Peculiar authentication problem with samba

Hello!

I am setting up a samba fileserver for a smaller network in a shool. It is actually the first time im doing this so the answer might be simple.

The problem: The fileserver doesn’t recognize the user accounts. You get access as guest and can share files in the folders that allow guests to do so, but as soon as guests are not allowed to touch anything it shuts the users that should be able to read and write out.

I do not believe this is a smb.conf problem. I’ve been trying to work this out for quite some time now, to no avail. In threads i’ve looked into they speak about setting the primary login to “Windows-login” instead of client for microsoft networks, but the hosts are Windows XP computers and i cant seem to find any such option on my network connection. Tried to uncheck the “Client for Microsoft networks” box but then i cant access the server at all.

I have added users to the server, added smbpasswd to these and added users withe the same name to the windows host.
I am aware that linux is case sensitive. I have tried adding the users to hosts files in both windows and linux and i have tried to have the passwords in linus both exactly the same and different.

Pasting the smb.conf just in case (as it might contain errors):


# Samba config file created using SWAT
# from 127.0.0.1 (127.0.0.1)
# Date: 2009/10/08 11:18:03

[global]
	workgroup = MIKAEL
	netbios name = server1
	map to guest = Bad User
	printcap name = cups
#	logon path = \\%L\profiles\.msprofile
#	logon drive = P:
#	logon home = \\%L\%U\.9xprofile
	usershare allow guests = Yes
	usershare path = /etc/samba/usershares
	printing = cups
	include = /etc/samba/dhcp.conf
	local master = Yes
	preferred master = Yes
	os level = 65
	security = user
	add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody -s /bin/false %m$
	domain logons = Yes
	domain master = Yes
	usershare max shares = 100
	en crypt passwords = true

[homes]
	comment = Home Directories
	valid users = %S, %D%w%S
	read only = No
	inherit acls = Yes
	browseable = No

[profiles]
	comment = Network Profiles Service
	path = %H
	read only = No
	create mask = 0600
	directory mask = 0700
	store dos attributes = Yes

[users]
	comment = All users
	path = /home
	read only = No
	inherit acls = Yes
	veto files = /aquota.user/groups/shares/

[groups]
	comment = All groups
	path = /home/groups
	read only = No
	inherit acls = Yes
	browseable = No

[printers]
	comment = All Printers
	path = /var/tmp
	create mask = 0600
	printable = Yes
	browseable = No

[print$]
	comment = Printer Drivers
	path = /var/lib/samba/drivers
	write list = @ntadmin, root
	force group = ntadmin
	create mask = 0664
	directory mask = 0775

[netlogon]
	comment = Network Logon Service
	path = /var/lib/samba/netlogon
	write list = root

[elev]
	comment = För elever
	path = /home/elev
	admin users = @larare
	read only = No
	create mask = 0765
	inherit acls = Yes

[kansli]
	path = /home/kansli
	read only = No
	inherit acls = Yes

[larare]
	path = /home/larare
	read only = No
	inherit acls = Yes

[tmp]
	comment = temporary file space
	path = /tmp
	read only = No
	guest ok = Yes

Thanks in advance!

skydesign wrote:
> Hello!
>
> I am setting up a samba fileserver for a smaller network in a shool. It
> is actually the first time im doing this so the answer might be simple.
>
>
> The problem: The fileserver doesn’t recognize the user accounts.

The samba server requires the users to have samba username and password.
These can be but do not have to be the same as their normal usernames
and passwords.

You add them for each user as follows, as root:
smbpasswd -a <username>

You will be prompted to re-enter the passwords.


Vahis

Thanks for the fast reply. However, I have typed in smbpasswd’s for every user.

Review this guide. Maybe you’ve missed something. :slight_smile:

The guide is now reviewed. Have made new user and usergroup in linux, new user in samba and windows. The username is larare1. Have made a new diskquota named larare of 2gb and have granted the “larare” group read and write permissions.

In windows i left the username without password, so when i try to access the server it asks for it. I enter the password and can view the files on the server. I can access, read and write in larare1’s personal folder.

I can also access the larare quota and view the files in there, but i can not create anything. Pasting the smb.conf again:

# Samba config file created using SWAT
# from 127.0.0.1 (127.0.0.1)
# Date: 2009/10/08 11:18:03

[global]
	workgroup = MIKAEL
	netbios name = server1
	map to guest = Bad User
	printcap name = cups
#	logon path = \\%L\profiles\.msprofile
#	logon drive = P:
#	logon home = \\%L\%U\.9xprofile
	usershare allow guests = Yes
	usershare path = /etc/samba/usershares
	printing = cups
	include = /etc/samba/dhcp.conf
	local master = Yes
	preferred master = Yes
	os level = 65
	security = user
	add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody -s /bin/false %m$
	domain logons = Yes
	domain master = Yes
	usershare max shares = 100
	encrypt passwords = true
	usershare owner only = False
	guest account = nobody

