Hello, I installed 11.4 of one of the official mirrors and did a reinstall (wiped the root partition).
I always use yast to setup samba server (no domaincontroller, just to open up some shares and the printer to the window boxes).
Executed the same steps as always in yast and set samba server to automatically start and not act as a DC, added the shares and hit ok. Tryed to access it from a windows laptop, no luck.
Then tryed to access it from the server itself using Dolphin and a smb:// url -again no luck. Opened the error log and there seem to be some permisssion issues (odd since yast samba server is run as root).
error log:
[2011/03/08 16:10:28, 0] lib/fault.c:250(dump_core_setup)
Unable to setup corepath for smbd: Permission denied
[2011/03/08 16:10:28, 0] smbd/server.c:1134(main)
smbd version 3.5.7-1.17.1-2505-SUSE-SL11.4-x86_64 started.
Copyright Andrew Tridgell and the Samba Team 1992-2010
[2011/03/08 16:10:28.003778, 1] ../lib/util/params.c:513(OpenConfFile)
params.c:OpenConfFile() - Unable to open configuration file "/etc/samba/dhcp.conf":
Permission denied
[2011/03/08 16:10:28.004751, 0] smbd/server.c:1149(main)
error opening config file
[2011/03/08 17:13:26, 0] lib/fault.c:250(dump_core_setup)
Unable to setup corepath for smbd: Permission denied
[2011/03/08 17:13:26, 0] smbd/server.c:1134(main)
smbd version 3.5.7-1.17.1-2505-SUSE-SL11.4-x86_64 started.
Copyright Andrew Tridgell and the Samba Team 1992-2010
[2011/03/08 17:13:26.710398, 1] ../lib/util/params.c:513(OpenConfFile)
params.c:OpenConfFile() - Unabgle to open configuration file "/etc/samba/dhcp.conf":
Permission denied
[2011/03/08 17:13:26.711993, 0] smbd/server.c:1149(main)
error opening config file
[2011/03/08 17:23:52, 0] lib/fault.c:250(dump_core_setup)
Unable to setup corepath for smbd: Permission denied
[2011/03/08 17:23:52, 0] smbd/server.c:1134(main)
smbd version 3.5.7-1.17.1-2505-SUSE-SL11.4-x86_64 started.
Copyright Andrew Tridgell and the Samba Team 1992-2010
[2011/03/08 17:23:52.103203, 1] ../lib/util/params.c:513(OpenConfFile)
params.c:OpenConfFile() - Unable to open configuration file "/etc/samba/dhcp.conf":
Permission denied
[2011/03/08 17:23:52.105142, 0] smbd/server.c:1149(main)
error opening config file
[2011/03/08 17:31:15, 0] lib/fault.c:250(dump_core_setup)
Unable to setup corepath for smbd: Permission denied
[2011/03/08 17:31:15, 0] smbd/server.c:1134(main)
smbd version 3.5.7-1.17.1-2505-SUSE-SL11.4-x86_64 started.
Copyright Andrew Tridgell and the Samba Team 1992-2010
[2011/03/08 17:31:15.093489, 1] ../lib/util/params.c:513(OpenConfFile)
params.c:OpenConfFile() - Unable to open configuration file "/etc/samba/dhcp.conf":
Permission denied
[2011/03/08 17:31:15.094870, 0] smbd/server.c:1149(main)
error opening config file
[2011/03/08 17:32:58, 0] lib/fault.c:250(dump_core_setup)
Unable to setup corepath for smbd: Permission denied
[2011/03/08 17:32:58, 0] smbd/server.c:1134(main)
smbd version 3.5.7-1.17.1-2505-SUSE-SL11.4-x86_64 started.
Copyright Andrew Tridgell and the Samba Team 1992-2010
[2011/03/08 17:32:58.878114, 1] ../lib/util/params.c:513(OpenConfFile)
params.c:OpenConfFile() - Unable to open configuration file "/etc/samba/dhcp.conf":
Permission denied
[2011/03/08 17:32:58.879051, 0] smbd/server.c:1149(main)
error opening config file
[2011/03/08 17:33:56, 0] lib/fault.c:250(dump_core_setup)
Unable to setup corepath for smbd: Permission denied
[2011/03/08 17:33:56, 0] smbd/server.c:1134(main)
smbd version 3.5.7-1.17.1-2505-SUSE-SL11.4-x86_64 started.
Copyright Andrew Tridgell and the Samba Team 1992-2010
[2011/03/08 17:33:56.820780, 1] ../lib/util/params.c:513(OpenConfFile)
params.c:OpenConfFile() - Unable to open configuration file "/etc/samba/dhcp.conf":
Permission denied
[2011/03/08 17:33:56.822631, 0] smbd/server.c:1149(main)
error opening config file
[2011/03/08 17:36:03, 0] lib/fault.c:250(dump_core_setup)
Unable to setup corepath for smbd: Permission denied
[2011/03/08 17:36:03, 0] smbd/server.c:1134(main)
smbd version 3.5.7-1.17.1-2505-SUSE-SL11.4-x86_64 started.
