• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 581
  • Last Modified:

Users cannot access their own share on Samba

Hi,

I am basically trying to implement the Abmas Accounting Office example from the "Samba by examples" book :
http://www.samba.org/samba/docs/man/Samba3-ByExample/simple.html#AccountingOffice

This implementation is kind of appealing to directors of small community organizations because they can look over the user's folder.

My setup is as follow :

Brand new machine with most recent Ubuntu server distribution and Samba 3.5.11
Mainly Windows 7 Enterprise workstations with some Windows XP Pro

Here is my smb.conf transcript tested with testparm :

------------------------------------------------------
heidegger@AEPP-Serveur:~$ testparm /etc/samba/smb.conf
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[Fichiers]"
Processing section "[principal]"
Processing section "[partage]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions

[global]
        workgroup = ATELIERS

[Fichiers]
        comment = Dossiers utilisateurs
        path = /Fichiers/%U
        valid users = %S
        read only = No

[principal]
        comment = Dossier principal
        path = /Fichiers
        valid users = Direction
        read only = No

[partage]
        comment = Dossier partagĂ©
        path = /partage
        read only = No
---------------------------------

Apart from discarding configuration of CUPS and creating a user folder for the main user "Direction" (who has full permission on main folder (/Fichiers) I followed instructions in chapter accordingly.

Whenever a user tries to access the main server he gets prompted for a username and pwd, he then gain view of available shares.

"/Partage" is intended for all users to share stuff, that one works fine.

The main folder "/Fichiers" prompt for username and pwd and is valid only works [as expected] for user "Direction"

"/Fichiers/%U" on the other hand does not even prompt for credentials and instead show the following message (translated freely from french) :

//Aepp-serveur/Fichiers cannot be accessed. You may not have required permissions to access this network resource. Contact your administrator (... the usual)

Should I also mentioned that despite the fact that user "Direction" has access to main folder and therefore to all other user's folder he cannot access his own folder through /Fichiers/%U no matter what.

What I did :

I change the SUID on /Fichiers by removing first the SUID at the group level and eventually at both user and group level with no success

I added valid users = %S in the [fichiers] section with the effect of this time prompting user for a credential but still, no success

I commented all [principal] section (intended in fact for the director) : that did not have any effect but to prevent access to any user folders.

I assumed that I have an obvious permission problem on the user's folder (/Fichiers/%U) and solution does reside somewhere around there. But I'm kind of short of solutions as to how I can implement this model.

Any help would be greatly appreciated. Note that this implementation if successful is simple and I want to keep it that way and so I don't want to implement any PDC like related solutions or at least not at this point in my Samba journey :-)

Thanks for your help !
0
asusxtian
Asked:
asusxtian
  • 2
1 Solution
 
Gabriel OrozcoSolution ArchitectCommented:
Hi Asusxtian

I believe you used an old example, so that's why you see problems.

Change valid users to be
valid users = %U

as per the explanation on this bug in launchpad:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/668368

Hope This helps
Gabriel
0
 
asusxtianAuthor Commented:
I also found a workaround though by replacing the %U variable with %u. Also I could find nowhere sufficient explanations about the real usage of %U...

As for your valid users variable I will try it this evening (ET) and let you know !

Thanks !
0
 
asusxtianAuthor Commented:
The question did not raise great response and I finally figured my way out by trying something that did in fact just did what I was expecting it to do.
0

Featured Post

Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now