Red Green

3

Client Side:

smb.conf is the main Samba configuration file. You find a full commented

version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the

samba-doc package is installed.

Date: 2011-07-28

[global]
workgroup = WORKGROUP
passdb backend = tdbsam
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
include = /etc/samba/dhcp.conf
logon path = \%L\profiles.msprofile
logon home = \%L%U.9xprofile
logon drive = P:
usershare allow guests = Yes
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[profiles]
comment = Network Profiles Service
path = %H
read only = No
store dos attributes = Yes
create mask = 0600
directory mask = 0700
[users]
comment = All users
path = /home
read only = No
inherit acls = Yes
veto files = /aquota.user/groups/shares/
[groups]
comment = All groups
path = /home/groups
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin root
force group = ntadmin
create mask = 0664
directory mask = 0775

4

Server side:

smb.conf is the main Samba configuration file. You find a full commented

version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the

samba-doc package is installed.

Date: 2011-03-01

[global]
workgroup = WORKGROUP2
printcap name = cups
cups options = raw
map to guest = Bad User
include = /etc/samba/dhcp.conf
logon path = \%L\profiles.msprofile
logon home = \%L%U.9xprofile
logon drive = P:
usershare allow guests = Yes
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$
domain master = No
usershare max shares = 100

Share disabled by YaST

[homes]

comment = Home Directories

valid users = %S, %D%w%S

browseable = No

read only = No

inherit acls = Yes

[profiles]
comment = Network Profiles Service
path = %H
read only = No
store dos attributes = Yes
create mask = 0600
directory mask = 0700

[users]
comment = All users
path = /home/PMG/share/
read only = no
inherit acls = yes
veto files = /aquota.user/groups/shares/
guest ok = yes
inherit permissions = yes

Share disabled by YaST

[groups]

comment = All groups

path = /home/groups

read only = No

inherit acls = Yes

[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No

[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin root
force group = ntadmin
create mask = 0664
directory mask = 0775

5

BTW: The client side used to be the server. It was switched with the acquisition of a new computer.

6

On Thu September 15 2011 05:26 pm, Parthenolide wrote:

>
> Server side:
>
> # smb.conf is the main Samba configuration file. You find a full
> commented
> # version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if
> the
> # samba-doc package is installed.
> # Date: 2011-03-01
> [global]
> workgroup = WORKGROUP2
> printcap name = cups
> cups options = raw
> map to guest = Bad User
> include = /etc/samba/dhcp.conf
> logon path = \%L\profiles.msprofile
> logon home = \%L%U.9xprofile
> logon drive = P:
> usershare allow guests = Yes
> add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody
> -s /bin/false %m$
> domain master = No
> usershare max shares = 100
>
> ## Share disabled by YaST
> # [homes]
> # comment = Home Directories
> # valid users = %S, %D%w%S
> # browseable = No
> # read only = No
> # inherit acls = Yes
> [profiles]
> comment = Network Profiles Service
> path = %H
> read only = No
> store dos attributes = Yes
> create mask = 0600
> directory mask = 0700
>
> [users]
> comment = All users
> path = /home/PMG/share/
> read only = no
> inherit acls = yes
> veto files = /aquota.user/groups/shares/
> guest ok = yes
> inherit permissions = yes
>
> ## Share disabled by YaST
> # [groups]
> # comment = All groups
> # path = /home/groups
> # read only = No
> # inherit acls = Yes
> [printers]
> comment = All Printers
> path = /var/tmp
> printable = Yes
> create mask = 0600
> browseable = No
>
> [print$]
> comment = Printer Drivers
> path = /var/lib/samba/drivers
> write list = @ntadmin root
> force group = ntadmin
> create mask = 0664
> directory mask = 0775
>
>

[quote=Parthenolide]
Client Side:

smb.conf is the main Samba configuration file. You find a full

commented

version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if

the

samba-doc package is installed.

Date: 2011-07-28

[global]
workgroup = WORKGROUP
passdb backend = tdbsam
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
include = /etc/samba/dhcp.conf
logon path = \%L\profiles.msprofile
logon home = \%L%U.9xprofile
logon drive = P:
usershare allow guests = Yes
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[profiles]
comment = Network Profiles Service
path = %H
read only = No
store dos attributes = Yes
create mask = 0600
directory mask = 0700
[users]
comment = All users
path = /home
read only = No
inherit acls = Yes
veto files = /aquota.user/groups/shares/
[groups]
comment = All groups
path = /home/groups
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin root
force group = ntadmin
create mask = 0664
directory mask = 0775

[quote]

Parthenolide;
The most obvious fact is that you have different values for the workgroup
parameter in the two configs. All machines using these shares should be in
the same workgroup (Windows, Mac, or Linux). Try setting the parameter:


workgroup = WORKGROUP

in both smb.confs. You can use any valid netbios name for the value
of “workgroup=”, just make sure they are the same. After restarting smb and
nmb on both the server and client see if this helps. If not report back.


su
rcsmb restart
rcnmb restart

You may already be aware of the problem between Novell AppArmor and Samba on
OpenSuSE 11.4. You might want to turn off AppArmor for smbd and nmbd.
YaST>Novell Apparmor> AppArmor Control Panal>Set profile modes, set both
usr.sbin.[s,n]mbd to complain NOT enforce. (I don’t think this is your
problem, but just incase…)

P. V.
“We’re all in this together, I’m pulling for you.” Red Green

7

I redid the samba configuration. Here is the contents of smb.conf:
[global]
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$
domain logons = No
domain master = No
passdb backend = smbpasswd
security = user
wins support = No
workgroup = workgroup
ldap suffix =
wins server =

[PMG]
path = /home/PMG/share
read only = No
guest ok = Yes
force user = PMG

Share disabled by YaST

[netlogon]

The “share” folder share permissions have been enabled, and the permissions allow read and write access to all. However, the samba clients can read and not write to the folder /home/PMG/share.

