Can't Access Samba Share

I have set up a SFTP which I can connect to, go to the right directory and read/write files to.

The full path is home/sftpuser/SFTP/Customer
The user "sftpuser" I am connecting with is in the group "ftpusers" which has read/write access.

That works fine.

Here is my sshd_config:
Code:
Match Group ftpusers ChrootDirectory /home/%u/
 ForceCommand internal-sftp
  AllowAgentForwarding no
  AllowTcpForwarding no
  X11Forwarding no

However, I made a samba share of the folder Customer, when I go to the IP adress on a Windows machine "\\10.0.0.1\" I can see the folder Customer, when entering it requests user/pass and afterwards gives an error: you have not the right permissions.

In Webmin:
Customer /home/sftpuser/SFTP/Customer Read/write to everyone

My smb.conf:
Code:
[global]
    syslog = 0
    log file = /var/log/samba/log.%m
    read raw = no
    write raw = no
    passdb backend = tdbsam
    workgroup = DOMAIN
    usershare allow guests = yes
    socket options = TCP_NODELAY
    pam password change = yes
    passwd program = /usr/bin/passwd %u
    unix password sync = yes
    obey pam restrictions = yes
    passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
    server role = standalone server
    server string = %h server (Samba, Ubuntu)
    max log size = 1000
    map to guest = bad user
    panic action = /usr/share/samba/panic-action %d
    dns proxy = no



[Customer]
    force create mode = 755
    browsable = yes
    public = yes
    path = /home/sftpuser/SFTP/Customer
    force directory mode = 755
    writeable = yes
    valid users = @ftpusers
    force group = ftpusers
    write list = @ftpusers

I have been struggling for 3 days and am totally out of ideas.

LS -L for the folder:
Code:
total 4
drwxrwx---+ 2 sftpuser ftpusers 4096 Apr  9 11:35 Customer



Similar Content



Why Vsftp Can Do It, But Openssh Sftp Cannot ? (chroot)

Dear all,

This is long story cut short, with vsftp, if i set this parameters in the vsftp.conf file below

Code:
local_enable=YES
chroot_local_users=YES

I am able to login to the ftp account, see and list my home/user directory, and if i do a cd / or cd .. , i will still be chroot to my /home/user directory.

without, the need to chmod or or chown anything to my /home/user directory

=============================================

With openSSH, internal_sftp, even though I have set the sshd_conf to

Code:
Match user alankoh
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
ChrootDirectory /home/%u

I will need to change owner my /home/user directory to have root becomes it owner.
============================================

Q1) why this difference ? How does vsftp chroot without changing the /home/user folder ownership ?

Q2) i realize that openssh ChrootDirectory parameter causes my default login directory to be set as that of the parameter.
(e.g. if i set to "/whatever/xyz", i will be brought to that /whatever/xyz everytime i login to the sftp instead of my /home/user folder.

Why ? I thought that ChrootDirectory is just a security measure to specify the directory to go to in case the user cd to root (e.g. cd /), else not, i should still go to my /home/user folder everytime i login to sftp.

Regards,
Noob

Samba Configuration Not Letting Me Access Files?

Hey guys, I got samba working and I am able to access my files, however I am now trying to learn security with it. i am pretty much trying to allow certain groups access certain files. if you look at samba group you can see that I have @sambausers group to access sambagroup directory.

I have a user called sambatest01. the user can access "samba users only" but the user can access all of the other files as well. what is a correct set up on the other smb.conf to prevent users from accessing this? I cant seem to find a proper set up


[drivers]
path = /files/drivers
browseable = yes
read only = no
guest ok = no
guest only = no


[samba users only]
path = /files/sambagroup
browseable = yes
read only = no
guest ok = no
guest only = no
write list = @sambausers
valid users = @sambausers

Need Help Configuring My Samba Server

Hi guys,

Need help configuring my samba file server, i have 3 folders

[global]
workgroup = WORKGROUP
server string = Samba Server Version %v
map to guest = Bad User

hosts allow = 127. 192.