[homes]
	comment = Home Directories
	valid users = %S, %D%w%S
	read only = No
	inherit acls = Yes
	browseable = yes

[profiles]
	comment = Network Profiles Service
	path = %H
	read only = No
	create mask = 0600
	directory mask = 0700
	store dos attributes = Yes

[users]
	comment = All users
	path = /home
	read only = No
	inherit acls = Yes
	veto files = /aquota.user/groups/shares/

[groups]
	comment = All groups
	path = /home/groups
	read only = No
	inherit acls = Yes
	browseable = No

[printers]
	comment = All Printers
	path = /var/tmp
	create mask = 0600
	printable = Yes
	browseable = No

[print$]
	comment = Printer Drivers
	path = /var/lib/samba/drivers
	write list = @ntadmin, root
	force group = ntadmin
	create mask = 0664
	directory mask = 0775

[netlogon]
	comment = Network Logon Service
	path = /var/lib/samba/netlogon
	write list = root

[elev]
	comment = För elever
	path = /home/elev
	read only = No
	inherit acls = Yes
	browseable = yes
	
	

[kansli]
	path = /home/kansli
	read only = No
	inherit acls = Yes
	valid users = kanslist
	browseable = no

[larare]
	path = /home/larare
	read only = No
	inherit acls = Yes
	browseable = yes
	valid users = larare1
	writable = yes

[tmp]
	comment = temporary file space
	path = /tmp
	read only = No
	guest ok = Yes

I can also access the larare quota and view the files in there, but i can not create anything.

I don’t have experience here, so I don’t have a good handle on this. Have you checked permissions of the larare share for r/w access?

The funny thing is that even if the shared folder is set so that larare1 is owner, we cant write anything to that folder.

Something tells me that the server doesn’t recognize the user properly. As soon as we activate write permissions for “others” ie. guests, larare1 and all other accounts can write to the folder.

smbstatus shows that larare1 is logged in, is member of group larare and it shows the ip of the machine connected.

:^(

On Fri October 9 2009 05:16 am, skydesign wrote:

>
> The funny thing is that even if the shared folder is set so that larare1
> is owner, we cant write anything to that folder.
>
> Something tells me that the server doesn’t recognize the user
> properly. As soon as we activate write permissions for “others” ie.
> guests, larare1 and all other accounts can write to the folder.
>
> smbstatus shows that larare1 is logged in, is member of group larare
> and it shows the ip of the machine connected.
>
> :^(
>
>
skydesign;
While you are testing this add the following to /etc/samba/smb.conf.


log level = 1 auth:3

This will log authentication for the users. You can read this information in:
/var/log/samba/log.smbd

You might see right away the problem.

Remember that Samba must obey linux permissions, so what are the permissions
for /home/larare


ls -ld /home/larare


P. V.
“We’re all in this together, I’m pulling for you.” Red Green

ls -ld /home/larare shows that it has read and write rights so the problem should not be there.

When i check smbstatus i can see that larare1 is logged in and is a part of group larare. Though it seems that when i try to write to the folder/quota that the group larare and the user larare1 should have access to, it doesnt recognize larare1 as anything else than a guest to that folder.

Could this be some kind of login problem?

On Tue October 13 2009 08:06 am, skydesign wrote:

>
> ls -ld /home/larare shows that it has read and write rights so the
> problem should not be there.
>
> When i check smbstatus i can see that larare1 is logged in and is a
> part of group larare. Though it seems that when i try to write to the
> folder/quota that the group larare and the user larare1 should have
> access to, it doesnt recognize larare1 as anything else than a guest to
> that folder.
>
> Could this be some kind of login problem?
>
>
skydesign;

What do the logs show? Please post the authentication pieces. Can you post
the results of “ls -ld”? I assume “larare1” is a user and “larare” is a
group, so who owns /home/larare?

If in fact the logs show that larare1 is a guest then there is something wrong
with the authentication; either you have not added larare1 as a user
with “smbpasswd -a” or you are using the wrong username/password. Remember
that each Samba user must also be a valid Linux user.

P. V.
“We’re all in this together, I’m pulling for you.” Red Green

ls -ld /home/larare gives:
drwxrwx— 3 larare1 larare 4096 (date) /home/larare
Owner of /home/larare is set to larare1 as well.

Here’s the log, my apologies in advance for it being so long.