8

On Sat September 17 2011 06:36 pm, Parthenolide wrote:

>
> I redid the samba configuration. Here is the contents of smb.conf:
> [global]
> add machine script = /usr/sbin/useradd -c Machine -d
> /var/lib/nobody -s /bin/false %m$
> domain logons = No
> domain master = No
> passdb backend = smbpasswd
> security = user
> wins support = No
> workgroup = workgroup
> ldap suffix =
> wins server =
>
> [PMG]
> path = /home/PMG/share
> read only = No
> guest ok = Yes
> force user = PMG
>
> ## Share disabled by YaST
> # [netlogon]
>
> *****
> The “share” folder share permissions have been enabled, and the
> permissions allow read and write access to all. However, the samba
> clients can read and not write to the folder /home/PMG/share.
>
Parthenolide;

What are the Linux permissions on /home/PMG/share ?


ls -ld /home/PMG/share

The nix permissions must also be satisfied to read or write a share.

I would suggest you model the global section of /etc/samba/smb.conf on
Swerdna’s HowTo. In particular, why change the password backend from the
default?, You should do something with the name resolve order and perhaps with
a bad user.

Make sure all samba users are created with


su
smbpasswd -a <username>

Each Samba username must be a valid linux user on the machine you are
configuring, the password need not be the linux login password.

Make sure that the samba server, samba client and netbios server are all
allowed through the firewall.

Make sure that both smbd and nmbd are set to start at boot.

I’ll be traveling for a few weeks, so someone else should jump in here if
needed.


P. V.
“We’re all in this together, I’m pulling for you.” Red Green

9

The global section in the smb.conf file was set up by default. The PMG section was modeled from the swerdna tutorial page.

ls -ld /home/PMG/share

drwxrwxrwx 7 PMG users 4096 Sep 17 16:35 /home/PMG/share

The smbpasswd command fails to add the user from the client site.

10

On 9/18/2011 8:06 PM, Parthenolide wrote:
>
> The global section in the smb.conf file was set up by default. The PMG
> section was modeled from the swerdna tutorial page.
>
> ls -ld /home/PMG/share
>
> drwxrwxrwx 7 PMG users 4096 Sep 17 16:35 /home/PMG/share
>
> The smbpasswd command fails to add the user from the client site.
>
>
parthenolide;

Please follow Swerdna’s HowTo. The default smb.conf that Yast sets up
is not really very good for a workgroup environment. As to adding
users, you first need to add the names as ordinary users to the server
before creating Samba users with smbpasswd.

My crystal ball is a bit cloudy, but I seem to see a faint image that
looks like you have not properly added users. Thus the client tries to
connect with a bad user and is rejected and the user is denied access.

o. The YaST defaults are not really very good in a workgroup environment.


P.V.
“We’re all in this together, I’m pulling for you” Red Green

11

I read through the tutorial. Here is the latest smb.conf:

smb.conf is the main Samba configuration file. You find a full commented

version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the

samba-doc package is installed.

Date: 2011-03-01

[global]
workgroup = WORKGROUP
passdb backend = tdbsam
netbios name = linux-idxo
name resolve order = bcast host lmhosts wins
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
include = /etc/samba/dhcp.conf
logon path = \%L\profiles.msprofile
logon home = \%L%U.9xprofile
logon drive = P:
usershare allow guests = Yes
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$
domain logons = No
domain master = No
security = user
wins support = No
wins server =
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[profiles]
comment = Network Profiles Service
path = %H
read only = No
store dos attributes = Yes
create mask = 0600
directory mask = 0700
[users]
comment = All users
path = /home
read only = No
inherit acls = Yes
veto files = /aquota.user/groups/shares/
[groups]
comment = All groups
path = /home/groups
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin root
force group = ntadmin
create mask = 0664
directory mask = 0775

[PMG]
comment = Physical Medicine Group Records
inherit acls = Yes
path = /home/PMG/share
read only = No
guest ok = Yes

Share disabled by YaST

[netlogon]

I was able to add the user PMG

pdbedit -L
PMG:1000:(user name)

I have read/write access to the /home/PMG/share folder,
and just read access to the same folder using Samba.

12

On 9/19/2011 8:16 PM, Parthenolide wrote:
>
> I read through the tutorial. Here is the latest smb.conf:
>
<snip>
>
> ****************
> I was able to add the user PMG
>
> pdbedit -L
> PMG:1000:(user name)
>
> *******
> I have read/write access to the /home/PMG/share folder,
> and just read access to the same folder using Samba.
>
Parthenolide;

Is PMG the user name on the client? Is the password on the client the
same as the Samba password you added on the server?

