Samba Configuration Not Letting Me Access Files?

Hey guys, I got samba working and I am able to access my files, however I am now trying to learn security with it. i am pretty much trying to allow certain groups access certain files. if you look at samba group you can see that I have @sambausers group to access sambagroup directory.

I have a user called sambatest01. the user can access "samba users only" but the user can access all of the other files as well. what is a correct set up on the other smb.conf to prevent users from accessing this? I cant seem to find a proper set up


[drivers]
path = /files/drivers
browseable = yes
read only = no
guest ok = no
guest only = no


[samba users only]
path = /files/sambagroup
browseable = yes
read only = no
guest ok = no
guest only = no
write list = @sambausers
valid users = @sambausers


Similar Content



Need Help Configuring My Samba Server

Hi guys,

Need help configuring my samba file server, i have 3 folders

[global]
workgroup = WORKGROUP
server string = Samba Server Version %v
map to guest = Bad User

hosts allow = 127. 192.

log file = /var/log/samba/log.%m
max log size = 50

security = share

load printers = no
cups options = raw
printing = bsd
printcap name = /dev/null
disable spoolss = yes

[homes]
comment = Home Directories
browseable = no
writable = yes
valid users = %S
; valid users = MYDOMAIN\%S

;[printers]
; comment = All Printers
; path = /var/spool/samba
; browseable = no
; guest ok = no
; writable = no
; printable = yes

[BIP]
path = /home/BIP
writable = yes
browseable = yes
guest ok = yes
guest only = yes
create mode = 0777
directory mode = 0777
share modes = yes

[Surya Kapuas Perkasa]
path = /home/suryakapuasperkasa
writable = yes
browseable = yes
guest ok = yes
guest only = yes
create mode = 0777
directory mode = 0777
share modes = yes

[Misc]
path = /home/Miscelaneous
writable = yes
browseable = yes
guest ok = yes
guest only = yes
create mode = 0777
directory mode = 0777
share modes = yes
read only = no

The BIP and Surya Kapuas Perkasa can be accessed by windows users, but the Misc, cannot, can somebody help me with solution pls, thanks

Can't Access Samba Share

I have set up a SFTP which I can connect to, go to the right directory and read/write files to.

The full path is home/sftpuser/SFTP/Customer
The user "sftpuser" I am connecting with is in the group "ftpusers" which has read/write access.

That works fine.

Here is my sshd_config:
Code:
Match Group ftpusers ChrootDirectory /home/%u/
 ForceCommand internal-sftp
  AllowAgentForwarding no
  AllowTcpForwarding no
  X11Forwarding no

However, I made a samba share of the folder Customer, when I go to the IP adress on a Windows machine "\\10.0.0.1\" I can see the folder Customer, when entering it requests user/pass and afterwards gives an error: you have not the right permissions.

In Webmin:
Customer /home/sftpuser/SFTP/Customer Read/write to everyone

My smb.conf:
Code:
[global]
    syslog = 0
    log file = /var/log/samba/log.%m
    read raw = no
    write raw = no
    passdb backend = tdbsam
    workgroup = DOMAIN
    usershare allow guests = yes
    socket options = TCP_NODELAY
    pam password change = yes
    passwd program = /usr/bin/passwd %u
    unix password sync = yes
    obey pam restrictions = yes
    passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
    server role = standalone server
    server string = %h server (Samba, Ubuntu)
    max log size = 1000
    map to guest = bad user
    panic action = /usr/share/samba/panic-action %d
    dns proxy = no



[Customer]
    force create mode = 755
    browsable = yes
    public = yes
    path = /home/sftpuser/SFTP/Customer
    force directory mode = 755
    writeable = yes
    valid users = @ftpusers
    force group = ftpusers
    write list = @ftpusers

I have been struggling for 3 days and am totally out of ideas.

LS -L for the folder:
Code:
total 4
drwxrwx---+ 2 sftpuser ftpusers 4096 Apr  9 11:35 Customer

Centos 6.6 And Samba 3 - Can't Get Domain User To Login

Hi All

I have been racking my brains for the past 15 hours or so trying to know why my AD users can't actually login to the share which i have assigned.

This is my smb.conf below:

Quote:
[global]
workgroup = EXAMPLE
security = ads
realm = EXAMPLE.GROUP
domain master = no
local master = no
preferred master = no
printcap name = /etc/printcap
load printers = no
idmap backend = tdb
idmap uid = 10000-99999
idmap gid = 10000-99999
idmap config EXAMPLE:backend = rid
idmap config EXAMPLE:range = 10000-9999
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind nested groups = yes
winbind refresh tickets = yes
winbind offline logon = true
template homedir = /home/%D/%U
template shell = /bin/false
client use spnego = yes
client ntlmv2 auth = yes
encrypt passwords = yes
restrict anonymous = 2
log file = /var/log/samba/samba.log
log level = 2
valid users = any
[Research]
comment = Research
path = /sharing/research
valid users = EXAMPLE\user1
force group = "domain users"
writable = yes
read only = no
force create mode = 0660
create mask = 0777
directory mask = 0777
force directory mode = 0770
access based share enum = yes
hide unreadable = yes
[Admin]
comment = Admin Area
path = /var/www/html/cmsmadesimple
browseable = yes
writable = yes
read only = no
inherit acls = yes
inherit permissions = yes
create mask = 700
directory mask = 700
valid users = user1

When i do wbinfo -u or wbinfo -g i can see the usernames and groups in my AD.

Also when i do : id username it actually gives me the information for that user in my domain.

I have done net ads login -U and joined the domain.

I have set the pam auth modifications and the krb5 and nsswitch.conf files.