[2009/10/12 12:43:43, 3] auth/auth.c:check_ntlm_password(221)
  check_ntlm_password:  Checking password for unmapped user [NOVIA-8B8978296]\[larare1]@[NOVIA-8B8978296] with the new password interface
[2009/10/12 12:43:43, 3] auth/auth.c:check_ntlm_password(224)
  check_ntlm_password:  mapped user is: [MIKAEL]\[larare1]@[NOVIA-8B8978296]
[2009/10/12 12:43:43, 3] libsmb/ntlm_check.c:ntlm_password_check(344)
  ntlm_password_check: NT MD4 password check failed for user larare1
[2009/10/12 12:43:43, 3] auth/auth_winbind.c:check_winbind_security(80)
  check_winbind_security: Not using winbind, requested domain [MIKAEL] was for this SAM.
[2009/10/12 12:43:43, 2] auth/auth.c:check_ntlm_password(319)
  check_ntlm_password:  Authentication for user [larare1] -> [larare1] FAILED with error NT_STATUS_WRONG_PASSWORD
[2009/10/12 12:43:43, 3] auth/auth.c:check_ntlm_password(221)
  check_ntlm_password:  Checking password for unmapped user [NOVIA-8B8978296]\[larare1]@[NOVIA-8B8978296] with the new password interface
[2009/10/12 12:43:53, 3] auth/auth.c:check_ntlm_password(221)
  check_ntlm_password:  Checking password for unmapped user [NOVIA-8B8978296]\[larare1]@[NOVIA-8B8978296] with the new password interface
[2009/10/12 12:43:53, 3] auth/auth.c:check_ntlm_password(224)
  check_ntlm_password:  mapped user is: [MIKAEL]\[larare1]@[NOVIA-8B8978296]
[2009/10/12 12:43:53, 3] auth/auth.c:check_ntlm_password(270)
  check_ntlm_password: sam authentication for user [larare1] succeeded
[2009/10/12 12:43:53, 2] auth/auth.c:check_ntlm_password(309)
  check_ntlm_password:  authentication for user [larare1] -> [larare1] -> [larare1] succeeded
[2009/10/12 12:44:00, 3] auth/auth.c:check_ntlm_password(221)
  check_ntlm_password:  Checking password for unmapped user ]\]@[NOVIA-8B8978296] with the new password interface
[2009/10/12 12:44:00, 3] auth/auth.c:check_ntlm_password(224)
  check_ntlm_password:  mapped user is: [MIKAEL]\]@[NOVIA-8B8978296]
[2009/10/12 12:44:00, 3] auth/auth.c:check_ntlm_password(270)
  check_ntlm_password: guest authentication for user ] succeeded
[2009/10/12 12:44:00, 0] param/loadparm.c:process_usershare_file(4574)
  process_usershare_file: stat of /etc/samba/usershares/larare failed. Permission denied
[2009/10/12 12:44:00, 1] smbd/service.c:make_connection_snum(1033)
  novia-8b8978296 (X.X.X.X) connect to service larare initially as user larare1 (uid=1003, gid=1001) (pid 4512)
[2009/10/12 12:44:01, 0] param/loadparm.c:process_usershare_file(4574)
  process_usershare_file: stat of /etc/samba/usershares/larare failed. Permission denied
[2009/10/12 12:47:43, 3] auth/auth.c:check_ntlm_password(221)
  check_ntlm_password:  Checking password for unmapped user ]\]@[NOVIA-8B8978296] with the new password interface


One thing I noted, although I don’t know if it is of any relevance is that the PID changes to 4977 and 7104. Other than that it loops practically the same. The entire log of larare1 is approximately 27k words.

Edited out the IP with (X.X.X.X).

Any help whatsoever would be greatly appreciated. Thanks in advance.

-Sky

On Wed October 14 2009 06:46 am, skydesign wrote:

>
> PV;2050559 Wrote:
>> On Tue October 13 2009 08:06 am, skydesign wrote:
>>

>> skydesign;
<snip>
>
> ls -ld /home/larare gives:
> drwxrwx— 3 larare1 larare 4096 (date) /home/larare
> Owner of /home/larare is set to larare1 as well.
>
> Here’s the log, my apologies in advance for it being so long.
>
<snip>
>
>
> One thing I noted, although I don’t know if it is of any relevance is
> that the PID changes to 4977 and 7104. Other than that it loops
> practically the same. The entire log of larare1 is approximately 27k
> words.
>
> Edited out the IP with (X.X.X.X).

> Any help whatsoever would be greatly appreciated. Thanks in advance.
>
> -Sky
>
Sky;

I agree that user larare1 is authenticating correctly on the server. However,
if you consider this:

It may be that for some reason the classical share [larare] is being hidden by
the user share [larare]. Try testing by commenting out:
usershare path = /etc/samba/usershares (this path will default
to:/var/lib/samba/usershares)or renaming one of the larare(s)shares. Check
the logs afterward.

If this does not work try adding larare1 to the write list.


  [larare]
        path = /home/larare
        read only = No
        inherit acls = Yes
        browseable = yes
        valid users = larare1
        write list = larare1

I doubt this is going to help, but it is at least worth a try.
Note: You do not need both the parameters “read only” and “writable” in a
share since they are just inverses of one another.