Copyright Andrew Tridgell and the Samba Team 1992-2010
[2011/03/08 17:36:03.975324, 1] ../lib/util/params.c:513(OpenConfFile)
params.c:OpenConfFile() - Unable to open configuration file "/etc/samba/dhcp.conf":
Permission denied
[2011/03/08 17:36:03.976233, 0] smbd/server.c:1149(main)
error opening config file
[2011/03/08 17:38:26, 0] lib/fault.c:250(dump_core_setup)
Unable to setup corepath for smbd: Permission denied
[2011/03/08 17:38:26, 0] smbd/server.c:1134(main)
smbd version 3.5.7-1.17.1-2505-SUSE-SL11.4-x86_64 started.
Copyright Andrew Tridgell and the Samba Team 1992-2010
[2011/03/08 17:38:26.665994, 1] ../lib/util/params.c:513(OpenConfFile)
params.c:OpenConfFile() - Unable to open configuration file "/etc/samba/dhcp.conf":
Permission denied
[2011/03/08 17:38:26.666889, 0] smbd/server.c:1149(main)
error opening config file
any help would be welcome. (My apologies for errors/spelling posting this all from my phone - ISP issues… no internet)
Now that my internet is working normally again I found the solution.
Apparently it’s a bug with AppArmor in openSUSE 11.4.
So if you need your shares, don’t upgrade yet and wait for the bug to get fixed.
If you already upgraded YaST > AppArmor Control Panel > unmark the “Enable AppArmor” checkbox and hit ok.
Rerun the YaST Samba Server module and everything should be working (no reboot required).
Do note that disabling AppArmor will negatively affect your system securitywise. iirc a recent exploit using an usb stick was stopped by AppArmor.
Rather than disabling the whole of AppArmor, I wonder if a better compromise (which seems to work) is to do:
Yast -> Novell AppArmor -> AppArmor Control Panel,
Click on Set profile modes (Configure) button,
Highlight the entries ‘usr.sbin.nmbd’ and ‘usr.sbin.smbd’ in turn and, for each, click the Toggle Mode button to set the mode from ‘enforce’ to ‘complain’.
This problem has been fixed in the latest apparmor userspace code and profiles update (4816). However it won’t update the modified /etc/apparmor.d/usr.sbin.smbd and /etc/apparmor.d/usr.sbin.nmbd. Maybe it did if you used YaST to set the ‘complain’ mode, I don’t know. Otherwise, you should either reverse the patch posted here - meaning delete flags=(complain) from these two files before updating apparmor or - as it is probably already to late - rename the files /etc/apparmor.d/usr.sbin.smbd.rpmnew and /etc/apparmor.d/usr.sbin.nmbd.new:
I’m wondering what I missed. I’m still having the permissions problem. The only way to enter a shared directory is by being a “guest” but that doesn’t allow me to write into the dirs. I’ve tried deleting usr.sbin.smbd and usr.sbin.nmdb, disabling the whole Apparmor, but nothing works. Made a new configuration from scratch, but still no access. My smb.conf is the following:
[global]
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$
domain master = No
include = /etc/samba/dhcp.conf
passdb backend = smbpasswd
usershare max shares = 100
workgroup = Lago
wins support = No
security = share
usershare allow guests = No
[Hercules]
path = /media/Hercules/
guest ok = no
read only = no
[Argos]
path = /media/Argos/
guest ok = no
read only = no
[Luk]
path = /home/Luk/
guest ok = no
read only = no
Any help would be appreciated! I don’t know what else to do.
Thanks!
I think you should change “security = share” to “security = user”, and while you’re at it I suppose you should edit the whole thing a bit, maybe like this:
[global]
workgroup = LAGO
server string =
map to guest = Bad User
name resolve order = bcast host lmhosts wins
printcap name = cups
os level = 64
preferred master = Auto
local master = No
usershare allow guests = Yes
cups options = raw
use client driver = Yes
usershare max shares = 100
[Hercules]
path = /media/Hercules/
guest ok = no
read only = no
[Argos]
path = /media/Argos/
guest ok = no
read only = no
[Luk]
path = /home/Luk/
guest ok = no
read only = no
Then you need to restructure the lines in the three shares,[Hercules], [Argos] and [Luk]. But I need to know who you wish to be able to access the three shares and whether you want them to be writable.
