Hello, I’m using suse version 10.3 w/ Samba 3.0.26a, trying to set it up as a file server on an all WinXP network. When browsing in My Net Places from an XP machine the server icon is visable, but when clicked on the same error for all workstations is: Not authorized to access from this station/permission denied.
I have listed some computers in the Hosts file(using Yast) by adding their IP & hostname, but no go. I added local users to the server using the Yast tool, I then used smbpasswd -a command from a terminal to create users in samba. Double-checked the folder I’m sharing from the server is enabled. Made sure the user/passwords matched what I created in Yast as well. Still same error, even when the firewall is raised/lowered.
Here is a copy of the smb.conf file:
Samba config file created using SWAT
from 127.0.0.1 (127.0.0.1)
Date: 2008/09/10 13:58:53
[global]
workgroup = UIGOLF
server string = Samba
encrypt passwords = No
map to guest = Bad User
algorithmic rid base = 100
smb ports = 139, 145
acl compatibility = winnt
server signing = auto
paranoid server security = No
printcap name = cups
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$
logon path = \%L\profiles.msprofile
logon drive = P:
logon home = \%L%U.9xprofile
os level = 2
preferred master = No
local master = No
domain master = No
dns proxy = No
ldap ssl = no
usershare max shares = 100
idmap uid = 100-20000
idmap gid = 100-20000
valid users = scott, user, melissa
admin users = root
read only = No
printing = cups
cups options = raw
print command =
lpq command = %p
lprm command =
case sensitive = Yes
strict locking = No
msdfs proxy = no
[printers]
comment = All Printers
path = /var/tmp
create mask = 0600
printable = Yes
browseable = No
If it’s an all winxp LAN the use a workgroup. The samba config is very complex. Why not simplify it and get it working and then build in restrictions like “valid users” etc and see where it stops working with the restrictions added one by one.
For example start with this:
Samba config file created using SWAT
from 127.0.0.1 (127.0.0.1)
Date: 2008/09/10 13:58:53
[global]
workgroup = UIGOLF
netbios name = put_network_name__of_machine_here
server string = Samba
name resolve order = bcast host lmhosts wins
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
use client driver = yes
map to guest = Bad User
local master = yes
preferred master = yes
os level = 65
usershare allow guests = Yes
usershare max shares = 100
usershare owner only = False
[printers]
comment = All Printers
path = /var/tmp
create mask = 0600
printable = Yes
browseable = No
[archive]
path = /home/archive/
guest ok = Yes
Make a backup copy of the old file smb.conf first. I bet the directory “archive” is owned by root – make it and all the files inside it to be owned by a normal user “shirley” (or whoever).
Other things:
Note that you have made a share that is read only. If you want it read write then change this:
[archive]
path = /home/archive/
guest ok = Yes
by making the folder/directory “archive” to be owned by Linux user “shirley” (or whatever), by making sure shirley is in the Samba user database, by making all the files in the share owned by shirley and by making the share like this:
[archive]
path = /home/archive/
force user = shirley
read only = no
guest ok = Yes
Ok, I changed the NetBios name to what was suggested, changed the Owner of the Archive to a regular user. Still same thing, I also tried changing the security access from User level to Share, same error even after rebooting the server and the XP workstationns. Here is a copy of the updated smb.conf file, thanks.
[global]
workgroup = UIGOLF
netbios name = linux.uigolf
server string = Samba
encrypt passwords = no
map to guest = Bad User
algorithmic rid base = 100
smb ports = 139, 145
acl compatibility = winnt
server signing = Auto
paranoid server security = no
printcap name = cups
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$
logon path = \%L\profiles.msprofile
logon drive = P:
logon home = \%L%U.9xprofile
os level = 2
preferred master = no
local master = no
domain master = no
dns proxy = no
ldap ssl = No
usershare max shares = 100
winbind uid = 100-20000
winbind gid = 100-20000
valid users = scott, user, melissa
admin users = root
read only = No
printing = cups
cups options = raw
lpq command = %p
case sensitive = Yes
strict locking = No
msdfs proxy = no
restrict anonymous = no
max protocol = NT
guest ok = yes
security = share
[printers]
comment = All Printers
path = /var/tmp
create mask = 0600
printable = Yes
browseable = No
[archive]
path = /home/archive/
force user = scott
valid users = root,scott,user,melissa
hosts allow = melissa, STORAGE
[global]
workgroup = UIGOLF
netbios name = linux.uigolf
server string = Samba
encrypt passwords = no
map to guest = Bad User
algorithmic rid base = 100
smb ports = 139, 145
acl compatibility = winnt
server signing = Auto
paranoid server security = no
printcap name = cups
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$
logon path = \%L\profiles.msprofile
logon drive = P:
logon home = \%L%U.9xprofile
os level = 2
preferred master = no
local master = no
domain master = no
dns proxy = no
ldap ssl = No
usershare max shares = 100
winbind uid = 100-20000
winbind gid = 100-20000
valid users = scott, user, melissa
admin users = root
read only = No
printing = cups
cups options = raw
lpq command = %p
case sensitive = Yes
strict locking = No
msdfs proxy = no
restrict anonymous = no
max protocol = NT
guest ok = yes
security = share
The problem is that you have an XP network that uses broadcast name resolution and in the Suse machine you are using name resolution by the lmhosts file which is not configured. You also have a bunch of other quite complex properties in [global] that are not appropriate for an XP network.
