Yet Another Samba Problem

Hi, got some Samba issues: I have 2 servers which perform various functions, one of them is to share stuf in my LAN. Got one working in notime so figured it should be pretty easy with second one - wrong, I’m struggling for weeks now. I even copy-pasted the same config changing a few params to no avail… this is becoming weird. They are different in hardware but have pretty much the same stuff, with the exception that the one that’s working is a regular dns/web/ftp/mail server and this one is a host for KVM VMs - so I have a only a bridge, different IPs, but both running CentOS 6.4 and same rpm versions to everything.

So - I can connect to the first from Dolphin (started even the Wingoz laptop) but not to the seccond one the, one with the bridge, itt keeps asking for the password. Well changed it a few times, deleted/edited the **** user, synced it to the OS users, etc - nothing. This is just stupid. I need help as I fail to see were the problem is - wuite sure it’s something really simple that I overlooked.

Some details:



> uname -a
Linux ns3.mumus.ro 2.6.32-358.2.1.el6.x86_64 #1 SMP Wed Mar 13 00:26:49 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux




> ifconfig
br0       Link encap:Ethernet  HWaddr 00:22:15:96:5B:46  
          inet addr:192.168.1.3  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:65005184 errors:0 dropped:0 overruns:0 frame:0
          TX packets:22078758 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:92768594369 (86.3 GiB)  TX bytes:1595514682 (1.4 GiB)

br1       Link encap:Ethernet  HWaddr 00:4F:4E:62:F9:F4  
          inet addr:XX.XX.XX.XX  Bcast:XX.XX.XX.XX  Mask:255.255.255.192
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1102193 errors:0 dropped:0 overruns:0 frame:0
          TX packets:194873 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:69537884 (66.3 MiB)  TX bytes:31392634 (29.9 MiB)

eth0      Link encap:Ethernet  HWaddr 00:22:15:96:5B:46  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:65083805 errors:0 dropped:0 overruns:0 frame:0
          TX packets:22086218 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:93702876761 (87.2 GiB)  TX bytes:1688768487 (1.5 GiB)
          Interrupt:25 Base address:0xa000

eth1      Link encap:Ethernet  HWaddr 00:4F:4E:62:F9:F4  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1496782 errors:0 dropped:0 overruns:0 frame:0
          TX packets:454156 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:159543929 (152.1 MiB)  TX bytes:50603312 (48.2 MiB)
          Interrupt:18 Base address:0x8000

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:26714750 errors:0 dropped:0 overruns:0 frame:0
          TX packets:26714750 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:140465824188 (130.8 GiB)  TX bytes:140465824188 (130.8 GiB)

tap0      Link encap:Ethernet  HWaddr DE:63:0F:39:85:00  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7262 errors:0 dropped:0 overruns:0 frame:0
          TX packets:202125 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:783002 (764.6 KiB)  TX bytes:13848927 (13.2 MiB)

tap1      Link encap:Ethernet  HWaddr 62:B5:1D:74:54:A4  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4 errors:0 dropped:0 overruns:0 frame:0
          TX packets:30817 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:168 (168.0 b)  TX bytes:2432286 (2.3 MiB)




> iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
RH-Firewall-1-INPUT  all  --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
RH-Firewall-1-INPUT  all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
DROP       all  --  kirchoff.syncrovision.com  anywhere            
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     esp  --  anywhere             anywhere            
ACCEPT     ah   --  anywhere             anywhere            
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain state NEW
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain state NEW
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ftp state NEW
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh state NEW
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp state NEW
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3 state NEW
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:imap state NEW
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https state NEW
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:urd state NEW
ACCEPT     udp  --  anywhere             anywhere            udp dpt:igmpv3lite state NEW
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:submission state NEW
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ftps state NEW
ACCEPT     udp  --  anywhere             anywhere            udp dpt:imaps state NEW
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3s state NEW
ACCEPT     tcp  --  anywhere             anywhere            tcp dpts:5901:cm state NEW
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:commtact-http state NEW
ACCEPT     tcp  --  anywhere             anywhere            tcp dpts:ndmp:rxapi state NEW
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited


Samba config:

# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# For a step to step guide on installing, configuring and using samba,
# read the Samba-HOWTO-Collection. This may be obtained from:
#  http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
#
# Many working examples of smb.conf files can be found in the
# Samba-Guide which is generated daily and can be downloaded from:
#  http://www.samba.org/samba/docs/Samba-Guide.pdf
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not made any basic syntactic errors.
#
#---------------
# SELINUX NOTES:
#
# If you want to use the useradd/groupadd family of binaries please run:
# setsebool -P samba_domain_controller on
#
# If you want to share home directories via samba please run:
# setsebool -P samba_enable_home_dirs on
#
# If you create a new directory you want to share you should mark it as
# "samba_share_t" so that selinux will let you write into it.
# Make sure not to do that on system directories as they may already have
# been marked with othe SELinux labels.
#
# Use ls -ldZ /path to see which context a directory has
#
# Set labels only on directories you created!
# To set a label use the following: chcon -t samba_share_t /path
#
# If you need to share a system created directory you can use one of the
# following (read-only/read-write):
# setsebool -P samba_export_all_ro on
# or
# setsebool -P samba_export_all_rw on
#
# If you want to run scripts (preexec/root prexec/print command/...) please
# put them into the /var/lib/samba/scripts directory so that smbd will be
# allowed to run them.
# Make sure you COPY them and not MOVE them so that the right SELinux context
# is applied, to check all is ok use restorecon -R -v /var/lib/samba/scripts
#
#--------------
#
#======================= Global Settings =====================================
    
[global]
    log file = /var/log/samba/log.%m
    load printers = no
    socket options = TCP_NODELAY
    interfaces = lo br0
    hosts allow = 192.168.1.0/24 127.
    passdb backend = tdbsam
    netbios name = ns3.mumus
    printing = bsd
    server string = Samba Server Version %v
    workgroup = LIQUIDCORE
    os level = 20
    hosts deny = ALL
    printcap name = /dev/null
    security = user
#    preferred master = no
    bind interfaces only = Yes
    max log size = 50
    
# ----------------------- Network Related Options -------------------------
#
# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
#
# server string is the equivalent of the NT Description field
#
# netbios name can be used to specify a server name not tied to the hostname
#
# Interfaces lets you configure Samba to use multiple interfaces
# If you have multiple network interfaces then you can list the ones
# you want to listen on (never omit localhost)
#
# Hosts Allow/Hosts Deny lets you restrict who can connect, and you can
# specifiy it as a per share option as well
#
    
;    netbios name = MYSERVER
    
;    interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
;    hosts allow = 127. 192.168.12. 192.168.13.
    
# --------------------------- Logging Options -----------------------------
#
# Log File let you specify where to put logs and how to split them up.
#
# Max Log Size let you specify the max size log files should reach
    
    # logs split per machine
    # max 50KB per log file, then rotate
    
# ----------------------- Standalone Server Options ------------------------
#
# Scurity can be set to user, share(deprecated) or server(deprecated)
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.



# ----------------------- Domain Members Options ------------------------
#
# Security must be set to domain or ads
#
# Use the realm option only with security = ads
# Specifies the Active Directory realm the host is part of
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
#
# Use password server option only with security = server or if you can't
# use the DNS to locate Domain Controllers
# The argument list may include:
#   password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
#   password server = *
    
    
;    security = domain
;    passdb backend = tdbsam
;    realm = MY_REALM

;    password server = <NT-Server-Name>

# ----------------------- Domain Controller Options ------------------------
#
# Security must be set to user for domain controllers
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
#
# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
#
# Domain Logons let Samba be a domain logon server for Windows workstations.
#
# Logon Scrpit let yuou specify a script to be run at login time on the client
# You need to provide it in a share called NETLOGON
#
# Logon Path let you specify where user profiles are stored (UNC path)
#
# Various scripts can be used on a domain controller or stand-alone
# machine to add or delete corresponding unix accounts
#
;    security = user
;    passdb backend = tdbsam
    
;    domain master = yes
;    domain logons = yes
    
    # the login script name depends on the machine name
;    logon script = %m.bat
    # the login script name depends on the unix user used
;    logon script = %u.bat
;    logon path = \\%L\Profiles\%u
    # disables profiles support by specifing an empty path
;    logon path =          
    