log file = /var/log/samba/log.%m
max log size = 50

security = share

load printers = no
cups options = raw
printing = bsd
printcap name = /dev/null
disable spoolss = yes

[homes]
comment = Home Directories
browseable = no
writable = yes
valid users = %S
; valid users = MYDOMAIN\%S

;[printers]
; comment = All Printers
; path = /var/spool/samba
; browseable = no
; guest ok = no
; writable = no
; printable = yes

[BIP]
path = /home/BIP
writable = yes
browseable = yes
guest ok = yes
guest only = yes
create mode = 0777
directory mode = 0777
share modes = yes

[Surya Kapuas Perkasa]
path = /home/suryakapuasperkasa
writable = yes
browseable = yes
guest ok = yes
guest only = yes
create mode = 0777
directory mode = 0777
share modes = yes

[Misc]
path = /home/Miscelaneous
writable = yes
browseable = yes
guest ok = yes
guest only = yes
create mode = 0777
directory mode = 0777
share modes = yes
read only = no

The BIP and Surya Kapuas Perkasa can be accessed by windows users, but the Misc, cannot, can somebody help me with solution pls, thanks

SFTP Configuration For Single Directory Per User

Dear Members,

I am trying to configure sftp on my Server (Redhat). But I am facing following issue.

Link used: https://www.linode.com/docs/tools-re...ian-and-ubuntu

These are the parameters added to /etc/ssh/sshd_config file :

Quote:
Match group filetransfer
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
Permission home Directories are as follows :

Quote:
ls -ld /home/test1/
drwxr-xr-x 7 root root 4096 May 14 09:49 /home/test1/

ls -l /home/test1/
total 12
drwxr-xr-x 2 root root 4096 May 14 09:49 docs
drwxr-xr-x 2 root root 4096 May 13 11:43 nitish
drwxr-xr-x 2 root root 4096 May 14 09:49 public_html

Debug Command : sftp -vvv test1@Ipaddress

Code:
debug1: Next authentication method: password
test1@IP-address's password:
debug3: packet_send2: adding 64 (len 53 padlen 11 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug3: Wrote 144 bytes for a total of 1421
debug1: Authentication succeeded (password).
debug2: fd 4 setting O_NONBLOCK
debug3: fd 5 is O_NONBLOCK
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug3: Wrote 128 bytes for a total of 1549
debug3: Wrote -1 bytes for a total of 1549
Write failed: Broken pipe
Couldn't read packet: Connection reset by peer

I need the user can't access/see the other directories other than it's own directory

Waiting for your response.

Thank you

Redhat-Keeda

Centos 6.6 And Samba 3 - Can't Get Domain User To Login

Hi All

I have been racking my brains for the past 15 hours or so trying to know why my AD users can't actually login to the share which i have assigned.

This is my smb.conf below:

Quote:
[global]
workgroup = EXAMPLE
security = ads
realm = EXAMPLE.GROUP
domain master = no
local master = no
preferred master = no
printcap name = /etc/printcap
load printers = no
idmap backend = tdb
idmap uid = 10000-99999
idmap gid = 10000-99999
idmap config EXAMPLE:backend = rid
idmap config EXAMPLE:range = 10000-9999
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind nested groups = yes
winbind refresh tickets = yes
winbind offline logon = true
template homedir = /home/%D/%U
template shell = /bin/false
client use spnego = yes
client ntlmv2 auth = yes
encrypt passwords = yes
restrict anonymous = 2
log file = /var/log/samba/samba.log
log level = 2
valid users = any
[Research]
comment = Research
path = /sharing/research
valid users = EXAMPLE\user1
force group = "domain users"
writable = yes
read only = no
force create mode = 0660
create mask = 0777
directory mask = 0777
force directory mode = 0770
access based share enum = yes
hide unreadable = yes
[Admin]
comment = Admin Area
path = /var/www/html/cmsmadesimple
browseable = yes
writable = yes
read only = no
inherit acls = yes
inherit permissions = yes
create mask = 700
directory mask = 700
valid users = user1

When i do wbinfo -u or wbinfo -g i can see the usernames and groups in my AD.