At this time try adding the following line to the global section of
/etc/samba/smb.conf:


log level = 1 auth:3

Check the smbd log file in /var/log/samba after the client connects to
the share and see how the client authorizes on samba.

Can you also tell us how you are trying to write to the share? In
particular are you just coping/moving a file into the share or using an
application? If an application which one? Have you first mounted the
share or simply using smb://<server>? If mounting what is the mount
command you are using?


P.V.
“We’re all in this together, I’m pulling for you” Red Green

13

Oddly, its now working. I am able to write files. Thank you very much for your help. Enjoy your upcoming travels.

Here is what you requested.

PMG is a user name on the server computer. I was unable to get add the user name of the client computer. When I added PMG using the samba password utility, I used the -n option to not have a password. What I am attempting to write on the share is the files std.vcf, std.ics and a number of other files.

#cat /var/log/samba/log.smbd

[2011/09/19 19:27:25.460663, 3] auth/auth.c:216(check_ntlm_password)
check_ntlm_password: Checking password for unmapped user [WORKGROUP][PMG]@[LINUX-IDXO] with the new password interface
[2011/09/19 19:27:25.460772, 3] auth/auth.c:219(check_ntlm_password)
check_ntlm_password: mapped user is: [LINUX-IDXO][PMG]@[LINUX-IDXO]
[2011/09/19 19:27:25.461009, 3] auth/auth_sam.c:399(check_sam_security)
check_sam_security: Couldn’t find user ‘PMG’ in passdb.
[2011/09/19 19:27:25.461055, 2] auth/auth.c:314(check_ntlm_password)
check_ntlm_password: Authentication for user [PMG] -> [PMG] FAILED with error NT_STATUS_NO_SUCH_USER
[2011/09/19 19:27:25.467404, 3] auth/auth.c:216(check_ntlm_password)
check_ntlm_password: Checking password for unmapped user [WORKGROUP][PMG]@[LINUX-IDXO] with the new password interface
[2011/09/19 19:27:25.467433, 3] auth/auth.c:219(check_ntlm_password)
check_ntlm_password: mapped user is: [LINUX-IDXO][PMG]@[LINUX-IDXO]
[2011/09/19 19:27:25.467491, 3] auth/auth_sam.c:399(check_sam_security)
check_sam_security: Couldn’t find user ‘PMG’ in passdb.
[2011/09/19 19:27:25.467502, 2] auth/auth.c:314(check_ntlm_password)
check_ntlm_password: Authentication for user [PMG] -> [PMG] FAILED with error NT_STATUS_NO_SUCH_USER
[2011/09/19 19:27:27.961592, 3] auth/auth.c:216(check_ntlm_password)
check_ntlm_password: Checking password for unmapped user [WORKGROUP][anonymous]@[LINUX-IDXO] with the new password interface
[2011/09/19 19:27:27.961675, 3] auth/auth.c:219(check_ntlm_password)
check_ntlm_password: mapped user is: [LINUX-IDXO][anonymous]@[LINUX-IDXO]
[2011/09/19 19:27:27.961902, 3] auth/auth_sam.c:399(check_sam_security)
check_sam_security: Couldn’t find user ‘anonymous’ in passdb.
[2011/09/19 19:27:27.961946, 2] auth/auth.c:314(check_ntlm_password)
check_ntlm_password: Authentication for user [anonymous] -> [anonymous] FAILED with error NT_STATUS_NO_SUCH_USER
[2011/09/19 19:27:31.299633, 3] auth/auth.c:216(check_ntlm_password)
check_ntlm_password: Checking password for unmapped user [WORKGROUP][anonymous]@[LINUX-IDXO] with the new password interface
[2011/09/19 19:27:31.299663, 3] auth/auth.c:219(check_ntlm_password)
check_ntlm_password: mapped user is: [LINUX-IDXO][anonymous]@[LINUX-IDXO]
[2011/09/19 19:27:31.299728, 3] auth/auth_sam.c:399(check_sam_security)
check_sam_security: Couldn’t find user ‘anonymous’ in passdb.
[2011/09/19 19:27:31.299738, 2] auth/auth.c:314(check_ntlm_password)
check_ntlm_password: Authentication for user [anonymous] -> [anonymous] FAILED with error NT_STATUS_NO_SUCH_USER
[2011/09/19 19:27:32.159117, 3] auth/auth.c:216(check_ntlm_password)
check_ntlm_password: Checking password for unmapped user [WORKGROUP][anonymous]@[LINUX-IDXO] with the new password interface
[2011/09/19 19:27:32.159216, 3] auth/auth.c:219(check_ntlm_password)
check_ntlm_password: mapped user is: [LINUX-IDXO][anonymous]@[LINUX-IDXO]
[2011/09/19 19:27:32.159455, 3] auth/auth_sam.c:399(check_sam_security)
check_sam_security: Couldn’t find user ‘anonymous’ in passdb.
[2011/09/19 19:27:32.159502, 2] auth/auth.c:314(check_ntlm_password)
check_ntlm_password: Authentication for user [anonymous] -> [anonymous] FAILED with error NT_STATUS_NO_SUCH_USER
[2011/09/19 19:27:32.162454, 1] smbd/service.c:678(make_connection_snum)
create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
[2011/09/19 19:27:32.901120, 3] auth/auth.c:216(check_ntlm_password)
check_ntlm_password: Checking password for unmapped user [WORKGROUP][anonymous]@[LINUX-IDXO] with the new password interface
[2011/09/19 19:27:32.901227, 3] auth/auth.c:219(check_ntlm_password)
check_ntlm_password: mapped user is: [LINUX-IDXO][anonymous]@[LINUX-IDXO]
[2011/09/19 19:27:32.901468, 3] auth/auth_sam.c:399(check_sam_security)
check_sam_security: Couldn’t find user ‘anonymous’ in passdb.
[2011/09/19 19:27:32.901514, 2] auth/auth.c:314(check_ntlm_password)
check_ntlm_password: Authentication for user [anonymous] -> [anonymous] FAILED with error NT_STATUS_NO_SUCH_USER
[2011/09/19 19:27:32.904724, 1] smbd/service.c:1070(make_connection_snum)
linux-idxo (::ffff:192.168.1.40) connect to service PMG initially as user nobody (uid=65534, gid=65533) (pid 2062)