As a final check run testparm to make sure your parameters are actually what
you expect.


testparm -sv

Be sure to restart smbd after editing the /etc/samba/smb.conf.

P. V.
“We’re all in this together, I’m pulling for you.” Red Green

I tried what you said to no avail. Also tried copying the larare usershare document to the new location var/lib/samba/usershares.

The loop still looks about the same:


2009/10/15 10:00:09, 3] auth/auth.c:check_ntlm_password(221)
  check_ntlm_password:  Checking password for unmapped user [NOVIA-8B8978296]\[larare1]@[NOVIA-8B8978296] with the new password interface
[2009/10/15 10:00:09, 3] auth/auth.c:check_ntlm_password(224)
  check_ntlm_password:  mapped user is: [MIKAEL]\[larare1]@[NOVIA-8B8978296]
[2009/10/15 10:00:09, 3] libsmb/ntlm_check.c:ntlm_password_check(344)
 ** ntlm_password_check: NT MD4 password check failed for user larare1**
[2009/10/15 10:00:09, 3] auth/auth_winbind.c:check_winbind_security(80)
  check_winbind_security: Not using winbind, requested domain [MIKAEL] was for this SAM.
[2009/10/15 10:00:09, 2] auth/auth.c:check_ntlm_password(319)
  check_ntlm_password:  Authentication for user [larare1] -> [larare1] FAILED with error NT_STATUS_WRONG_PASSWORD
[2009/10/15 10:00:09, 3] auth/auth.c:check_ntlm_password(221)
  check_ntlm_password:  Checking password for unmapped user [NOVIA-8B8978296]\[larare1]@[NOVIA-8B8978296] with the new password interface
[2009/10/15 10:00:09, 3] auth/auth.c:check_ntlm_password(224)
  check_ntlm_password:  mapped user is: [MIKAEL]\[larare1]@[NOVIA-8B8978296]
[2009/10/15 10:00:09, 3] **libsmb/ntlm_check.c:ntlm_password_check(344)
  ntlm_password_check: NT MD4 password check failed for user larare1**
[2009/10/15 10:00:09, 3] auth/auth_winbind.c:check_winbind_security(80)
  check_winbind_security: Not using winbind, requested domain [MIKAEL] was for this SAM.
[2009/10/15 10:00:09, 2] auth/auth.c:check_ntlm_password(319)
  check_ntlm_password:  Authentication for user [larare1] -> [larare1] FAILED with error NT_STATUS_WRONG_PASSWORD
[2009/10/15 10:00:11, 3] auth/auth.c:check_ntlm_password(221)
  check_ntlm_password:  Checking password for unmapped user [NOVIA-8B8978296]\[larare1]@[NOVIA-8B8978296] with the new password interface
[2009/10/15 10:00:11, 3] auth/auth.c:check_ntlm_password(224)
  check_ntlm_password:  mapped user is: [MIKAEL]\[larare1]@[NOVIA-8B8978296]
[2009/10/15 10:00:11, 3] **libsmb/ntlm_check.c:ntlm_password_check(344)
  ntlm_password_check: NT MD4 password check failed for user larare1**
[2009/10/15 10:00:11, 3] **auth/auth_winbind.c:check_winbind_security(80)
  check_winbind_security: Not using winbind, requested domain [MIKAEL] was for this SAM.
[2009/10/15 10:00:11, 2] auth/auth.c:check_ntlm_password(319)
  check_ntlm_password:  Authentication for user [larare1] -> [larare1] FAILED with error NT_STATUS_WRONG_PASSWORD**
[2009/10/15 10:00:11, 3] auth/auth.c:check_ntlm_password(221)
  check_ntlm_password:  Checking password for unmapped user [NOVIA-8B8978296]\[larare1]@[NOVIA-8B8978296] with the new password interface
[2009/10/15 10:00:11, 3] auth/auth.c:check_ntlm_password(224)
  check_ntlm_password:  mapped user is: [MIKAEL]\[larare1]@[NOVIA-8B8978296]
[2009/10/15 10:00:11, 3] **libsmb/ntlm_check.c:ntlm_password_check(344)
  ntlm_password_check: NT MD4 password check failed for user larare1**
[2009/10/15 10:00:11, 3] auth/auth_winbind.c:check_winbind_security(80)
  check_winbind_security: Not using winbind, requested domain [MIKAEL] was for this SAM.
[2009/10/15 10:00:11, 2] auth/auth.c:check_ntlm_password(319)
  **check_ntlm_password:  Authentication for user [larare1] -> [larare1] FAILED with error NT_STATUS_WRONG_PASSWORD**
[2009/10/15 10:00:17, 3] auth/auth.c:check_ntlm_password(221)
  check_ntlm_password:  Checking password for unmapped user [NOVIA-8B8978296]\[larare1]@[NOVIA-8B8978296] with the new password interface
[2009/10/15 10:00:17, 3] auth/auth.c:check_ntlm_password(224)
  check_ntlm_password:  mapped user is: [MIKAEL]\[larare1]@[NOVIA-8B8978296]
[2009/10/15 10:00:17, 3] auth/auth.c:check_ntlm_password(270)
  check_ntlm_password: sam authentication for user [larare1] succeeded
[2009/10/15 10:00:17, 2] auth/auth.c:check_ntlm_password(309)
  check_ntlm_password:  authentication for user [larare1] -> [larare1] -> [larare1] succeeded
**[2009/10/15 10:00:17, 0] param/loadparm.c:load_usershare_shares(4842)
  load_usershare_shares: directory /var/lib/samba/usershares is not owned by root or does not have the sticky bit 't' set or is writable by anyone.