Also when i do : id username it actually gives me the information for that user in my domain.

I have done net ads login -U and joined the domain.

I have set the pam auth modifications and the krb5 and nsswitch.conf files.

So i do not get why i can't have the user i have assigned to that share access it?

I can only imagine i have something wrong in my smb.conf?

Please any helps would be appreciated.

Thanks

Sftp User Unable To See Mounted --bind Directories. Works With Vsftpd Via Ftp

Is there an sftp package that can be used which is more flexible then the ssh internal ftp server. I have been tasked with providing an /srv/ftp/ directory which includes

mount -bind other_directory1 /srv/ftp/d1
mount -bind other_driectory2 /srv/ftp/q2

...etc

Since sftp via ssh demands that all directories be owned by root I have a problem. The 'other directories' are owned by different sets of groups. We have engineers who will have carte blanche access. I have another group 'manufacturing' who will need to be chrooted to /var/ftp/. They will need to see directories underneath /var/ftp/ and nothing else. We don't want them to be able to cd to any other part of the system. Manufacturing does not have any account on the machine. My last group sales has an account on the server. I have been able to chroot them to there home folder where they also have the same mount --binded directories. Management would like sales to be able to ftp as well as sftp with read only access to the sub directories under their home directory. It is allowable to have them sftp to /srv/ftp/ and ftp to /home/sale/. I would suppose that this may mean that I use a different tool to implement sftp rather then use ssh. Here are my setup files for ssh

Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 1024
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
UseDNS no
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
UseLogin yes
Banner /etc/issue.net
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM no

Match group ftpgroup
ChrootDirectory /srv/ftp
X11Forwarding no
AllowTcpForwarding no
ForceCommand /usr/lib/openssh/sftp-server
PasswordAuthentication yes

Setfacl Help

I can't believe I wrote a looong message and it logged me out when I tried to submit it.

So anyway, in short lines:

- I have a network of sites where all sites share same "images" folder
- I have created /home/_images/entities and symlinked it from all websites
- It works great with Apache, when I open /images/ on any of the sites I get list of images and can view them

The problem is suPHP which changes process ID of the PHP script to the file owner ID, so when I load site1.com, all scripts are executed as user1 (and files/folders created with those scripts belong to user1:user1). When I load site2.com, all scripts are executed as user2 (and files/folders created with those scripts belong to user2:user2). All these users do NOT belong to the same group, and I wouldn't like to change that as it is cPanel/WHM server so I'm afraid I'll screw something up if I change (primary?) group of all users.

Therefore I need to set it up in such way that all newly created folders and files under /home/_images/entities (owned by root) have read/write permissions for everyone.

Here's the command I used:

Code:
setfacl -Rdm o::rwx /home/_images/entities

To check it:
Code:
root@server1 [~]# getfacl /home/_images/entities/
getfacl: Removing leading '/' from absolute path names
# file: home/_images/entities/
# owner: root
# group: root
user::rwx
group::rwx
other::rwx
default:user::rwx
default:group::rwx
default:other::rwx

This looks fine, however when I try upload an image via site1.com it looks like this:

Code:
root@server1 [/home/_images/entities]# ls -l
total 24
drwxrwxrwx+ 5 root    root    4096 Jan 14 06:25 ./
drwxrwxrwx  5 root    root    4096 Jan 12 13:08 ../
drwxrwxr-x+ 3 user1   user1   4096 Jan 14 06:25 1/

And in folder "1" is the image (and thumbs folder):

Code:
root@server1 [/home/_images/entities/1]# ls -l
total 236
drwxrwxr-x+ 3 user1   user1     4096 Jan 14 06:25 ./
drwxrwxrwx+ 5 root    root      4096 Jan 14 06:25 ../
-rw-rw-rw-  1 user1   user1   225569 Jan 14 06:25 689048f221ab7c556f4d482a9d92b2d6.jpg
drwxrwxr-x+ 2 user1   user1   4096 Jan 14 06:25 thumbs/

My questions:

1) Why newly created folders do not have "write" permissions for everyone else [not user and/or group]? If I upload first image from site1.com, then I can't upload other images from any other site, while all sites can display them.