14

I haven’t read this thread (sorry) … but aren’t you hit by the (old) apparmor bug? Check here: YAST Samba server configuration problem

15

On 9/19/2011 9:46 PM, Parthenolide wrote:
>
> Oddly, its now working. I am able to write files. Thank you very much
> for your help. Enjoy your upcoming travels.
>
> Here is what you requested.
>
> PMG is a user name on the server computer. I was unable to get add the
> user name of the client computer. When I added PMG using the samba
> password utility, I used the -n option to not have a password. What I am
> attempting to write on the share is the files std.vcf, std.ics and a
> number of other files.
>
> #cat /var/log/samba/log.smbd
>
> [2011/09/19 19:27:25.460663, 3] auth/auth.c:216(check_ntlm_password)
> check_ntlm_password: Checking password for unmapped user
> [WORKGROUP][PMG]@[LINUX-IDXO] with the new password interface
> [2011/09/19 19:27:25.460772, 3] auth/auth.c:219(check_ntlm_password)
> check_ntlm_password: mapped user is: [LINUX-IDXO][PMG]@[LINUX-IDXO]
> [2011/09/19 19:27:25.461009, 3]
> auth/auth_sam.c:399(check_sam_security)
> check_sam_security: Couldn’t find user ‘PMG’ in passdb.
> [2011/09/19 19:27:25.461055, 2] auth/auth.c:314(check_ntlm_password)
> check_ntlm_password: Authentication for user [PMG] -> [PMG] FAILED
> with error NT_STATUS_NO_SUCH_USER
<snip>
> check_sam_security: Couldn’t find user ‘anonymous’ in passdb.
> [2011/09/19 19:27:27.961946, 2] auth/auth.c:314(check_ntlm_password)
> check_ntlm_password: Authentication for user [anonymous] ->
> [anonymous] FAILED with error NT_STATUS_NO_SUCH_USER
<snip>
> linux-idxo (::ffff:192.168.1.40) connect to service PMG initially as
> user nobody (uid=65534, gid=65533) (pid 2062)
>
>
Parthenolide;

Glad to see you have it working.

Perhaps you want to leave well enough alone, but notice that from the
above log file you are not properly authenticating on the server. Your
user is being mapped to guest (User nobody) as a bad user. PMG was not
found in the password backend (nor was anonymous).

The default password backend for Samba is tdbsam. I’m guessing you did
not re-add this user when you changed backends or you did not restart
smbd.

IF you had properly added this user and the wrong password was given,
the user would be denied access and not mapped to guest (bad password vs
bad user).

You should remove (or at least comment out with #) the log level command
once you are satisfied. This will keep your log files down in size.


P.V.
“We’re all in this together, I’m pulling for you” Red Green

PS: I’m about 1500 miles(2400km) from where I was when this was all
started.

16

I was successful in adding PMG and a password to the server machine. How do I add the user on the client machine?

17

On 9/20/2011 9:36 PM, Parthenolide wrote:
>
> I was successful in adding PMG and a password to the server machine. How
> do I add the user on the client machine?
>
>
Parthenolide;

Yes, that is the easiest.

However, if your client user is Parthenolide and Parthenolide has a
valid username on the server, then Parthenolide can be added to the
Samba users on the server. Since the share is world writable,
Parthenolide will be able to write to the share. The files will be
owned by Parthenolide and not accessible by others.

You could use the “force user” parameter to make the files created owned
by PMG. That parameter is add to the share definition in
/etc/samba/smb.conf:


force user = PMG

With the above, all files written to the share or read from the share
will be done as user PMG. This is true even if the user connects to the
server as user SusieQ. The critical thing is that the users can connect
and validate on the server.

For added details see Part II of:
http://opensuse.swerdna.org/susesambaserver.html

In particular see the example share #8. If you also allow guest access
guests too will connect to the share as PMG.

P.V.
“We’re all in this together, I’m pulling for you” Red Green

18

Further to what P.V. says:
You’ve made Linux the permissions on the directory named “share” to be world accessible and writeable drwxrwxrwx.
You’ve got “guest ok = yes” so you want the world to get in without passwords and usernames.
So forget about passwords and samba user databases in relation to that share because you want everyone to access it and to write in it.
And the suggestion by P.V. to add “force user = PMG” will make every guest appear and act inside the share as if they are the user PMG – so that all the files and directories in there will end up with Linux ownerships and permissions that work nicely in that share.