**

I went through it line by line for one login session and noticed some things that puzzled me. They are marked with bold in the code. The loop tells me continually that the password check failed, but in the end (marked in turqoise) it said it succeeded. The very last lines of the log is though the most puzzling. Root is set as owner of /var/lib/samba/usershares. I tried with puttin users group with read and write permissions, and i tried setting others to access only, but it didnt help. Any ideas?

On Thu October 15 2009 02:26 am, skydesign wrote:

>
> I tried what you said to no avail. Also tried copying the larare
> usershare document to the new location var/lib/samba/usershares.
>
> The loop still looks about the same:
>
>
> Code:
> --------------------
>
> 2009/10/15 10:00:09, 3] auth/auth.c:check_ntlm_password(221)
> check_ntlm_password: Checking password for unmapped user
[NOVIA-8B8978296][larare1]@[NOVIA-8B8978296] with the new password interface
> [2009/10/15 10:00:09, 3] auth/auth.c:check_ntlm_password(224)
> check_ntlm_password: mapped user is: [MIKAEL][larare1]@[NOVIA-8B8978296]
> [2009/10/15 10:00:09, 3] libsmb/ntlm_check.c:ntlm_password_check(344)
> * ntlm_password_check: NT MD4 password check failed for user larare1*
> [2009/10/15 10:00:09, 3] auth/auth_winbind.c:check_winbind_security(80)
> check_winbind_security: Not using winbind, requested domain [MIKAEL] was
for this SAM.
> [2009/10/15 10:00:09, 2] auth/auth.c:check_ntlm_password(319)
> check_ntlm_password: Authentication for user [larare1] → [larare1]
FAILED with error NT_STATUS_WRONG_PASSWORD
<snip>
> check_ntlm_password: mapped user is: [MIKAEL][larare1]@[NOVIA-8B8978296]
> [2009/10/15 10:00:17, 3] auth/auth.c:check_ntlm_password(270)
> check_ntlm_password: sam authentication for user [larare1] succeeded
> [2009/10/15 10:00:17, 2] auth/auth.c:check_ntlm_password(309)
> check_ntlm_password: authentication for user [larare1] → [larare1] →
[larare1] succeeded
> [2009/10/15 10:00:17, 0] param/loadparm.c:load_usershare_shares(4842)
> load_usershare_shares: directory /var/lib/samba/usershares is not owned by
root or does not have the sticky bit ‘t’ set or is writable by anyone.
>
> --------------------
>
>
> I went through it line by line for one login session and noticed some
> things that puzzled me. They are marked with bold in the code. The loop
> tells me continually that the password check failed, but in the end
> (marked in turqoise) it said it succeeded. The very last lines of the
> log is though the most puzzling. Root is set as owner of
> /var/lib/samba/usershares. I tried with puttin users group with read and
> write permissions, and i tried setting others to access only, but it
> didnt help. Any ideas?
>
Sky;

In an earlier post:

By default Windows will send the users login password to the server first.
Since this is blank, I think it initially sends a blank password which
accounts for the first failures. When you then are finally prompted for the
password, the correct password is sent and you authenticate properly. (As an
aside, it is possible to tell windows which username/password to send to the
server. On XP look in control panel → user accounts --><username> →
related tasks → Manage your stored passwords.)

At this time I am working under the assumption that you have two shares
called “larare” and are connecting to the user defined share rather than the
classic share. Windows may have cached some of the information, so even if
you have changed the location on the server, the client may be trying to
connect to the user defined share and not the classic share. To test this
could you rename your classic share, this is the one in /home/larare, to
[lararenew] (or something). See if you can then connect correctly to
[lararenew].

Since our users do not have direct access to the server, there are no user
shares with which I may test my assumption.

If lararenew works, then we can try to deal with the user share issue.

PS: I apologize for the poor formatting of my last post. I needed to change
the charset at the last moment and made a bad choice.