So i do not get why i can't have the user i have assigned to that share access it?

I can only imagine i have something wrong in my smb.conf?

Please any helps would be appreciated.

Thanks

Ldap User Authentication For Samba Share

- I have samba server and ldap server both on different machine. I want to authenticate all the ldap user on samba share to giving access permission for user's on share. I have refer too many document for that but I am unable to access share with ldap user's username and password. I have referred below link

https://wiki.samba.org/index.php/Samba_&_LDAP

http://www.unixmen.com/setup-samba-d...-ubuntu-13-04/

How to troubleshoot for user authentication on samba share?

Samba Mount Headache

I banging my head, I am unable to mount samba share. Here is the info
Samba share is in RHEL 6.5
# vi /etc/samba/smb.conf
[sambashare]
comment = samba share
path = /smbdemo
guest ok = yes
browseable = yes

# ls -dZ /smbdemo/
drwxrwxrwx. root root system_ubject_r:samba_share_t:s0 /smbdemo/

# getsebool -a | grep samba
samba_create_home_dirs --> on
samba_domain_controller --> off
samba_enable_home_dirs --> on
samba_export_all_ro --> on
samba_export_all_rw --> on
samba_portmapper --> off
samba_run_unconfined --> off
samba_share_fusefs --> off
samba_share_nfs --> off
sanlock_use_samba --> off
use_samba_home_dirs --> off
virt_use_samba --> off


Accessing this share from another Red Hat Box 6.4 (samba-client)
# smbclient -L 192.168.1.10 -U don [Works perfectly]

Now, when I try to mount the share as:

# mount.cifs //192.168.1.9/smbdemo /opt/test/ -o user=don
Password:
Retrying with upper case share name
mount error(6): No such device or address
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

# smbclient //192.168.1.9/smbdemo -U don
Enter don's password:
Domain=[BARNES] OS=[Unix] Server=[Samba 3.6.23-14.el6_6]
tree connect failed: NT_STATUS_BAD_NETWORK_NAME

I searched in google but no avail.

Getting Through SAMBA Security

Ugh - been working on this for days

I have a SAMBA server running on a Raspberry Pi. Should be pretty much up to date - retrieved today.

Want to get Windows 7 and Android smartphones to be able to access, but neither can. Ideally, I would like to generate no password challenge, but that does not seem to be on the agenda. Windows 7 cannot seem to send the account name in a way SAMBA understands. The Android phones similarly have no luck getting credentials to SAMBA.

Tried many, many variations, read many, many pieces of advice. Most recent smb.conf attached.

FYI
1) I have tried with and without SECURITY=USER
2) did smbpasswd -an nobody
3) the share has CHMOD 775
4) testparm seems happy

Any help appreciated.

Jonathan

Samba-Apache-Webdav Permission Problem With User Www-data

I'm not sure if this should be in the newbie section, but I am somewhat of a newbie, so here goes:

In a home network, I have an Xubuntu file server with a Samba share that has me as the owner and authorizes me to access the share.

On another computer, I have Mint running and providing various services, including webdav on Apache with SSL. In the var/www/webdav directory of the Mint computer, I have the Xubuntu Samba share mounted. This is supposed to allow me to access the Samba share from the public internet.

Everything works fine except for one big problem: Apache requires the owner of the webdav directory to be user "www-data," and I can't figure out how to give www-data access to the Samba share, since www-data is not a user on the Xubuntu computer, and moreover I don't know the password for user www-data.

Can anyone figure out how to get around this problem? In particular, is there a way to configure the Samba share on the Xubuntu computer so that user www-data on the Mint computer can have access to it?

(Incidentally, I have my reasons for using two computers, one as a file server and one as a web server. Also, I am thinking about switching to NFS instead of Samba, but I'm not sure if even that would solve my problem.)

Why Can't My Windows Clients Write To My Samba Shares (Unbuntu 14.04)

I'm struggling with Samba with a new NAS/Media server I am trying to build. I have created some shares on my Unbuntu server with Samba that are visible and browseable from my home Windows 8.1 clients but when I try to write to any of them I receive a "try again" error.

I want to be able to copy files from my PC to my new Unbuntu server's shares. For now I have one user only on my Unbuntu server that's in the sudo group. From Windows I have tried to map network drive with "different credentials" but no matter what I try from Windows I still can't copy or move files from Windows to the shares.

Thank you

Normal Linux User Recursively Write Access To Apache Document Root

I tried adding two users in apache group and given 775 permission to Document root but user is not able to write into files in DocumentRoot

Tried adding user and DocumentRoot Folder in sudo file but not able to do it recursively

please help


Thanks for reply,
I have already given chmod 775 -R DocumentRoot - for recursively writting permission
You have told to add user in www-data group and chmod 775 -R to DocumentRoot
usermod -a -G www-data <user1>

How can users in www-data can able to write in DocumentRoot which has apache:apache owner and group
please clarify...

Done below steps to solve this:
1) I have created a new group webdata and added required users in this group
2) set sticky bit to document root with below command
setfacl -m g:webdata:rwx -R /path/to/documentroot/
this command will set rwx permission to DocumentRoot so that members in webdata can have full access but still DocumentRoot user and group will be apache

Securing /etc/profile And /etc/bashrc

Changing umask value for files and directories take effect after reload:
/etc/profile
/etc/bashrc
default permission for all users:
-rw-r--r--
above permission is edited to:
-rw-rw-r--
If a specific user in group having only read permission to a file/directory is created before reload,and Linux server reloads, that user gets rw permission to that file/directory. what is the alternative of securing:
/etc/profile
/etc/bashrc
apart from giving the two files access to root user only, and locking out all other users?