19

I guess I wasn’t clear. I was wondering how to add a user with smbpasswd located on a remote computer, and not a user located on the server computer.

Anyway, here is the latest. I added the force user = PMG in the [global] section.

linux-idxo:/var/log/samba # cat /etc/samba/smb.conf

smb.conf is the main Samba configuration file. You find a full commented

version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the

samba-doc package is installed.

Date: 2011-03-01

[global]
workgroup = WORKGROUP
passdb backend = tdbsam
netbios name = linux-idxo
name resolve order = bcast host lmhosts wins
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
include = /etc/samba/dhcp.conf
logon path = \%L\profiles.msprofile
logon home = \%L%U.9xprofile
logon drive = P:
usershare allow guests = Yes
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$
domain logons = No
domain master = No
security = user
wins support = No
log level = 1 auth:3
ldap suffix =
wins server =
force user = PMG
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[profiles]
comment = Network Profiles Service
path = %H
read only = No
store dos attributes = Yes
create mask = 0600
directory mask = 0700
[users]
comment = All users
path = /home
read only = No
inherit acls = Yes
veto files = /aquota.user/groups/shares/

[groups]
comment = All groups
path = /home/groups
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin root
force group = ntadmin
create mask = 0664
directory mask = 0775

[PMG]
comment = Physical Medicine Group Records
inherit acls = Yes
path = /home/PMG/share
read only = No
guest ok = Yes

Share disabled by YaST

[netlogon]

accessing the share folder from the computer linux-idxo, from the user PMG. Note linux-idxo hosts the samba server. Also note, I used smbpasswd to remove and add PMG thinking I had a password problem. I made sure the password was tbdsam.

