Samba shares seen on network, but keeps asking for credentials

Hi, I’ve been struggling a bit with SAMBA. Ok, not a bit, A LOT. I’ve been trying to get that sorted for like a week but finally gave up.

I can see my shares on PC’s on the network, but when I put login and pass, it just constantly requires them again, and again, and again and I can do it till the rest of my life and still won’t let me access them. Shares in question are named Swap and Backup.

I’m following steps on Samba | Reference | openSUSE Leap 15.6 running openSUSE Leap and trying to connect from openSUSE Tumbleweed, all installed yesterday. Leap is the server that I want to share 2 drives to be available on windows and Linux.

Steps I took so far:
YaST → Software → Software Manager → View → Patterns → File Server → Install
Configure SAMBA from YaST → Startup → start on boot
Added shares through “Shares” tab → read only: no → guest access: yes ->Allow users to share directories → allow Guest Access
Identity tab → Workgroup left default (WORKGROUP) → Not a DC → NeBIOS Hostname: server → WINS Server Support
Trusted Domains and LDAP not touched as I’m not sure if I need it and not sure what do they do.
Samba password set up, user added.
Samba is running.

Samba version: 4.19.9-git.422.34370c5a3aa150600.3.15.1SUSE-oS15.0-x86-64

samba.conf:

Loaded services file OK.
Weak crypto is allowed by GnuTLS (e.g. NTLM as a compatibility fallback)
aa
.Server role: ROLE_STANDALONE

# Global parameters
[global]
        logon drive = P:
        logon home = \\%L\%U\.9xprofile
        logon path = \\%L\profiles\.msprofile
        map to guest = Bad User
        netbios name = SERVER
        printcap name = cups
        usershare allow guests = Yes
        usershare max shares = 100
        wins support = Yes
        idmap config * : backend = tdb
        cups options = raw


[homes]
        browseable = No
        comment = Home Directories
        guest ok = Yes
        inherit acls = Yes
        read only = No
        valid users = %S %D%w%S


[profiles]
        comment = Network Profiles Service
        create mask = 0600
        directory mask = 0700
        path = %H
        read only = No


[users]
        comment = All users
        inherit acls = Yes
        path = /home
        read only = No
        veto files = /aquota.user/groups/shares/


[groups]
        comment = All groups
        inherit acls = Yes
        path = /home/groups
        read only = No


[printers]
        browseable = No
        comment = All Printers
        create mask = 0600
        path = /var/tmp
        printable = Yes


[print$]
        comment = Printer Drivers
        create mask = 0664
        directory mask = 0775
        force group = ntadmin
        path = /var/lib/samba/drivers
        write list = @ntadmin root


[Backup]
        comment = backup
        guest ok = Yes
        path = /run/media/server/Backup
        read only = No


[Swap]
        comment = lanswap
        guest ok = Yes
        path = /run/media/server/Swap
        read only = No

pdbedit -L output:

server:1000:Server
root:0:root

Chmod for shares set to 757.

So. What am I missing? User is added to access shares, I can connect to them on other PC’s but when prompt for login and pass comes up - nothing happens, just reappears again and again and so on.

I’ve tried some options online after extensive googling, but they’re either posts from 2011, doesn’t work or borked my connection and I had to change nsswitch.conf to get internet back. Currently I reinstalled completely openSUSE leap and did all the steps above to have a clean, uninterrupted from previous attempts SAMBA.

These days there’s no need to be using NetBIOS or WINS in a modern samba environment. If you want to advertise the samba host to windows machines, you can use WS-Discovery. (I have wsdd2 installed on a host providing samba shares.)

With respect to the Windows and Linux clients, which versions?

FWIW, my working test samba server configuration (sharing my home directories)…

[global]
        workgroup = WORKGROUP
        passdb backend = tdbsam
        printing = cups
        printcap name = cups
        printcap cache time = 750
        cups options = raw
        map to guest = Bad User
        logon path = \\%L\profiles\.msprofile
        logon home = \\%L\%U\.9xprofile
        logon drive = P:
        usershare path = /var/lib/samba/usershares
        usershare max shares = 100
        usershare allow guests = Yes
        usershare owner only = Yes

[homes]
        comment = Home Directories
        valid users = %S, %D%w%S
        browseable = No
        read only = No
        inherit acls = Yes

Not sure if this can be used in a standalone server situation?

Changed to your settings, now shares are unreachable. I’m not sure what to do with that idmap config line, should I put it in global samba settings?

I’d get rid of it and start with a minimal samba configuration for test purposes. Review the following samba wiki:

https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server

Is that relevant to samba 4? Website looks like I remember them growing up in 1990’s

Also review the following reference:

https://web.mit.edu/samba/swat/help/Samba3-HOWTO/idmapper.html

In particular:

"Samba Server Deployment Types and IDMAP

There are four basic server deployment types, as documented in the chapter on Server Types and Security Modes.

Standalone Samba Server

A standalone Samba server is an implementation that is not a member of a Windows NT4 domain, a Windows 200X Active Directory domain, or a Samba domain.

By definition, this means that users and groups will be created and controlled locally, and the identity of a network user must match a local UNIX/Linux user login. The IDMAP facility is therefore of little to no interest, winbind will not be necessary, and the IDMAP facility will not be relevant or of interest."

Forget what it looks like - we’re interested in the information (and it is current).

Ok, thanks for help, I’m going to get some reading done

Good. Let us know how you get on.

I finally figured out what’s up. I’ve been trying to connect from other device and constantly getting “Host Unreachable” issue. Sometimes it did connect to the asset but get looped in logging in. I started to think that YaST might not be doing a great job with Firewall and just refusing the connection. I added manually in firewall my eth0 connection to trusted and OH MY GOD IT WORKS. I can connect to it from my other openSUSE device.

I have no idea how, but connection called “docker” was default in firewall. Btw. I don’t even have docker installed. Unless it’s a different docker. All I know it works and I guess Firewall was the issue.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.