I see the following error in my log when I try to access a share off my Samba server from a VirtualBox’ed Windows:
[2011/10/12 18:01:04.714868, 1] smbd/service.c:1070(make_connection_snum)
lappyvbox (::ffff:192.168.1.8) connect to service iTunes initially as user MYVIRTUALBOXUSERNAME (uid=1001, gid=100) (pid 21659)
On the client, I see an error message stating that Windows cannot access the resource because it doesn’t have the right permissions. The share is configured as follows:
[iTunes]
inherit acls = Yes
path = /windows/C/Users/MYWINDOWSUSERNAME/Music/iTunes/
read only = No
valid users = MYLINUXUSERNAME, MYVIRTUALBOXUSERNAME
The global settings pretty much follow default values as set by YaST. Any idea why I might be unable to access (i.e. read or write) the resource?
Let’s have a look at the Linux ownership of the share. There will be a line entered in fstab that controls the way the windows partition is mounted into Linux. It will be a bit like this:
That should be fine. It should make the ownership to be root:root and permissions drwxrwxrwx to that the “world” can read and write. The problem must be with the Samba share, try this to get things started:
[iTunes]
path = /windows/C/Users/MYWINDOWSUSERNAME/Music/iTunes/
read only = No
guest OK = yes
And, are you also trying to restrict access to one or a few people?
I removed the authentication requirements like you asked. Interestingly, I’m still being prompted for a password if I go to smb://127.0.0.1/iTunes on the server. I want to restrict access to the share so that only a VirtualBox’d Windows 7 account can access it. Long story… I couldn’t use VirtualBox’ shared folders feature to let iTunes access my music library so I had to set up a Samba server.
My full smb.conf is here:
# smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
# Date: 2011-03-01
[global]
workgroup = NAMEOFMYVIRTUALBOXMACHINE
passdb backend = tdbsam
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
include = /etc/samba/dhcp.conf
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
usershare allow guests = Yes
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$
domain logons = Yes
domain master = Yes
local master = Yes
os level = 65
preferred master = Yes
security = user
wins support = No
[iTunes]
path = /windows/C/Users/MYWINDOWSUSERNAME/Music/iTunes/
read only = No
guest OK = Yes
a) The workgroup naming in the [global] stanza should be itentical to the workgroup naming in the windows 7 VM.
b) Do you really want your openSUSE server to be a Domain Master? It would be much, much times simpler to set up for a workgroup.
If you want to restrict access to one user you could do this:
Suppose the Linux username is e.g. salband
Mount the windows partition with iTunes to be owned by salband with e.g. this mount line in fstab:
That will create Linux ownership of the NTFS files to be user=salband, group=users, setting the scene for the access rights that you want.
Then I would make the share like this:
[iTunes]
path = /windows/C/Users/MYWINDOWSUSERNAME/Music/iTunes/
read only = No
valid users = salband
force user = salband
And if you are not tied to being a domain master server I would make [global] like this:
[global]
workgroup = SameWorkgroupAsWindowsVM
name resolve order = bcast host lmhosts wins
local master = yes
preferred master = yes
os level = 64
server string =
printcap name = cups
cups options = raw
use client driver = yes
map to guest = Bad User
usershare allow guests = Yes
And I would add a Samba user password in Linux like so: smbpasswd -a salband
And in windows 7 VM I would make an account salband with the same password as the samba password in Linux.
And I would set the windows 7 virtual machine to mount the share iTunes at boot time as a mapped drive (so it doesn’t ask for password every time) e.g. drive Z:
And if you were controlling iTunes from the VM, I would redirect the iTunes program to use the library on mapped drive Z:
# smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
# Date: 2011-03-01
[global]
workgroup = WORKGROUP
name resolve order = bcast host lmhosts wins
local master = Yes
preferred master = Yes
os level = 64
server string =
printcap name = cups
cups options = raw
use client driver = Yes
map to guest = Bad User
usershare allow guests = Yes
[iTunes]
path = /windows/C/Users/*MYWINDOWSUSERNAME*/Music/iTunes/
read only = No
valid users = *MYLINUXUSERNAME*
force user = *MYLINUXUSERNAME*
In VBox windows 7: open Control Panel → Syatem. The right hand side has a section called “computer name, domain, and workgroup settings”. If you have a workgroup setting, it will list these
computer name
full computer name
computer description
workgroup
a) is that what you see?
b) what name is listed beside “workgroup”?
Yes, I see the fields computer name, full computer name, computer description and workgroup. The workgroup is called WORKGROUP (that’s it’s actual name, not a substituted name).
The word “domain” in the second screenshot is used whether you have joined a domain or a workgroup, it does not imply one or the other. But the word VBOX is really strange in light of what you just reported. I have simulated your situation as close to your description as I can figure out and it works for me. I even can get smooth connecting using different names in Win7 VBox VM and openSUSE. The only thing that comes to mind now is that I use “bridged” networking setting on the virtual eth0 and I do not use the facility called “shared folders” that shows in the GUI: “Oracle VM Virtualbox Manager”; instead I strictly use the windows SMB networking purely from within windows.
Another thought occurs: have you set the windows 7 advanced sharing parameters to be like as described here: Initialise Windows 7 Network
With regard to the first picture you posted: check that you have no sharing links open to the openSUSE server when you attempt to map a share as a windows mapped drive, using a username different from your windows login name (and of course no previous mappings of that drive should still exist simultaneously).
LAPPYVBOX is the name of my VirtualBox’ed Windows and, for whatever reason, also the domain it uses to log in.
I use bridged networking through my host’s wlan0 interface. Here’s what I’m guessing… it is probably a server-side problem because I can’t login from smb://127.0.0.1/iTunes/ either. I also added
[foo]
path = /home/*MYLINUXUSERNAME*/foo
read only = No
valid users = *MYLINUXUSERNAME*
force user = *MYLINUXUSERNAME*
to see if there was a problem with permissions on the mounted Windows partition but I couldn’t get access to the newly created directory over local Samba. (I made sure that the directory exists.)
Is there a way to wipe the Samba login information cache in Windows? Cuz once I have a failed login under a certain username, it keeps remembering that username until I reboot.
And then I’ve run out of suggestions. If it was me I’d make another virtual machine and see if that fixes it. If it doesn’t fix it, I would then know it is Linux that is at fault.
Thanks! I can now finally get in with my username and password. Quick question about AppArmor though… did I just give nmb and smb blanket permission to bypass the firewall?