linux-idxo:/var/log/samba # cat log.smbd
[2011/09/21 19:12:03.386123, 3] auth/auth.c:216(check_ntlm_password)
check_ntlm_password: Checking password for unmapped user [WORKGROUP][PMG]@[LINUX-IDXO] with the new password interface
[2011/09/21 19:12:03.386246, 3] auth/auth.c:219(check_ntlm_password)
check_ntlm_password: mapped user is: [LINUX-IDXO][PMG]@[LINUX-IDXO]
[2011/09/21 19:12:03.390170, 2] auth/auth.c:314(check_ntlm_password)
check_ntlm_password: Authentication for user [PMG] -> [PMG] FAILED with error NT_STATUS_WRONG_PASSWORD
[2011/09/21 19:12:03.390671, 3] auth/auth.c:216(check_ntlm_password)
check_ntlm_password: Checking password for unmapped user ]]@] with the new password interface
[2011/09/21 19:12:03.390723, 3] auth/auth.c:219(check_ntlm_password)
check_ntlm_password: mapped user is: ]]@]
[2011/09/21 19:12:03.391092, 3] auth/auth.c:265(check_ntlm_password)
check_ntlm_password: guest authentication for user ] succeeded
[2011/09/21 19:12:03.434613, 3] auth/auth.c:216(check_ntlm_password)
check_ntlm_password: Checking password for unmapped user [WORKGROUP][PMG]@[LINUX-IDXO] with the new password interface
[2011/09/21 19:12:03.434642, 3] auth/auth.c:219(check_ntlm_password)
check_ntlm_password: mapped user is: [LINUX-IDXO][PMG]@[LINUX-IDXO]
[2011/09/21 19:12:03.435042, 2] auth/auth.c:314(check_ntlm_password)
check_ntlm_password: Authentication for user [PMG] -> [PMG] FAILED with error NT_STATUS_WRONG_PASSWORD
[2011/09/21 19:12:03.435154, 3] auth/auth.c:216(check_ntlm_password)
check_ntlm_password: Checking password for unmapped user ]]@] with the new password interface
[2011/09/21 19:12:03.435167, 3] auth/auth.c:219(check_ntlm_password)
check_ntlm_password: mapped user is: ]]@]
[2011/09/21 19:12:03.435256, 3] auth/auth.c:265(check_ntlm_password)
check_ntlm_password: guest authentication for user ] succeeded
[2011/09/21 19:12:05.294501, 3] auth/auth.c:216(check_ntlm_password)
check_ntlm_password: Checking password for unmapped user [WORKGROUP][anonymous]@[LINUX-IDXO] with the new password interface
[2011/09/21 19:12:05.294528, 3] auth/auth.c:219(check_ntlm_password)
check_ntlm_password: mapped user is: [LINUX-IDXO][anonymous]@[LINUX-IDXO]
[2011/09/21 19:12:05.294558, 3] auth/auth_sam.c:399(check_sam_security)
check_sam_security: Couldn’t find user ‘anonymous’ in passdb.
[2011/09/21 19:12:05.294568, 2] auth/auth.c:314(check_ntlm_password)
check_ntlm_password: Authentication for user [anonymous] -> [anonymous] FAILED with error NT_STATUS_NO_SUCH_USER
[2011/09/21 19:12:09.665051, 3] auth/auth.c:216(check_ntlm_password)
check_ntlm_password: Checking password for unmapped user [WORKGROUP][anonymous]@[LINUX-IDXO] with the new password interface
[2011/09/21 19:12:09.665079, 3] auth/auth.c:219(check_ntlm_password)
check_ntlm_password: mapped user is: [LINUX-IDXO][anonymous]@[LINUX-IDXO]
[2011/09/21 19:12:09.665110, 3] auth/auth_sam.c:399(check_sam_security)
check_sam_security: Couldn’t find user ‘anonymous’ in passdb.
[2011/09/21 19:12:09.665120, 2] auth/auth.c:314(check_ntlm_password)
check_ntlm_password: Authentication for user [anonymous] -> [anonymous] FAILED with error NT_STATUS_NO_SUCH_USER
[2011/09/21 19:12:12.225990, 3] auth/auth.c:216(check_ntlm_password)
check_ntlm_password: Checking password for unmapped user [WORKGROUP][anonymous]@[LINUX-IDXO] with the new password interface
[2011/09/21 19:12:12.226019, 3] auth/auth.c:219(check_ntlm_password)
check_ntlm_password: mapped user is: [LINUX-IDXO][anonymous]@[LINUX-IDXO]
[2011/09/21 19:12:12.226049, 3] auth/auth_sam.c:399(check_sam_security)
check_sam_security: Couldn’t find user ‘anonymous’ in passdb.
[2011/09/21 19:12:12.226058, 2] auth/auth.c:314(check_ntlm_password)
check_ntlm_password: Authentication for user [anonymous] -> [anonymous] FAILED with error NT_STATUS_NO_SUCH_USER
[2011/09/21 19:12:12.228429, 1] smbd/service.c:1070(make_connection_snum)
linux-idxo (::ffff:192.168.1.40) connect to service PMG initially as user PMG (uid=1000, gid=100) (pid 28754)
[2011/09/21 19:12:12.788633, 3] auth/auth.c:216(check_ntlm_password)
check_ntlm_password: Checking password for unmapped user [WORKGROUP][anonymous]@[LINUX-90YQ] with the new password interface
[2011/09/21 19:12:12.788750, 3] auth/auth.c:219(check_ntlm_password)
check_ntlm_password: mapped user is: [LINUX-IDXO][anonymous]@[LINUX-90YQ]
[2011/09/21 19:12:12.788864, 3] auth/auth_sam.c:399(check_sam_security)
check_sam_security: Couldn’t find user ‘anonymous’ in passdb.
[2011/09/21 19:12:12.788906, 2] auth/auth.c:314(check_ntlm_password)
check_ntlm_password: Authentication for user [anonymous] -> [anonymous] FAILED with error NT_STATUS_NO_SUCH_USER
[2011/09/21 19:12:12.799124, 1] smbd/service.c:1070(make_connection_snum)
linux-90yq (::ffff:192.168.1.15) connect to service PMG initially as user PMG (uid=1000, gid=100) (pid 28759)
[2011/09/21 19:12:22.275942, 3] auth/auth.c:216(check_ntlm_password)
check_ntlm_password: Checking password for unmapped user [WORKGROUP][anonymous]@[LINUX-90YQ] with the new password interface
[2011/09/21 19:12:22.275973, 3] auth/auth.c:219(check_ntlm_password)
check_ntlm_password: mapped user is: [LINUX-IDXO][anonymous]@[LINUX-90YQ]
[2011/09/21 19:12:22.276006, 3] auth/auth_sam.c:399(check_sam_security)
check_sam_security: Couldn’t find user ‘anonymous’ in passdb.
[2011/09/21 19:12:22.276015, 2] auth/auth.c:314(check_ntlm_password)
check_ntlm_password: Authentication for user [anonymous] -> [anonymous] FAILED with error NT_STATUS_NO_SUCH_USER
[2011/09/21 19:12:22.283324, 1] smbd/service.c:1070(make_connection_snum)
linux-90yq (::ffff:192.168.1.15) connect to service PMG initially as user PMG (uid=1000, gid=100) (pid 28761)

deleted the log, and accessed the share folder on the computer linux-90yp from the user “reception”. linux-90yp is on a local area network with linux-idxo.

