Not able to connect OpenSuSe 12.1 from Windows machine

Hello,

2 days back I installed fresh copy of suse 12.1 on my i586 machine.
After installation machine was accesible from windows by specifying it’s IP >> \192.168.1.x
I played with samba server,kerberos authentication,windows member ship & SWAT. And since then I am no longer able to access the machine from Start > Run > \192.168.1.x
I get authentication error.

I tried removing windows membership,restarting machine,reenabling samba shares,tried creating folder and shared it as samba share but no luck.

Any hint from where I can re enable access?
Or how can I restore system to previous state?

Regards,
Amey.

Let’s have a look at how you’ve configured samba on the openSUSE server. Please post the contents of the controlling file (smb.conf). You can display that with this command:

  • cat /etc/samba/smb.conf

.
Also, lets have a look at some other possible issues, report these sessions back here please:

  • to check the 11.2 Samba bug run this command: rpm -qa | egrep “sysvinit-init|systemd-sysvinit”
  • to check the firewall run this command: cat /etc/sysconfig/SuSEfirewall2 | egrep “FW_CONFIGURATIONS_EXT=|FW_DEV_EXT=”
  • to check the samba daemons run this command: su -c “service nmb status; service smb status”

.
And final question: are you wanting a domain-type setup (like a large company) or a workgroup-type setup (like a small office or home)?

On 2012-04-07 23:56, sco1984 wrote:

> I tried removing windows membership,restarting machine,reenabling samba
> shares,tried creating folder and shared it as samba share but no luck.

Do you really need windows domain membership? That would be used on the
enterprise, but it is uncommon at home.

> Any hint from where I can re enable access?
> Or how can I restore system to previous state?

Better reinstall. Not trivial.

If you really want to do it, install another system and compare all files
around kerberos and pam, if I remember correctly (and I probably don’t).
That’s the way I did it…


Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)

And I suppose to be thorough: are you using KDE or Gnome
And to check for nautilus-type shares, what does this command return: ls -l /var/lib/samba/usershares

Hello Swerdna,

Here are the outputs :-

output of ** cat /etc/samba/smb.conf** :- [Bash] smb_cfg - Pastebin.com](http://pastebin.com/UyTEX5M2)

output of ** ls -l /var/lib/samba/usershares ** :-


punws-filesrv:~ # ls -l /var/lib/samba/usershares/
total 0
punws-filesrv:~ # 

I am using KDE.
I have turned off firewall while configuring SuSe 12.1

& regarding your question about domain type setup etc >>> My goal is to make available files/folders/Training videos in read only mode to everybody in my LAN. Just want to save on Windows licensing cost. :slight_smile:

OK this is what you want for the smb.conf file:

# Samba config file 
# Date: 2012/04/09 
 
[global]
workgroup = XXXXXX 
netbios name = yyyyyyyyyy
name resolve order = bcast host lmhosts wins
local master = yes
preferred master = yes
os level = 64
server string = 
printcap name = cups
cups options = raw
use client driver = yes
map to guest = Bad User
usershare allow guests = Yes
 
[Data]
path = /data1
guest ok = yes

I’m assuming that the location of the shared files is /data1
Change XXXXXX to match the workgroup name that you put in all the LAN’s computers.
Change yyyyyyyy to the name that you want to identify the Linux server in the network neighbourhood of the windows clients.
You can make the changes with a superuser text editor that you invoke with this console command:

kdesu kwrite /etc/samba/smb.conf

I am concerned that you might not have fixed the samba bug that I mentioned. You should post those data as I requested:

  • to check the 11.2 Samba bug run this command: rpm -qa | egrep “sysvinit-init|systemd-sysvinit”
  • to check the samba daemons run this command: su -c “service nmb status; service smb status”

Once you have made the changes and the bug fixed and the nmb and smb responding properly, you should reboot and then wait 5 minutes. The Linux server then should appear in the network.

Hello Swerdna,

Unfortunattly I was unable to login to forum few hours ago when I had access to that machine.
I added some lines to my smb.conf from above 1 sent by you.
I found some extra options too. in my smb.conf in Global config ]
And yes I am using OpenSuSe 12.1

Still same issue happening. If I access from Windows, I get authentication error/access denied error.

How if I replace whole smb.conf with new 1?
Can you send me some fresh smb.conf file?

Did you enable all the services related to samba (smb, nmb and winbind)? :question:
Did you enable the samba user: sudo smbpasswd -a user.
And, finally, you should set the option security = user … :wink:

Yes, I’ve been locked out too, maybe 24 hours.

How if I replace whole smb.conf with new 1?

That is a very good idea.
You can use a text editor like this for KDE: kdesu kwrite /etc/samba/smb.conf
or this for Gnome: gnomesu gedit /etc/samba/smb.conf

Here is a copy of the original default smb.conf for 12.1, keep a copy if you like:

smb.conf is the main Samba configuration file. You find a full commented

version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the

samba-doc package is installed.

Date: 2012-02-16

[global]
workgroup = WORKGROUP
passdb backend = tdbsam
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
include = /etc/samba/dhcp.conf
logon path = \%L\profiles.msprofile
logon home = \%L%U.9xprofile
logon drive = P:
usershare allow guests = Yes
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[profiles]
comment = Network Profiles Service
path = %H
read only = No
store dos attributes = Yes
create mask = 0600
directory mask = 0700
[users]
comment = All users
path = /home
read only = No
inherit acls = Yes
veto files = /aquota.user/groups/shares/
[groups]
comment = All groups
path = /home/groups
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin root
force group = ntadmin
create mask = 0664
directory mask = 0775

You should replace your smb.conf with this text, only this text, nothing more in smb.conf than this:

Samba config file

Date: 2012/04/09

[global]
workgroup = XXXXXX
netbios name = yyyyyyyyyy
name resolve order = bcast host lmhosts wins
local master = yes
preferred master = yes
os level = 64
server string =
printcap name = cups
cups options = raw
use client driver = yes
map to guest = Bad User
usershare allow guests = Yes

[Data]
path = /data1
guest ok = yes

Change XXXXX and YYYYY as I described earlier. That’s the configuration you need for sharing read-only docs from the folder /data1. You won’t need to use passwords or usernames. But if you have other things in smb.conf, you might be locked out (as you are currently experiencing).

I am concerned that you might not have fixed the samba bug that I mentioned. If you don’t fix this you will be locked out (as you are currently experiencing). You should post those data as I requested:
to check the 11.2 Samba bug run this command: rpm -qa | egrep “sysvinit-init|systemd-sysvinit”
to check the samba daemons run this command: su -c “service nmb status; service smb status”

@sco1984

If you have a guest-accessible share (with the smb.conf as I outlined) it is not necessary to “enable the samba user”.
You are not using a domain so you don’t need winbind
You do not need to set the property “security = user” because that is the default setting.

Hello Swerdna,

I replaced smb.conf with the 1 you sent above and it worked!! Thanks!! :cool:

Seems like other things which were there in default smb.config are not required at all in my case.

Now 1 more question :slight_smile: >> If in future I want to assign user based permissions, what modifications I’ll have to make?

Regards,
Amey.

Glad for you.

Re “user based permissions”: If you take out the line “guest ok = yes”, then users will need to supply usernames and passwords. You set the usernames and passwords by running the command smbpasswd, as root. Run “man smbpasswd” to see what it entails. Or check these paragraphs: Authentication and the Samba User Database

All sorts of access structures can be achieved, have a look here: Samba Server and Suse / openSUSE: HowTo Configure a Professional File Server on a SOHO LAN

In particular this bit for different sorts of shares: Part II: Defining and Using File Shares