P. V.
“We’re all in this together, I’m pulling for you.” Red Green

To begin with, thank you for all your help this far!

For some reason i couldnt rename the folder larare in home. It says “The item could not be renamed”. I tried to make several shared folders with the smb.conf configuration:


[elev]
path = /home/elev
read only = no
inherit acls = Yes
browseable = Yes
valid users = larare1
write list = larare1

The same problem persists for all these folders. These folders are not connected to a quota of any kind, just ordinary shared folders.

About me having 2 shares named larare, well i thought i just had one. The share is a folder located in home/larare and i made a quota for this location with help of a tutorial. So this folder displays as 1,8gb and the other folders are the size of the total free available space. The disk-img file is located in usr/disk-img/disk-quota.ext3. I tried making the permissions for this quota-file so that larare usergroup can read and write, but it didnt change anything.

On Fri October 16 2009 04:36 am, skydesign wrote:

>
> To begin with, thank you for all your help this far!
>
> For some reason i couldnt rename the folder larare in home. It says
> “The item could not be renamed”. I tried to make several shared folders
> with the smb.conf configuration:
>
> Code:
> --------------------
>
> [elev]
> path = /home/elev
> read only = no
> inherit acls = Yes
> browseable = Yes
> valid users = larare1
> write list = larare1
>
> --------------------
>
> The same problem persists for all these folders. These folders are not
> connected to a quota of any kind, just ordinary shared folders.
>
> About me having 2 shares named larare, well i thought i just had one.
> The share is a folder located in home/larare and i made a quota for this
> location with help of a tutorial. So this folder displays as 1,8gb and
> the other folders are the size of the total free available space. The
> disk-img file is located in usr/disk-img/disk-quota.ext3. I tried making
> the permissions for this quota-file so that larare usergroup can read
> and write, but it didnt change anything.
>
>
Sky;

  1. I was suggesting that you only change the name of the share
    in /etc/samba/smb.conf not the folder /home/larare itself. How do you edit
    your smb.conf? If you are using YaST try just directly editing in a text
    editor. If you are using a GUI on the server use:

gnomesu gedit /etc/samba/smb.conf
or
kdesu kwrite /etc/samba/smb.conf

If the server runs without a GUI then use:


su
vi /etc/samba/smb.conf

Of course you can use the editor of your own preference.

  1. Can you try a share that does not involve a folder in /home.
    Create a folder in the root file system:

su
mkdir /test
chown larare1:users /test
chmod 760 /test

Now create a share in /etc/samba/smb.conf:


[testshare]
path = /test
read only = no
valid users = larare1

  1. If you can read and write to this share, then change one thing at a time to
    get the share located where you want with the name/group you want.
    When(if)it breaks you will know where the problem resides.

  2. If this share does not work then post the results of:


testparm -s
pdbedit -Lv larare1

Also, change the log level of /etc/samba/smb.conf to just:
log level =2
and post the snippet of the log as you access the share and when you fail to
write.


P. V.
“We’re all in this together, I’m pulling for you.” Red Green

Hey again! Still experiencing the same problem when creating folders outside /home. Posting the results you asked for:

server1:~ # testparm -s
Load smb config files from /etc/samba/smb.conf
Unknown parameter encountered: "home"
Ignoring unknown parameter "home"
Processing section "[homes]"
Processing section "[profiles]"
Processing section "[users]"
Processing section "[groups]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[netlogon]"
Processing section "[elev]"
Processing section "[kansli]"
Processing section "[larare]"
Processing section "[sharetest]"
Processing section "[tmp]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
[global]
        workgroup = MIKAEL
        interfaces = 192.168.0.174, 127.0.0.1
        map to guest = Bad User
        log level = 1 auth:3
        printcap name = cups
        add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody -s /bin/false %m$
        domain logons = Yes
        os level = 65
        preferred master = Yes
        domain master = Yes
        usershare allow guests = Yes
        usershare max shares = 100
        usershare owner only = No
        printing = cups
        print command = 
        lpq command = %p
        lprm command = 
        include = /etc/samba/dhcp.conf

[homes]
        comment = Home Directories
        valid users = %S, %D%w%S
        read only = No
        inherit acls = Yes

[profiles]
        comment = Network Profiles Service
        path = %H
        read only = No
        create mask = 0600
        directory mask = 0700
        store dos attributes = Yes

[users]
        comment = All users
        path = /home
        read only = No
        inherit acls = Yes
        veto files = /aquota.user/groups/shares/

[groups]
        comment = All groups
        path = /home/groups
        read only = No
        inherit acls = Yes
        browseable = No

[printers]
        comment = All Printers
        path = /var/tmp
        create mask = 0600
        printable = Yes
        browseable = No

[print$]
        comment = Printer Drivers
        path = /var/lib/samba/drivers
        write list = @ntadmin, root
        force group = ntadmin
        create mask = 0664
        directory mask = 0775