linux-idxo:/var/log/samba # cat log.smbd
[2011/09/21 19:18:13.219712, 3] auth/auth.c:216(check_ntlm_password)
check_ntlm_password: Checking password for unmapped user [WORKGROUP][reception]@[LINUX-90YQ] with the new password interface
[2011/09/21 19:18:13.219821, 3] auth/auth.c:219(check_ntlm_password)
check_ntlm_password: mapped user is: [LINUX-IDXO][reception]@[LINUX-90YQ]
[2011/09/21 19:18:13.219934, 3] auth/auth_sam.c:399(check_sam_security)
check_sam_security: Couldn’t find user ‘reception’ in passdb.
[2011/09/21 19:18:13.219975, 2] auth/auth.c:314(check_ntlm_password)
check_ntlm_password: Authentication for user [reception] -> [reception] FAILED with error NT_STATUS_NO_SUCH_USER
[2011/09/21 19:18:13.245242, 3] auth/auth.c:216(check_ntlm_password)
check_ntlm_password: Checking password for unmapped user [WORKGROUP][reception]@[LINUX-90YQ] with the new password interface
[2011/09/21 19:18:13.245277, 3] auth/auth.c:219(check_ntlm_password)
check_ntlm_password: mapped user is: [LINUX-IDXO][reception]@[LINUX-90YQ]
[2011/09/21 19:18:13.245317, 3] auth/auth_sam.c:399(check_sam_security)
check_sam_security: Couldn’t find user ‘reception’ in passdb.
[2011/09/21 19:18:13.245332, 2] auth/auth.c:314(check_ntlm_password)
check_ntlm_password: Authentication for user [reception] -> [reception] FAILED with error NT_STATUS_NO_SUCH_USER
[2011/09/21 19:18:14.975006, 3] auth/auth.c:216(check_ntlm_password)
check_ntlm_password: Checking password for unmapped user [WORKGROUP][anonymous]@[LINUX-90YQ] with the new password interface
[2011/09/21 19:18:14.975097, 3] auth/auth.c:219(check_ntlm_password)
check_ntlm_password: mapped user is: [LINUX-IDXO][anonymous]@[LINUX-90YQ]
[2011/09/21 19:18:14.975250, 3] auth/auth_sam.c:399(check_sam_security)
check_sam_security: Couldn’t find user ‘anonymous’ in passdb.
[2011/09/21 19:18:14.975293, 2] auth/auth.c:314(check_ntlm_password)
check_ntlm_password: Authentication for user [anonymous] -> [anonymous] FAILED with error NT_STATUS_NO_SUCH_USER
[2011/09/21 19:18:18.931573, 3] auth/auth.c:216(check_ntlm_password)
check_ntlm_password: Checking password for unmapped user [WORKGROUP][anonymous]@[LINUX-90YQ] with the new password interface
[2011/09/21 19:18:18.931677, 3] auth/auth.c:219(check_ntlm_password)
check_ntlm_password: mapped user is: [LINUX-IDXO][anonymous]@[LINUX-90YQ]
[2011/09/21 19:18:18.931788, 3] auth/auth_sam.c:399(check_sam_security)
check_sam_security: Couldn’t find user ‘anonymous’ in passdb.
[2011/09/21 19:18:18.931828, 2] auth/auth.c:314(check_ntlm_password)
check_ntlm_password: Authentication for user [anonymous] -> [anonymous] FAILED with error NT_STATUS_NO_SUCH_USER
[2011/09/21 19:18:22.574887, 3] auth/auth.c:216(check_ntlm_password)
check_ntlm_password: Checking password for unmapped user [WORKGROUP][anonymous]@[LINUX-90YQ] with the new password interface
[2011/09/21 19:18:22.574919, 3] auth/auth.c:219(check_ntlm_password)
check_ntlm_password: mapped user is: [LINUX-IDXO][anonymous]@[LINUX-90YQ]
[2011/09/21 19:18:22.574949, 3] auth/auth_sam.c:399(check_sam_security)
check_sam_security: Couldn’t find user ‘anonymous’ in passdb.
[2011/09/21 19:18:22.574959, 2] auth/auth.c:314(check_ntlm_password)
check_ntlm_password: Authentication for user [anonymous] -> [anonymous] FAILED with error NT_STATUS_NO_SUCH_USER
[2011/09/21 19:18:22.583403, 1] smbd/service.c:1070(make_connection_snum)
linux-90yq (::ffff:192.168.1.15) connect to service PMG initially as user PMG (uid=1000, gid=100) (pid 28869)

deleted the log. Made a test appointment in the kontact calendar located on linux-90yp. The calendar is uploaded every 5 minutes and downloaded on changes to/from the samba share folder on linux-idxo.
The change causes an error window to pop up stating “Error while saving PMG”. Note however, the test appointment shows in kontact calendar on linux-idxo, which loads its calendar from the same share file, without using Samba.

linux-idxo:/var/log/samba # cat log.smbd
[2011/09/21 19:25:23.889502, 1] smbd/service.c:1251(close_cnum)
linux-90yq (::ffff:192.168.1.15) closed connection to service PMG
[2011/09/21 19:27:22.310829, 3] auth/auth.c:216(check_ntlm_password)
check_ntlm_password: Checking password for unmapped user [WORKGROUP][anonymous]@[LINUX-90YQ] with the new password interface
[2011/09/21 19:27:22.310930, 3] auth/auth.c:219(check_ntlm_password)
check_ntlm_password: mapped user is: [LINUX-IDXO][anonymous]@[LINUX-90YQ]
[2011/09/21 19:27:22.311061, 3] auth/auth_sam.c:399(check_sam_security)
check_sam_security: Couldn’t find user ‘anonymous’ in passdb.
[2011/09/21 19:27:22.311105, 2] auth/auth.c:314(check_ntlm_password)
check_ntlm_password: Authentication for user [anonymous] -> [anonymous] FAILED with error NT_STATUS_NO_SUCH_USER
[2011/09/21 19:27:22.333236, 1] smbd/service.c:1070(make_connection_snum)
linux-90yq (::ffff:192.168.1.15) connect to service PMG initially as user PMG (uid=1000, gid=100) (pid 28999)

This is really close. If I could just eliminate the error window it would be perfect.