For example if directory Argos was to have guest access and to be writeable I would chown the directory and all contents to be owned by some non-root user (let’s say e.g. Luk) and then structure that share like this:
[Argos]
path = /media/Argos/
guest ok = yes
read only = no
force user = Luk
But if you wanted it to be accessible only by someone with a password, I’d make it like this:
[Argos]
path = /media/Argos/
read only = no
force user = Luk
Any idea why the following setup works on Fedora, Ubuntu, Arch Linux but not openSUSE (11.4) ?
Users can login and access their ~/doc directory but nobody can access /srv which is supposed to be public.
I get the same issue on any openSUSE server. So what am I doing wrong?
# Global parameters
[global]
netbios name = NEELIX
workgroup = TOURNESOL
server string = NEELIX Samba Server
; wins support = no
wins server = xxx.xxx.xxx.xxx
name resolve order = wins lmhosts host bcast
dns proxy = no
interfaces = xxx.xxx.xxx.xxx/24
bind interfaces only = true
log file = /var/log/samba/log.%m
max log size = 1000
; syslog only = no
syslog = 0
; panic action =
security = user
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = yes
guest account = quidam
invalid users = root
; unix password sync = no
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n
*Retype\snew\sUNIX\spassword:* %n
*password\supdated\ssuccessfully* .
; pam password change = no
load printers = no
; include = /home/samba/etc/smb.conf.%m
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
; message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' &
; domain master = auto
log level = 1
admin users = agnelo
hosts allow = xxx.xxx.xxx.xxx/24, 127.0.0.1
[homes]
comment = Home Directories
browseable = no
writable = yes
create mask = 0664
directory mask = 0775
valid users = %S
path = /home/%S/doc
[data]
comment = srv
path = /srv
browsable = yes
writable = yes
create mode = 0750
public = yes
Notice that /srv mode is 0755 on all servers (and changing it to 0777 doesn’t help.) User quidam exists, is member of group ‘users’, has login and samba password on the server. The problem is probably not new … I just noticed the same behaviour on an old 11.1 file server (?).
[2011/07/17 02:32:32.780130, 1] smbd/service.c:1070(make_connection_snum)
martis (xxx.xxx.xxx.xxx) connect to service srv initially as user agnelo (uid=0, gid=1001) (pid 26848)
[2011/07/17 02:32:36.356169, 1] smbd/service.c:1070(make_connection_snum)
martis (xxx.xxx.xxx.xxx) connect to service agnelo initially as user agnelo (uid=0, gid=1001) (pid 26848)
[2011/07/17 02:32:39.783135, 1] smbd/service.c:1251(close_cnum)
martis (xxx.xxx.xxx.xxx) closed connection to service agnelo
I don’t know why. I see the same uid in Ubuntu’s log (where it’s working). I really don’t know why. Because I am member of the wheel group? But it’s weird indeed. The gid is correct.
It worked perfectly well. What I needed was writable access from any other user, so the option “force user = Luk” was enough! All the directories and subdirectories where owned by “Luk” so no problem with that. Thank you also for the [global] options, I tried first mines to see if something was wrong, but it worked at the first try. Your global options seem more clear to me… so little by little I’m learning something new
Not at all. I simply cannot access /srv on any openSUSE server from any client. (actually the stanza is called [srv] and not [data] in sbm.conf). I also tried this simple configuration (as suggested on your site):
[srv]
comment = srv
path = /srv
read only = no
guest ok = yes
It didn’t work. Tried with and without “mapp to guest” (which btw is not needed on other servers). It didn’t help. Restarting or not smb didn’t make a difference. Neither did disconnecting and reconnecting from clients. I also noticed that on the file server - which runs openSUSE 11.4 - public shares are not accessible to anyone.
The problem is probably not in smb.conf, since everything I tried in this file had no effect. If I try to view the public share on a Fedora 14 or Ubuntu 10.04 samba server (using exactly the same setup generated by script) using for example smb://servername/share in a browser on some Linux desktop in lan, it works. If I try to connect to the openSUSE server (in this case smb://neelix/srv), I get a blank page. I don’t use any firewall on openSUSE, nor under any other Linux. I have two separated openBSD firewalls and never needed Linux iptables inside the lan. It’s probably something very stupid, but beyond my understanding and (rather limited) knowledge of samba.
[xxx]
comment = xxx
path = /xxx
read only = no
guest ok = yes
I got straight in at smb://servername/xxx
So I added these lines (from your smb.conf) to my [global]:
dns proxy = no
admin users = john
guest account = samba
obey pam restrictions = yes
invalid users = root
And my smb daemon died and I couldn’t get into xxx.
So I took those lines out and rebooted and my smb daemon was alive again and I got straight into xxx.
And no, I don’t understand why. Just something I tried. Try removing some or all of those lines.
