Hi all,
I’ve been trying to get samba setup in a sensible way for my home use. Security is not a huge concern so I can relax a little on some setup methods but of course it’s better to be secure than not.
What I am trying to do is pretty simple, I just want a normal user to be able to log on and added files etc. as this is our mass storage computer.
This computer is setup with two RAIDs. The first RAID are SSDs and cover almost the entire file system. The 2nd RAID is exclusively on the /srv/ path and is my mass storage area (RAID5 3 x 4TBs).
For my own use as this is my workstation (which we are doubling up as a media server) I just create symlinks from my home directory to a place under the /srv/ directory whenever I have something large that I want to store which of course is never problem when working on the computer directly. E.g. a typical link will look like this
~/Libraries -> /srv/extended_home/hilary/Libraries/
.
In all cases I described below I have been testing by logging in as the user “hilary” from an apple computer (obviously I’ll want it to work logging in from Windows computers as well). Hilary and I both have Linux profiles on the server and entries in the Samba user database (TDB). My server is Leap 43.3 with all the latest updates.
Since security isn’t a big issue I opted for a simple solution of enabling wide links so I added the lines that you see now commented below.
[global]
workgroup = WORKGROUP
passdb backend = tdbsam
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
include = /etc/samba/dhcp.conf
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
usershare allow guests = No
wins support = No
ldap admin dn =
usershare max shares = 100
wins server =
# allow insecure wide links = Yes
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
# wide links = Yes
# follow symlinks = Yes
The problem with this is that while it allowed me to follow a link once I added these lines I could not see anything in the directory once I followed it. I played with this a bit but couldn’t resolve that.
Deciding to take another tack I commented out the lines so they are as you see them now and then added the following section:
[hilary]
comment = %U Mass Storage
path = /srv/extended_home/hilary
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
This worked and now the user hilary could get to their mass storage area but it’s rather inefficient so I changed
path = /srv/extended_home/hilary
to
path = /srv/extended_home/%u
(I tried with both a capital and lower case %u) and it stopped working.
More curious, if I leave
path = /srv/extended_home/hilary
as is but change
[hilary]
to
[mass_storage]
logging in as hilary stops working as well in that I don’t see the directory anymore, I can still log in.
At this point I’m kind of stuck to make this work efficiently. Of course I could just put two shares in, one for hilary and one for me as we are the only two using it at the moment but I don’t like things not working as they seem like they should and I really should be able to make this work with either a mass_storage share or the use of wide links instead of adding a share per user.
Here is the smb.conf file in full as it is:
[global]
workgroup = WORKGROUP
passdb backend = tdbsam
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
include = /etc/samba/dhcp.conf
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
usershare allow guests = No
wins support = No
ldap admin dn =
usershare max shares = 100
wins server =
# allow insecure wide links = Yes
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
# wide links = Yes
# follow symlinks = Yes
[profiles]
comment = Network Profiles Service
path = %H
read only = No
store dos attributes = Yes
create mask = 0600
directory mask = 0700
[users]
comment = All users
path = /home
read only = No
inherit acls = Yes
veto files = /aquota.user/groups/shares/
[groups]
comment = All groups
path = /home/groups
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin root
force group = ntadmin
create mask = 0664
directory mask = 0775
#[mass_storage]
[hilary]
comment = %U Mass Storage
path = /srv/extended_home/hilary
# path = /srv/extended_home/%u
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
Anyone who knows what’s going on, your help will be appreciated.