20

On 9/21/2011 9:46 PM, Parthenolide wrote:
>
> I guess I wasn’t clear. I was wondering how to add a user with smbpasswd
> located on a remote computer, and not a user located on the server
> computer.
>
> Anyway, here is the latest. I added the force user = PMG in the
> [global] section.
>
>
> linux-idxo:/var/log/samba # cat /etc/samba/smb.conf
> # smb.conf is the main Samba configuration file. You find a full
> commented
> # version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if
> the
> # samba-doc package is installed.
> # Date: 2011-03-01
> [global]
> workgroup = WORKGROUP
> passdb backend = tdbsam
> netbios name = linux-idxo
> name resolve order = bcast host lmhosts wins
> printing = cups
> printcap name = cups
> printcap cache time = 750
> cups options = raw
> map to guest = Bad User
> include = /etc/samba/dhcp.conf
> logon path = \%L\profiles.msprofile
> logon home = \%L%U.9xprofile
> logon drive = P:
> usershare allow guests = Yes
> add machine script = /usr/sbin/useradd -c Machine -d
> /var/lib/nobody -s /bin/false %m$
> domain logons = No
> domain master = No
> security = user
> wins support = No
> log level = 1 auth:3
> ldap suffix =
> wins server =

> force user = PMG
This parameter belongs in the share [PMG] not in the [Global] Section.
If left in the [Global] section then any access to the server will occur
as user PMG and other shares are not likely to act as expected.

<snip>
>
> [PMG]
> comment = Physical Medicine Group Records
> inherit acls = Yes
> path = /home/PMG/share
> read only = No
> guest ok = Yes
>
> ## Share disabled by YaST
> # [netlogon]
>
> **************************
>
> accessing the share folder from the computer linux-idxo, from the user
> PMG. Note linux-idxo hosts the samba server. Also note, I used smbpasswd
> to remove and add PMG thinking I had a password problem. I made sure the
> password was tbdsam.

The password you create with smbpasswd need not be “tbdsam” or even
“tdbsam”. The password can be anything you like.

>
> linux-idxo:/var/log/samba # cat log.smbd
<snip>
>
> ****************
>
> deleted the log, and accessed the share folder on the computer
> linux-90yp from the user “reception”. linux-90yp is on a local area
> network with linux-idxo.
>
> linux-idxo:/var/log/samba # cat log.smbd
> [2011/09/21 19:18:13.219712, 3] auth/auth.c:216(check_ntlm_password)
> check_ntlm_password: Checking password for unmapped user
> [WORKGROUP][reception]@[LINUX-90YQ] with the new password interface
> [2011/09/21 19:18:13.219821, 3] auth/auth.c:219(check_ntlm_password)
> check_ntlm_password: mapped user is:
> [LINUX-IDXO][reception]@[LINUX-90YQ]
> [2011/09/21 19:18:13.219934, 3]
> auth/auth_sam.c:399(check_sam_security)
> check_sam_security: Couldn’t find user ‘reception’ in passdb.
> [2011/09/21 19:18:13.219975, 2] auth/auth.c:314(check_ntlm_password)
<snip>
>
> ***********************
> deleted the log. Made a test appointment in the kontact calendar
> located on linux-90yp. The calendar is uploaded every 5 minutes and
> downloaded on changes to/from the samba share folder on linux-idxo.
> The change causes an error window to pop up stating “Error while saving
> PMG”. Note however, the test appointment shows in kontact calendar on
> linux-idxo, which loads its calendar from the same share file, without
> using Samba.
>
> linux-idxo:/var/log/samba # cat log.smbd
> [2011/09/21 19:25:23.889502, 1] smbd/service.c:1251(close_cnum)
> linux-90yq (::ffff:192.168.1.15) closed connection to service PMG
> [2011/09/21 19:27:22.310829, 3] auth/auth.c:216(check_ntlm_password)
> check_ntlm_password: Checking password for unmapped user
> [WORKGROUP][anonymous]@[LINUX-90YQ] with the new password interface
> [2011/09/21 19:27:22.310930, 3] auth/auth.c:219(check_ntlm_password)
> check_ntlm_password: mapped user is:
> [LINUX-IDXO][anonymous]@[LINUX-90YQ]
> [2011/09/21 19:27:22.311061, 3]
> auth/auth_sam.c:399(check_sam_security)
> check_sam_security: Couldn’t find user ‘anonymous’ in passdb.
> [2011/09/21 19:27:22.311105, 2] auth/auth.c:314(check_ntlm_password)
> check_ntlm_password: Authentication for user [anonymous] ->
> [anonymous] FAILED with error NT_STATUS_NO_SUCH_USER
> [2011/09/21 19:27:22.333236, 1]
> smbd/service.c:1070(make_connection_snum)
> linux-90yq (::ffff:192.168.1.15) connect to service PMG initially as
> user PMG (uid=1000, gid=100) (pid 28999)
>
> *********************
>
> This is really close. If I could just eliminate the error window it
> would be perfect.
>

parthenolide;

You could just create the user “reception” on the server with the same
password. When user reception connects to the share [PMG] from the
client, reception will be mapped to user PMG and can access the service
(you have force user = PMG). Alternatively, you could create the user
PMG on the client.

You can also just tell the client to use a particular username/password
combination to access the server. Finally, there is always the “username
map” parameter that can map client names to server names. See man
smb.conf for details.

http://samba.org/samba/docs/man/manpages-3/smb.conf.5.html

I will be unavailable for a few days, so hopefully someone else will
jump in here.


P.V.
“We’re all in this together, I’m pulling for you” Red Green