I suggest that you make it windows friendly like this:
[global]
workgroup = UIGOLF
netbios name = linux.uigolf
server string = Samba
name resolve order = bcast host lmhosts wins
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
use client driver = yes
map to guest = Bad User
local master = yes
preferred master = yes
os level = 65
usershare allow guests = Yes
usershare max shares = 100
usershare owner only = False
Ach, forgot tom mention that there is a win2Kpro machine on the same network acting as a defacto file server as well, would setting the OS level to 65 in smb.conf affect network browsing for the XP client users? Same for setting local master and preferred master to Yes? What advantages would be to set the OS level to say 34?
Linux machines respond to high levels of “os”, up to 255 (but > 255 sets os level = 0). Windows machines see anything in the range 32 <—> 255 inclusive as 32.
You can delete the line preferred “master = yes” and can set the os level to 33 and it will be fine. That will set Suse to take over as local master each time it boots. That’s healthy for the network because microsoft have designed win2000, xp, vista to be clients. That way they can sell you a server. You now have the tools to make one for free.
There can be only one preferred master on a SOHO LAN and that machine is usually a community resource like the file repository for an accounting office, or a printer server for the family.
Ok I set the OS level to 33, preferred master to no, local master to yes, usershare guests to yes, changed the name resolve order, and usershare ower only to false, rebooted clients and the linux, but still same error. Here’s the copy of smb.conf. Should I remove the idmap and lpq lines? Any other ideas?
[global]
workgroup = UIGOLF
netbios name = LINUX.UIGOLF
server string = Samba
encrypt passwords = No
map to guest = Bad User
smb ports = 139, 145
name resolve order = bcast host lmhosts wins
paranoid server security = No
printcap name = cups
os level = 33
local master = yes
preferred master = No
domain master = No
dns proxy = No
ldap ssl = no
usershare allow guests = Yes
usershare max shares = 100
usershare owner only = False
idmap uid = 100-20000
idmap gid = 100-20000
valid users = scott, user, melissa
admin users = root
read only = No
guest ok = Yes
printing = cups
cups options = raw
print command =
lpq command = %p
lprm command =
case sensitive = Yes
strict locking = No
msdfs proxy = no
[printers]
comment = All Printers
path = /var/tmp
create mask = 0600
printable = Yes
browseable = No
[archive]
path = /home/archive/
force user = scott
The [global] is so complex that I can’t properly get my head around what all the interactions will mean. I suggest that you simplify it and get it working and then build in restrictions later when it’s working. I recommend starting with a known windows-friendly [global] like this:
[global]
workgroup = UIGOLF
netbios name = LINUX.UIGOLF
server string = Samba
name resolve order = bcast host lmhosts wins
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
use client driver = yes
map to guest = Bad User
local master = yes
preferred master = yes
os level = 33
read only = No
guest ok = Yes
usershare allow guests = Yes
usershare max shares = 100
usershare owner only = False
And for now take out the line “force user = scott”
You can edit smb.conf direct with this command if you use KDE:
kdesu kwrite /etc/samba/smb.conf
or fo Gnome use this:
gnomesu gedit /etc/samba/smb.conf
Check you have a member enrolled in the Samba user database and use those credentials from windows if challenged. To enroll a member, e.g. scott, use this command:
sudo smbpasswd -a scott
Turn off the Suse firewall for the time being, setting it not to start at boot time by going to Yast → Security and Users → Firewall → Disable firewall automatic start + Stop firewall now.
Turn off for the time being any windows firewalls especially third party firewalls.
Don’t forget to reboot the router and/or cable modem/all LAN devices, reboot Suse, pause, reboot a windows client, pause, have a cup of coffee.