;    add user script = /usr/sbin/useradd "%u" -n -g users
;    add group script = /usr/sbin/groupadd "%g"
;    add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"
;    delete user script = /usr/sbin/userdel "%u"
;    delete user from group script = /usr/sbin/userdel "%u" "%g"
;    delete group script = /usr/sbin/groupdel "%g"
    
    
# ----------------------- Browser Control Options ----------------------------
#
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
#
# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
#
# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
;    local master = no
;    os level = 33
;    preferred master = yes
    
#----------------------------- Name Resolution -------------------------------
# Windows Internet Name Serving Support Section:
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
#
# - WINS Support: Tells the NMBD component of Samba to enable it's WINS Server
#
# - WINS Server: Tells the NMBD components of Samba to be a WINS Client
#
# - WINS Proxy: Tells Samba to answer name resolution queries on
#   behalf of a non WINS capable client, for this to work there must be
#   at least one    WINS Server on the network. The default is NO.
#
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups.
    
;    wins support = yes
;    wins server = w.x.y.z
;    wins proxy = yes
    
;    dns proxy = yes
    
# --------------------------- Printing Options -----------------------------
#
# Load Printers let you load automatically the list of printers rather
# than setting them up individually
#
# Cups Options let you pass the cups libs custom options, setting it to raw
# for example will let you use drivers on your Windows clients
#
# Printcap Name let you specify an alternative printcap file
#
# You can choose a non default printing system using the Printing option
    

;    printcap name = /etc/printcap
    #obtain list of printers automatically on SystemV
;    printcap name = lpstat
;    printing = cups

# --------------------------- Filesystem Options ---------------------------
#
# The following options can be uncommented if the filesystem supports
# Extended Attributes and they are enabled (usually by the mount option
# user_xattr). Thess options will let the admin store the DOS attributes
# in an EA and make samba not mess with the permission bits.
#
# Note: these options can also be set just per share, setting them in global
# makes them the default for all shares

;    map archive = no
;    map hidden = no
;    map read only = no
;    map system = no
;    store dos attributes = yes


#============================ Share Definitions ==============================
    
[Mumushor]
    valid users = mumushor
    wide links = no
    writeable = yes
    path = /home/mumushor
    write list = mumushor

[Storage]
    writeable = yes
    valid users = mumushor
    wide links = no
    path = /storage
    write list = mumushor


Other samba info:

The **** thing is running:


> netstat -tapn | grep smbd
tcp        0      0 127.0.0.1:139               0.0.0.0:*                   LISTEN      3097/smbd           
tcp        0      0 192.168.1.3:139             0.0.0.0:*                   LISTEN      3097/smbd           
tcp        0      0 127.0.0.1:445               0.0.0.0:*                   LISTEN      3097/smbd           
tcp        0      0 192.168.1.3:445             0.0.0.0:*                   LISTEN      3097/smbd     


Have only one user - don’t want anything else (and would like to be pretty secure as seen before):



> pdbedit -L -v
---------------
Unix username:        mumushor
NT username:          
Account Flags:        
User SID:             S-1-5-21-2323626126-4276809426-441782684-1001
Primary Group SID:    S-1-5-21-2323626126-4276809426-441782684-513
Full Name:            Mumu Mumu
Home Directory:       \
s3.mumus\mumushor
HomeDir Drive:        
Logon Script:         
Profile Path:         \
s3.mumus\mumushor\profile
Domain:               NS3.CLOUDY
Account desc:         
Workstations:         
Munged dial:          
Logon time:           0
Logoff time:          Wed, 06 Feb 2036 17:06:39 EET
Kickoff time:         Wed, 06 Feb 2036 17:06:39 EET
Password last set:    Sun, 17 Mar 2013 13:17:55 EET
Password can change:  Sun, 17 Mar 2013 13:17:55 EET
Password must change: never
Last bad password   : 0
Bad password count  : 0
Logon hours         : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF




> nmblookup -B 192.168.1.3 ns3.mumus
querying ns3.mumus on 192.168.1.3
192.168.1.3 ns3.mumus<00>


