Solved

Users cannot access their own share on Samba

Posted on 2012-03-19
3
571 Views
Last Modified: 2012-03-25
Hi,

I am basically trying to implement the Abmas Accounting Office example from the "Samba by examples" book :
http://www.samba.org/samba/docs/man/Samba3-ByExample/simple.html#AccountingOffice

This implementation is kind of appealing to directors of small community organizations because they can look over the user's folder.

My setup is as follow :

Brand new machine with most recent Ubuntu server distribution and Samba 3.5.11
Mainly Windows 7 Enterprise workstations with some Windows XP Pro

Here is my smb.conf transcript tested with testparm :

------------------------------------------------------
heidegger@AEPP-Serveur:~$ testparm /etc/samba/smb.conf
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[Fichiers]"
Processing section "[principal]"
Processing section "[partage]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions

[global]
        workgroup = ATELIERS

[Fichiers]
        comment = Dossiers utilisateurs
        path = /Fichiers/%U
        valid users = %S
        read only = No

[principal]
        comment = Dossier principal
        path = /Fichiers
        valid users = Direction
        read only = No

[partage]
        comment = Dossier partagé
        path = /partage
        read only = No
---------------------------------

Apart from discarding configuration of CUPS and creating a user folder for the main user "Direction" (who has full permission on main folder (/Fichiers) I followed instructions in chapter accordingly.

Whenever a user tries to access the main server he gets prompted for a username and pwd, he then gain view of available shares.

"/Partage" is intended for all users to share stuff, that one works fine.

The main folder "/Fichiers" prompt for username and pwd and is valid only works [as expected] for user "Direction"

"/Fichiers/%U" on the other hand does not even prompt for credentials and instead show the following message (translated freely from french) :

//Aepp-serveur/Fichiers cannot be accessed. You may not have required permissions to access this network resource. Contact your administrator (... the usual)

Should I also mentioned that despite the fact that user "Direction" has access to main folder and therefore to all other user's folder he cannot access his own folder through /Fichiers/%U no matter what.

What I did :

I change the SUID on /Fichiers by removing first the SUID at the group level and eventually at both user and group level with no success

I added valid users = %S in the [fichiers] section with the effect of this time prompting user for a credential but still, no success

I commented all [principal] section (intended in fact for the director) : that did not have any effect but to prevent access to any user folders.

I assumed that I have an obvious permission problem on the user's folder (/Fichiers/%U) and solution does reside somewhere around there. But I'm kind of short of solutions as to how I can implement this model.

Any help would be greatly appreciated. Note that this implementation if successful is simple and I want to keep it that way and so I don't want to implement any PDC like related solutions or at least not at this point in my Samba journey :-)

Thanks for your help !
0
Comment
Question by:asusxtian
  • 2
3 Comments
 
LVL 19

Expert Comment

by:Gabriel Orozco
ID: 37740631
Hi Asusxtian

I believe you used an old example, so that's why you see problems.

Change valid users to be
valid users = %U

as per the explanation on this bug in launchpad:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/668368

Hope This helps
Gabriel
0
 

Accepted Solution

by:
asusxtian earned 0 total points
ID: 37744782
I also found a workaround though by replacing the %U variable with %u. Also I could find nowhere sufficient explanations about the real usage of %U...

As for your valid users variable I will try it this evening (ET) and let you know !

Thanks !
0
 

Author Closing Comment

by:asusxtian
ID: 37762421
The question did not raise great response and I finally figured my way out by trying something that did in fact just did what I was expecting it to do.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Outsource Your Fax Infrastructure to the Cloud (And come out looking like an IT Hero!) Relative to the many demands on today’s IT teams, spending capital, time and resources to maintain physical fax servers and infrastructure is not a high priority.
You may have a outside contractor who comes in once a week or seasonal to do some work in your office but you only want to give him access to the programs and files he needs and keep privet all other documents and programs, can you do this on a loca…
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now