?
Solved

problem accessing samba shared folders

Posted on 2009-02-13
6
Medium Priority
?
360 Views
Last Modified: 2012-05-06
Hi Experts,

I have a fedora core3 machine as my dns and database host.
The Database is hosted on mysql.  the following folders are shared on the linux box so we could access them from the windows and add them for our tape and remote backup systems.
to show the more clear picture i have uploaded the samba configuration file to assist about the problem.

on my windows machine i type
\\webserver and press enter
it shows me the two shared folders ( www & mysql) and shared printers.
when i double click to go into the shared folder i can go from one machine which was setup by the guy who created this linux box. and it doesn't ask for any password.
but once i try the same this \\webserver it shows me the same folders but when i double click the folder to explore it always shows guest into user name which is always blank and prompts me for the password only. but strangley on his old machine when i try to login it does login without even asking user name and password.

could you please help me out to solve this problem.


[root@webserver samba]# cat smb.conf
#======================= Global Settings =====================================
[global]
        max log size = 1
        username map = /etc/samba/smbusers
        server string = Linux Web server
        smb passwd file = /etc/samba/smbpasswd
        log file = /var/log/samba/%m.log
        workgroup = impex
        interfaces = eth0 lo
        browseable = yes
        os level = 20
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        guest account = bilal
        password level = 20
        winbind enable local accounts = no
        write list = bilal
        security = share
        load printers = no
        allow hosts = 192.168.0. 127.0.0.1
 
[mysql]
        comment = To take backup of database
        path = /var/lib/mysql
        browseable = yes
        valid users = alig
;       guest ok = yes
[www]
        comment = all file of web sites
        browseable = yes
        path = /var/www
        valid users = alig
;       guest ok = yes
 
 
[root@webserver samba]# cat smb.conf.original
#======================= Global Settings =====================================
[global]
        password level = 20
        smb passwd file = /etc/samba/smbpasswd
        load printers = no
        log file = /var/log/samba/%m.log
        winbind enable local accounts = no
        username map = /etc/samba/smbusers
        security = share
        max log size = 1
        encrypt passwords = yes
        os level = 20
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        browseable = yes
        server string = Linux Web server
        interfaces = eth0 lo
        workgroup = impex
        allow hosts = 192.168.0. 127.0.0.1
 
[mysql]
        comment = To take backup of database
        read only = yes
        path = /var/lib/mysql
        browseable = yes
        valid users = alig
;       guest ok = yes
[www]
        comment = all file of web sites
        browseable = yes
        path = /var/www
        read only = yes
        valid users = alig
;       guest ok = yes

Open in new window

0
Comment
Question by:Impex
  • 3
  • 2
6 Comments
 
LVL 21

Accepted Solution

by:
Daniel McAllister earned 1000 total points
ID: 23637115
The fact that you can access the files from one system without a password is "accidental" -- the username on that local system is apparently "alig", and either the passwords are the same, or there is no password setup for that user.

Given that the shares are read-only, I would limit the access to your systems that run the backups by IP address and just make them "public"... see below:

[global]
        password level = 20
        smb passwd file = /etc/samba/smbpasswd
        load printers = no
        log file = /var/log/samba/%m.log
        winbind enable local accounts = no
        username map = /etc/samba/smbusers
        security = share
        max log size = 1
        encrypt passwords = yes
        os level = 20
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        browseable = yes
        server string = Linux Web server
        interfaces = eth0 lo
        workgroup = impex
        allow hosts = 192.168.0.x 192.168.0.y 192.168.0.z 127.0.0.1
 
[mysql]
        comment = To take backup of database
        read only = yes
        path = /var/lib/mysql
        browseable = yes
       only guest = yes        guest ok = yes
[www]
        comment = all file of web sites
        browseable = yes
        path = /var/www
        read only = yes
       only guest = yes        guest ok = yes

Not the MOST secure options in the world, but it should work for your purposes!

I hope this helps!

Dan
IT4SOHO

0
 

Author Comment

by:Impex
ID: 23638265
Hi Dan
Thanks for your help. The last administrator who set this system up used to do the task with his machine. when he was leaving he setup the access to another machine which we only use once we have to make some changes to the database and then upload into the live database.
problem is that i can see the folders but i can't copy anything from them.
problem is that to take the backup for remote servers i need to be able to copy the data. at the moment its read only. can you please configure permissions so i could take the data as well.
I dont have to worry about the security because its behind the firewall.
i would really appreciate if you could do help me out with this.
Many Thanks
0
 
LVL 21

Expert Comment

by:Daniel McAllister
ID: 23638334
My reading of your initial question was that you wanted a Windows system to be able to access the web & MySQL folders so that the Windows system could back them up... so the read-only attribute should stay...

However, it is entirely possible that the "guest" user won't have access to either folder... you may need to create a user that has access (other than root) -- my guess is that the user alig will work just fine...

So, let's try this config: (don't forget to reload SAMBA when you're done -- (# pkill -HUP smbd ; pkill -HUP nmbd)

[global]
        password level = 20
        smb passwd file = /etc/samba/smbpasswd
        load printers = no
        log file = /var/log/samba/%m.log
        winbind enable local accounts = no
        username map = /etc/samba/smbusers
        security = share
        max log size = 1
        encrypt passwords = yes
        os level = 20
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        browseable = yes
        server string = Linux Web server
        interfaces = eth0 lo
        workgroup = impex
        allow hosts = 192.168.0.x 192.168.0.y 192.168.0.z 127.0.0.1
 
[mysql]
        comment = To take backup of database
        read only = yes
        path = /var/lib/mysql
        browseable = yes
      force user = alig

[www]
        comment = all file of web sites
        browseable = yes
        path = /var/www
        read only = yes
        force user = alig

One note of caution here... you will have to connect using a valid username/password for samba. Create a new samba username (must also be a UNIX username) with the smbpasswd command:

# Create Usersmbpasswd -a user# Set user passwordsmbpasswd user
I hope this helps!

Dan
IT4SOHO

0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 

Author Comment

by:Impex
ID: 23649170
thank you for your reply.
problem still remains same. i can browse to the www.directory, but when i double click on the sql share folder it says permission denied,
0
 
LVL 7

Assisted Solution

by:Morne Lategan
Morne Lategan earned 1000 total points
ID: 23655396
You have to determine what user mysql runs as, and what user apache runs as.

Do ls -l /var/lib/mysql and see what the ownership is. The sub-directories usually belongs to the user that mysql runs as. Change the "force user =" bit of the mysql share to that user.

Do the same for the www share, substituting the user for the user apache runs as.

Alternatively you can let alig belong to the group mysql and the group www-data (or whatever your apache group is) and then give the group read permissions on all the content of these folders.
0
 

Author Comment

by:Impex
ID: 25447283
Many Thanks
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Suggested Courses

755 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question