Now it gets weird 'cause I can connect it seems:

mumushor@FakeMoth-PC:~> smbclient //ns3.mumus/Mumushor
Enter mumushor's password:
Domain=[LIQUIDCORE] OS=[Unix] Server=[Samba 3.6.9-151.el6]
smb: \> LIST
0:      server=ns3.mumus, share=Mumushor
smb: \> quit
mumushor@FakeMoth-PC:~>


But I can’t access the 2 dirs from my OpenSUSE 12.3 X86_64 (they are owned by mumushor) in any client like Dolphin/Konqueror or WinExpl in Win 7 x64 for that matter, as it keeps asking for the password; or sometimes I get an instant time out. Even the passwords and the user are identical in the two servers so I really can’t make any sense of it.
Can see the machine in the workgroup, and I can browse till I get in it, but not in the dirs!

So you have a lot of info there and say you have two servers. How many clients are there? Are you running a Windows domain using Samba? The kernel version seems kind of low at 2.6.32 on that server, what openSUSE version are you running? Let me say I have not found it necessary to use a domain to share folders. Its not needed to share password protected /home folders or to share folders usable by all. Have a look at my bash script, just released to work with openSUSE 12.3: S.A.C.T. - Samba Automated Configuration Tool - Version 1.02 - Blogs - openSUSE Forums

Thank You,

Hello and thank you for your time and interest in this. Those two servers are CentOS 6.4 not SUSE, and that’s the latest kernel that RHEL and compatibles are using. I’m asking here inthe openSUSE forums because all my other machines run:
-3 of them OpenSUSE 12.3 x86_64
-1 XBMCbuntu
-2 Android phones (at 2 cores we can call them “machines”:slight_smile: )
-no domains involved - just one workgroup, all the machines sharing stuff, one user for now. It is a home network.

Of course not doing much browsing from the phones.

The openSUSE clients are giving me the headaches. Is there something wrong maybe with Dolphin? Any known bugs, what could it be? Why in the given configuration is asking for the password again, and again, and again?

BTW - kind of a problem, the forum doesn’t notify me of answers to my threads, what can I do? Checked the spam folder, the notifies are enabled in my profile and in this very thread for example, still no mail…

I don’t have mail notification enabled myself, but when I go into the settings menu, I see answers to all threads I am engaged in. I would check your email address to make sure it is correct. As for openSUSE, make sure to look at the bash script I posted. It will performed all of the required settings to get Samba working for you.

Thank You,

Ok will try that; in the mean time here are some log entries from the server, it basically says that everything is fine?

[2013/03/18 14:54:35.907443,  1] smbd/service.c:1114(make_connection_snum)
  mumushor-pc (192.168.1.4) connect to service Mumushor initially as user mumushor (uid=500, gid=500) (pid 21702)
[2013/03/18 14:54:35.926044,  2] auth/auth.c:309(check_ntlm_password)
  check_ntlm_password:  authentication for user [mumushor] -> [mumushor] -> [mumushor] succeeded
[2013/03/18 14:54:35.930086,  1] smbd/service.c:1114(make_connection_snum)
  mumushor-pc (192.168.1.4) connect to service Storage initially as user mumushor (uid=500, gid=500) (pid 21703)
[2013/03/18 14:54:47.318159,  2] auth/auth.c:309(check_ntlm_password)
  check_ntlm_password:  authentication for user [mumushor] -> [mumushor] -> [mumushor] succeeded
[2013/03/18 14:54:47.322830,  1] smbd/service.c:1114(make_connection_snum)
  mumushor-pc (192.168.1.4) connect to service Mumushor initially as user mumushor (uid=500, gid=500) (pid 21708)

That’s why I believe it has something to do with the openSUSE machines. Anyone some ideas, is the .conf good or not, seems OK to me?

You got to be willing to try out my script on at least one of the openSUSE PC’s. You can backup the default or existing /etc/samba/smb.conf file if you like elsewhere. Option 9 in SACT does everthing required to end up with a system that can use shares from other PC’s. You must add users on the local PC Samba database to share user /home folders and must add common folders (if you want) for non user (everybody shares) to exist. Its meant to be a Samba starting point that works doing all of the right things to reach out and use shares from other PC’s on a newly setup openSUSE PC.

Thank You,