[netlogon]
        comment = Network Logon Service
        path = /var/lib/samba/netlogon
        write list = root

[elev]
        comment = För elever
        path = /home/elev
        valid users = larare1
        write list = larare1
        read only = No
        inherit acls = Yes

[kansli]
        path = /home/kansli
        valid users = kanslist, larare1
        write list = kanslist, larare1
        read only = No
        inherit acls = Yes

[larare]
        path = /home/larare
        valid users = larare1
        write list = larare1
        read only = No
        inherit acls = Yes
        guest ok = Yes

[sharetest]
        path = /sharetest
        valid users = larare1
        write list = larare1
        read only = No
        inherit acls = Yes
        guest ok = Yes

[tmp]
        comment = temporary file space
        path = /tmp
        read only = No
        guest ok = Yes


server1:~ # pdbedit -Lv larare1
Unknown parameter encountered: "home"
Ignoring unknown parameter "home"
Unix username:        larare1
NT username:          
Account Flags:        
User SID:             S-1-5-21-814356745-1467601843-671681644-3006
Primary Group SID:    S-1-5-21-814356745-1467601843-671681644-513
Full Name:            asd
Home Directory:       \\server1\larare1
HomeDir Drive:        
Logon Script:         
Profile Path:         \\server1\larare1\profile
Domain:               MIKAEL
Account desc:         
Workstations:         
Munged dial:          
Logon time:           0
Logoff time:          never
Kickoff time:         never
Password last set:    Thu, 15 Oct 2009 09:55:17 EEST
Password can change:  Thu, 15 Oct 2009 09:55:17 EEST
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF


[2009/10/19 12:44:46, 2] smbd/sesssetup.c:setup_new_vc_session(1200)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2009/10/19 12:44:46, 2] smbd/sesssetup.c:setup_new_vc_session(1200)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources.
[2009/10/19 12:44:46, 2] auth/auth.c:check_ntlm_password(309)
  check_ntlm_password:  authentication for user [larare1] -> [larare1] -> [larare1] succeeded
[2009/10/19 12:44:47, 2] param/loadparm.c:parse_usershare_file(4494)
  parse_usershare_file: share data path /home/data is not a directory.
[2009/10/19 12:44:47, 2] param/loadparm.c:parse_usershare_file(4494)
  parse_usershare_file: share everyone path /home/data/everyone is not a directory.
[2009/10/19 12:44:47, 2] param/loadparm.c:parse_usershare_file(4494)
  parse_usershare_file: share sharetest path /root/sharetest is not a directory.
[2009/10/19 12:44:51, 1] smbd/service.c:make_connection_snum(1033)
  novia-8b8978296 (192.168.0.173) connect to service larare initially as user larare1 (uid=1003, gid=1001) (pid 5000)
[2009/10/19 12:44:54, 2] smbd/open.c:open_directory(2076)
  open_directory: unable to create New Folder. Error was NT_STATUS_ACCESS_DENIED
[2009/10/19 12:44:54, 2] smbd/open.c:open_directory(2076)
  open_directory: unable to create .. Error was NT_STATUS_ACCESS_DENIED
[2009/10/19 12:44:54, 2] smbd/open.c:open_directory(2076)
  open_directory: unable to create New Folder. Error was NT_STATUS_ACCESS_DENIED
[2009/10/19 12:44:54, 2] smbd/open.c:open_directory(2076)
  open_directory: unable to create New Folder (2). Error was NT_STATUS_ACCESS_DENIED
[2009/10/19 12:44:54, 2] smbd/open.c:open_directory(2076)
  open_directory: unable to create .. Error was NT_STATUS_ACCESS_DENIED
[2009/10/19 12:44:54, 2] smbd/open.c:open_directory(2076)
  open_directory: unable to create New Folder (2). Error was NT_STATUS_ACCESS_DENIED

I do not know if i understand this right, but for some reason it seems like larare1 has never logged in.

I also get the "Unknown parameter encountered: “home”
Ignoring unknown parameter “home” " ansver on the commands you suggested, is this a problem?