2) What is the + at the end of permissions list? (drwxrwxr-x+)

3) Why newly created files have only "rw" permissions for user, group AND everyone else, and not execute permissions? I don't actually need execute flag set here, but from my command you can see I've set "o::rwx" so it should be there (or not?)

Actually the real problem is #1 - other users can't write to this folder so users can't upload images from other sites nor other sites can create (missing) thumbnails.

Problem With Samba Share

Hello

I want to share a folder on my Fedora linux pc with a Windows 8 pc in the same network.

I have followed this guide : http://www.labtestproject.com/config...rver_on_fedora

but I am not able to see my share on my Fedora linux pc from the other Windows 8 PC.

This is my /etc/samba/smb.conf :

Code:
[global]
        workgroup = mygroup
        server string = HP Samba
;       netbios name = MYSERVER

;       interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
;       hosts allow = 127. 192.168.12. 192.168.13.

;       max protocol = SMB2
[My-Documents]
        path = /home/Jonas/Desktop/My-Documents
        read only = no
;       browseable = yes
        guest ok = yes


The workgroup name is the same as the workgroup name on the Windows PC.

Firewall on Fedora linux pc is down.

I do get the following output when restarting smb :
Code:
apr 27 12:27:49 jonashp.domain.local systemd[1]: Starting Samba SMB Daemon...
apr 27 12:27:49 jonashp.domain.local smbd[4324]: [2015/04/27 12:27:49.686796,  0] ../source3/param/loadparm.c:3034(lp_set_enum_parm)
apr 27 12:27:49 jonashp.domain.local smbd[4324]: WARNING: Ignoring invalid value 'share' for parameter 'security'
apr 27 12:27:49 jonashp.domain.local smbd[4324]: [2015/04/27 12:27:49.687187,  0] ../source3/smbd/server.c:1286(main)
apr 27 12:27:49 jonashp.domain.local smbd[4324]: standard input is not a socket, assuming -D option
apr 27 12:27:49 jonashp.domain.local systemd[1]: Started Samba SMB Daemon.

I thought it would be that simple...

Samba-Apache-Webdav Permission Problem With User Www-data

I'm not sure if this should be in the newbie section, but I am somewhat of a newbie, so here goes:

In a home network, I have an Xubuntu file server with a Samba share that has me as the owner and authorizes me to access the share.

On another computer, I have Mint running and providing various services, including webdav on Apache with SSL. In the var/www/webdav directory of the Mint computer, I have the Xubuntu Samba share mounted. This is supposed to allow me to access the Samba share from the public internet.

Everything works fine except for one big problem: Apache requires the owner of the webdav directory to be user "www-data," and I can't figure out how to give www-data access to the Samba share, since www-data is not a user on the Xubuntu computer, and moreover I don't know the password for user www-data.

Can anyone figure out how to get around this problem? In particular, is there a way to configure the Samba share on the Xubuntu computer so that user www-data on the Mint computer can have access to it?

(Incidentally, I have my reasons for using two computers, one as a file server and one as a web server. Also, I am thinking about switching to NFS instead of Samba, but I'm not sure if even that would solve my problem.)

Why Can't My Windows Clients Write To My Samba Shares (Unbuntu 14.04)

I'm struggling with Samba with a new NAS/Media server I am trying to build. I have created some shares on my Unbuntu server with Samba that are visible and browseable from my home Windows 8.1 clients but when I try to write to any of them I receive a "try again" error.

I want to be able to copy files from my PC to my new Unbuntu server's shares. For now I have one user only on my Unbuntu server that's in the sudo group. From Windows I have tried to map network drive with "different credentials" but no matter what I try from Windows I still can't copy or move files from Windows to the shares.

Thank you