Stupid stupid stupid samba!!!

Ok I think you’ve guessed I’m pretty peeved off with samba!

[Essential]
What I would like is basically to allow anyone who has a Linux user account on my PC to be able to access their home folder over the network - by typing in their linux user/pass on either linux win laptops.

And it should also be possible to play video files DIRECTLY from the home directory over the network without having to download the whole file.

[NICE TO HAVE]
In addition they can share any of their personal folders they like - which ALSO require their user/pass to access and cannot be accessed without a user/pass.

[COMMENTS]
I don’t want linux to automatically create linux home directories for windows users - I don’t care about windows users (but if they have my user/pass they can also see my home dir or other folder)

Is it possible for samba to use Linux /etc/password file - any changes in password will be done on the PC (i.e. the ‘server’), and password changes from windows/linux clients are not possible.

I don’t want to have my password in plaintext!

Hello,

I’m wondering why you are so angry? Samba now is very easy to setup. Depending on the version of your DE (desktop environment) you can just right click the folder you want to share and click to setup sharing. Setup the various settings you want.

You may want to create some users fist using YAST. Assigned the users to the shares. Then assign users to the folders that you want. By default, if you didn’t un-tick it, the home folder is shared. Test it if you like.

If this doesn’t work please tell us some more information

open the konsole (terminal) and su to root

uname -a
rpm -q samba*

Please also tell us which DE you are using as well. Thanks

On Wed May 19 2010 10:36 am, rash m wrote:

>
> Ok I think you’ve guessed I’m pretty peeved off with samba!
>
> [ESSENTIAL]
> What I would like is basically to allow anyone who has a Linux user
> account on my PC to be able to access their home folder over the network
> - by typing in their linux user/pass on either linux win laptops.
>
> And it should also be possible to play video files DIRECTLY from the
> home directory over the network without having to download the whole
> file.
>
> [NICE TO HAVE]
> In addition they can share any of their personal folders they like -
> which ALSO require their user/pass to access and cannot be accessed
> without a user/pass.
>
> [COMMENTS]
> I don’t want linux to automatically create linux home directories for
> windows users - I don’t care about windows users (but if they have my
> user/pass they can also see my home dir or other folder)
>
> Is it possible for samba to use Linux /etc/password file - any changes
> in password will be done on the PC (i.e. the ‘server’).
>
> I don’t want to have my password in plaintext!
>
>
rash m;
What you want is all more or less possible.

Lets settle the password encryption concern first. Unless you tell Samba
otherwise, passwords will be encrypted by default (NTLMv2). Unless you have
old DOS (Win95?) plaintext passwords went the way of the dinosaur.

Since Linux does not use NTLM encryption, Windows cannot directly access the
Linux password in /etc/shadow. Instead you must create Samba passwords with
the smbpasswd command. These are now (Samba 3.4.x +) by default saved in a
tdbsam password file. Thus after you configure Samba you must add Samba
users.

By default Windows sends the username/password of the loggedon user. ( There
are someways to get around this on the Windows and Samba side, but we can
answer that when the time comes.) For now the easiest way is to create a
Windows user with the same name/password as your Linux user. If you
configure the [homes] share in Samba the user will have access to his/her
Linux home directory.

See: http://opensuse.swerdna.org/suselanprimer.html for assistance configuring
Samba and adding Samba users.

Applications on Windows will have direct access to the files in your
Linux /home/<user>, but I think most applications at least cache the file
locally. There will be no reason you will be obliged to download first.
However if your network is slow, vidio may be choppy.

Good luck getting this going. If you have any more questions feel free to
post again. Be sure to tell us what you’ve done. If your Samba server still
fails after following Swerdna’s HowTo it will help if you post the contents
of /etc/samba/smb.conf.


P. V.
“We’re all in this together, I’m pulling for you.” Red Green

I did follow swerdena instructions before posting here and tried to figure it out.

I’m running opensuse 11.2, kerenel 2.6.31 on KDE4.

I figured out the samba password thing - and I have my samba shares working (to a point).

I guess my requirements are a little different to other peoples.

The whole idea was that I could mount my home dir using my linux user/pass on anyones laptop connected to my network and stream videos, music or just access files from my home dir.

Setting windows user same as linux is just not an option.

OK, so as I understand it, when you type a username/pass combo in a windows prompt it gets encrypted as NTLM (except old windows) and sent over the network - thats why samba can’t use /etc/passwd (as it’s a one-way hash) - is this a correct assumption?

I guess I can live with that as I have only 2 linux users anyway.

My second question is whats annoying me even more is in order to mount samba fileshares i must have my user/pass as PLAINTEXT in the mount command! That I am NOT happy about! I know a solution is a credential file but it’s not really a solution.

Would it be possible to save and send the password HASH to mount the samba share? When I mount my samba share on my other ubuntu machine, the password gets saved somewhere and it mounts it automatically.

The problem is that all links have smb:// at the start and not all programs recognise it, I’d like to hide the fact that this mounted FS is a remote FS - can I somehow achieve this with softlinks? Or any other way?

The last part, about hiding the fact it is remote, would mean on Windows: Map Network Drive and on Linbux mount the share. They then appear as ‘local’ rather than ‘remote’.