On Mon October 19 2009 06:46 am, skydesign wrote:

>
> Hey again! Still experiencing the same problem when creating folders
> outside /home. Posting the results you asked for:
>
>
> Code:
> --------------------
> server1:~ # testparm -s
> Load smb config files from /etc/samba/smb.conf
> Unknown parameter encountered: “home”
> Ignoring unknown parameter “home”
<snip>
>
> --------------------
>
>
>
> Code:
> --------------------
>
> server1:~ # pdbedit -Lv larare1
> Unknown parameter encountered: “home”
<snip>
>
>
> Code:
> --------------------
<snip>
> [2009/10/19 12:44:51, 1] smbd/service.c:make_connection_snum(1033)
> novia-8b8978296 (192.168.0.173) connect to service larare initially as
user larare1 (uid=1003, gid=1001) (pid 5000)
> [2009/10/19 12:44:54, 2] smbd/open.c:open_directory(2076)
> open_directory: unable to create New Folder. Error was
NT_STATUS_ACCESS_DENIED
<snip>
>
> --------------------
>
>
> I do not know if i understand this right, but for some reason it seems
> like larare1 has never logged in.
>
> I also get the "Unknown parameter encountered: “home”
> Ignoring unknown parameter “home” " ansver on the commands you
> suggested, is this a problem?
>
Sky;

Just to double check, you can read the contents of the share just fine, but
can not create a new directory in the share. Is that correct? Can you create
an ordinary file in the share?

  1. Can you add back the testshare I gave you in the previous post, exactly as
    shown with the same permissions. Then give the log snippet when it fails.

  2. Remove the parameter “valid user = larare1” does it work now?
    If it fails now, do the logs look much the same? If different please post that
    snippet also.

  3. If removing the valid user parameter did not help, try adding the the
    following parameter to [testshare]:


force user = larare1

If it works now add back the “valid user” parameter but do not remove the
force user parameter. Does it still work?

  1. Can you connect directly to the share from the server? Log on to Server1
    as larare1. In a terminal window enter:

smbclient //server1/testshare
 you will be prompted for your samba password and the prompt should change
to "smb: \>") ]
ls
mkdir mytest
exit

ls should yield a listing of the files in [testshare]
mkdir should create a directory named mytest
exit will leave smbclient.
“man smbclient” will explain the various commands in smbclient
Does it work now?

  1. Have you checked that “apparmour” allows samba to write to the directories?
    Check your apparmour logs, and/or try disabling apparmour while you test.

  2. Do you have read/write access to the home directory for larare1. Your
    homes share should give that. My [homes] share looks identical to yours,
    except in mine “browseable = No”.

The results of pdbedit look good. Do not worry about the logon/logoff
values. They are not used for the smbpasswd or tdb backend. I’m not sure
why testparm and pdbedit are complaining about the invalid home parameter. I
did not spot it in any of your earlier posts of smbpasswd. You should double
check the contents anyway to see if there is some typo or spurious home in
the file. That should not effect this problem, but something else might not
work the way you want.

The reason I want you to use the testshare I gave you is try to minimize
any other possible conflicts. Also, since I assume the server is in
production, this will avoid any damage to your actual share [larare].

  1. What release of OpenSuse are using? What desktop, if any, are you using?
    What version of Samba is running?

smbd -V

  1. Do you know any magical incantations? Have you tried them? :wink:

    P. V.
    “We’re all in this together, I’m pulling for you.” Red Green

Wow! It works!!!

The problem was in home directory. Made completely new quotas for folders in root-directory and made new usergroups for access. Added the old users to the new usergroups, and voilá, it works!

I dont know why it didnt work for the sharetest folder but im trying to work that out!

I have learnt a great deal of how this works thanks to you and now i can read the logs and detect errors to some extent.

I cannot express my gratitude well enough, but i guess in return I will try to help other users myself if i my limited knowledge can be of any assistance in the future.

If you’re interested and have an messenger account, I’d be glad to add you!

Again, my deepest and sincerest thanks for all the help you’ve given me!

I’ll implement the full-scale network in some weeks, can i ask you for assistance if i got any problems in the future?

On Tue October 20 2009 07:36 am, skydesign wrote:

>
> Wow! It works!!!
>
> The problem was in home directory. Made completely new quotas for
> folders in root-directory and made new usergroups for access. Added the
> old users to the new usergroups, and voilá, it works!
>
> I dont know why it didnt work for the sharetest folder but im trying to
> work that out!
>
> I have learnt a great deal of how this works thanks to you and now i
> can read the logs and detect errors to some extent.
>
> I cannot express my gratitude well enough, but i guess in return I will
> try to help other users myself if i my limited knowledge can be of any
> assistance in the future.
>
> If you’re interested and have an messenger account, I’d be glad to add
> you!
>
> Again, my deepest and sincerest thanks for all the help you’ve given
> me!
>
> I’ll implement the full-scale network in some weeks, can i ask you for
> assistance if i got any problems in the future?
>
>
Sky;

Glad you have it all sorted out. I don’t think I had much to do with your
success, so Congratulations! I had become convinced that your problem did
not really come from Samba but some other security issue on the server.

Sorry I don’t have a messenger account, but feel free to post any problems and
I or someone else will do our best to help. There are many other people who
monitor this forum and are willing to help.

You should probably comment out the log parameter I gave you so that your logs
do not grow too fast. If you have problems in the future, you can always add
it back for debugging.

P. V.
“We’re all in this together, I’m pulling for you.” Red Green