Hi, I have been having problems with setting up a new samba server. I upgraded my old file server to a new bigger hard drive and started with a fresh install of openSuse 11.4 then transferred my files over to the server.
As root I recursively chown-ed the folder the files were in to belong to root:root and then I recursively chmod-ed the folder to allow full access to root, be read by all, and sticky (I did via gui for this) and then changed one folder to allow full read/write to all but retaining the sticky
In case that is too wordy, my Folder stuct looks like this:
/Srv – read/write for root; read for all
…/video – read/write for root; read for all
…/books – read/write for root; read for all
…/audio – read/write for root; read for all
…/ftp – read/write for all
Now I want to be able to allow anyone to dump files into the the ftp folder (but not delete) and read the others since I’m anal about the organization of the other folders. So I went to samba, shared the folders with guest login allowed, and some other basic permissions. To save time explaining I’m going to post my samba config below and you can read the permissions I set. My problem is that when I go to my other computers (tested with win7 and a boxee box) I get a permissions denied message from windows and boxee gets the equivalent in that it will go into the folder but not see any files or subfolders. I have not tried to go into the default folders that samba sets up because I plan to disable them once I get this working and I know I’m communicating with the server.
After failing to fix via the gui I tried viewing the samba config but couldn’t find anything that was out of line with the tutorials I found. so I’d appreciate any help and i’m of course willing to provide any information you need to help me.
Quite apart from any other issues, in 11.4 there is a Samba AppArmor bug. To bypass that do this: go to Yast → apparmor and enter the Control Panel → configure profiles area. Highlight usr.sbin.smbd and use the ToggleMode button to flip it to “complain” Similarly flip usr.sbin.nmbd to “complain”. Click Done to exit. Then reboot to reinit Samba.
Okay… So I did that and It made the problem worse. Now my computers don’t see the samba shares at all. I can ping and ssh into the server, but other computers don’t see any of the shares at all; I can’t even got the to point where I was denied access. I tried both by name and direct IP address that i confirmed on the server with an ifconfig.
In an attempt to fix it I disabled apparmor completely and reset the server after no changes I thought it might be a firewall issue and so disabled that as well (it was set to internal zone anyway). I still can not see my system’s shares
I suggest that you make a backup copy of the existing smb.conf and then start again with a simple smb.conf as below and get that working and then build it up to encompass all the shares you displayed in your first post. I suggest that you start with switching AppArmor and the firewall back on. You would make the changes I suggested to AppArmor (or else Samba will exhibit puzzling behaviour). You would put the ethernet card of the server into the firewall’s “external zone” and enable these three “Allowed Services” in the Yast’s firewall GUI: Netbios Server, Samba Client, Samba Server. Check also in Yast’s runlevel GUI that smb and nmb daemons are switched on [Yast –>system –> services (runlevels)].
Here’s a simple smb.conf with one share (to begin with):
[global]
workgroup = BlakelyLan
name resolve order = bcast host lmhosts wins
local master = yes
preferred master = yes
os level = 64
passdb backend = tdbsam
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
usershare allow guests = Yes
netbios name = AtomAnt
security = user
passdb backend = tdbsam
[Books]
guest ok = Yes
path = /srv/books
I would switch from root user (for security purposes) and make ownership of the “books” directory to a normal Linux user, e.g. for illustration chose user billy (who must actually exist). The directory permissions on books would be user=billy, group=users, permissions=drwxr-xr-x (chown billy:user & chmod 755). For now, leave off the “sticky” adjustment on the permissions.
And then reboot twice all the computers on the LAN, one at a time (sequentially) and then wait 10 minutes and then see if other computers can browse into the workgroup AtomAnt and down into the share [Books] and can read a document you put there (place there a document belonging to billy and with permissions rwxr-xr-x).
That would allow to see if samba is working properly in simple browsing mode.
Thank you for the advice. I might actually know what was wrong, but I’m in the middle of the first power cycle and still intend to follow your suggestions exactly. What might have been the problem, which if it is the case is a fore-head slapping stupid thing that I should have thought of is that I had been remoting in over ssh using NX So when I told it to shutdown via the gui as opposed to using the command line, it really just logged me off and left the server on. This would mean that the services never restarted properly after the app-armor changes. Either way Ill post more once I’m done
Thank you again for the help and advice. After the reboots the shares worked just fine The best I have been able to do for the file dump share (after hours of reading man pages and other stuff) was to set the folder to allow full permissions, and force all files in under the user I created, then in samba I set “create mode = 555” under that share. It’s not perfect in that there are extra steps for me whn, but it works
The Samba Server sucks plain and simple. They need to use the version that Ubuntu uses which takes about 3 minutes to set up. Then again, these guys partner through Novell who works with Microsoft. No wonder there are problems
I use Samba and share files between both openSUSE & Windows hosts running Samba. You did not mention what openSUSE or Desktop version that you are using, what hosts or guest you have setup. However, Samba works great in openSUSE and it works great with Windows guests and hosts. Please provide more specifics so we can try to help.