You already know how to do both i think, I’m sorry I can’t help you with keeping the password encrypted on Linux for the mount command. There must be some means to achieve this - I can’t believe that no-one has a requirement to mount a samba share & keep the pass secret. I don’t know how windows does this - assuming it does keep it secret - but if it can do it then so can Linux. It’s just a question of how.

On Linux you get the smb: protocol to remotely access the file, and on Windows you get UNC paths eg \server\share.

When you think about it, there must be something in the address of the file to say how & where to get it, ie that it is a remote file accessible via the a specific protocol.

Most windows apps can handle unc paths (all of them afaik). Some Linux apps have problems with smb: paths. Why? I don’t know, smb has been around for yonks. It is very annoying. OpenOffice is a notable offender.

smplayer can handle smb: paths and also UNC paths on windows. Thats a good choice.

Well hiding the passwords is key, I can live with manual updating of samba passwords, but there has to be a way of have linux store and send JUST the NTLM password hash!

On Thu May 20 2010 03:56 am, rash m wrote:

>
> Well hiding the passwords is key, I can live with manual updating of
> samba passwords, but there has to be a way of have linux store and send
> JUST the NTLM password hash!
>
rash m

Have you checked using a credentials file? See:
http://opensuse.swerdna.org/susesambacifs.html

P. V.
“We’re all in this together, I’m pulling for you.” Red Green

Yes - this is not good enough, passwords are still stored as plaintext.

Samba may work in some instance, but let’s be honest it’s rubbish.>:(

Nevertheless I appreciate all your help - it’s not your fault samba is a bit crappy.:wink:

Hi
Install a media server like ushare. For general file sharing, just
enable ssh and browse using something like winscp on a windows box.


Cheers Malcolm °¿° (Linux Counter #276890)
SUSE Linux Enterprise Desktop 11 (x86_64) Kernel 2.6.27.45-0.1-default
up 3 days 17:44, 3 users, load average: 0.06, 0.16, 0.26
GPU GeForce 8600 GTS Silent - CUDA Driver Version: 195.36.15

Ushare doesn’t seem to have user/password support.

SSH is just not the right solution for this - it’s a bit slow, plus theres no need for encryption for me over my network especially for video files etc.

Guess i’ll just have to use vlc or smplayer on linux machines.

On Thu May 20 2010 08:56 am, rash m wrote:

>
> venzkep;2167202 Wrote:
>> On Thu May 20 2010 03:56 am, rash m wrote:
>>
>> >
>> > Well hiding the passwords is key, I can live with manual updating of
>> > samba passwords, but there has to be a way of have linux store and
>> send
>> > JUST the NTLM password hash!
>> >
>> rash m
>>
>> Have you checked using a credentials file? See:
>> ‘Samba: HowTo Mount a CIFS Network Share [AKA Map Network Drive] in
>> openSUSE 11 plus FAQs’ (swerdna.org)
>> –
>> P. V.
>> “We’re all in this together, I’m pulling for you.” Red Green
>
> Yes - this is not good enough, passwords are still stored as
> plaintext.
>
> Samba may work in some instance, but let’s be honest it’s rubbish.>:(
>
> Nevertheless I appreciate all your help - it’s not your fault samba is
> a bit crappy.:wink:
>
rash m;

I’m a bit confused about what you are trying to do here. In your initial post
it sounded like you wanted to access your /home/username directory on Linux
from your Windows client;

Yet you also talk about using the mount command. For Windows clients
accessing Samba shares has an easy solution to the username/password
problems. If this is your problem I’ll post the solution.

For Linux accessing Linux, use NFS. For Linux accessing Windows you should be
able to use the guest account with no password for windows (assuming you have
the correct permissions set in windows.

Can you please explain what the clients are running and what the server is
running?


P. V.
“We’re all in this together, I’m pulling for you.” Red Green

I think accessing from windows is fine now because almost all programs understand the UNC paths? (will windows download files or just stream them? atm don’t have a windows client to test).

The mount command relates to specifically Linux - not all applications understand smb:// protocol, main culprit being kaffeine so I need to mount shares using the mount command and specify the user/pass in the mount command or credentials file (both of which show the password as plaintext!)

On Fri May 21 2010 02:36 am, rash m wrote:

<snip>
>
> The mount command relates to specifically Linux - not all applications
> understand smb:// protocol, main culprit being kaffeine so I need to
> mount shares using the mount command and specify the user/pass in the
> mount command or credentials file (both of which show the password as
> plaintext!)
>
rash m;

Samba is really intended for Windows networking and you seem to have that
sorted out. Using Samba on a Linux client is a bit like using a hammer to
insert a screw, it can be done but the results may not be pretty. Don’t blame
the hammer if you use the wrong tool.

Why not do an NFS export of the directory you wish to share as well as Samba.
Your Windows clients can use Samba and your Linux clients can use NFS. You
can use YaST to configure both the NFS server and clients.

Just an added thought. You realize that the password you set with smbpasswd
need not be your login password. Your login password can be “bigsecret” and
your samba password can be “notverysecret”. Thus even if someone sees your
samba password they would not necessarily know your login password. Since
the credential file only needs to be readable by the root user, its contents
can be hidden from ordinary users of the client by setting the proper
permissions. Of course if the users know the root password on the client,
that doesn’t help much.


P. V.
“We’re all in this together, I’m pulling for you.” Red Green