Difference between revisions of "Samba"

From Briki
Jump to: navigation, search
Line 6: Line 6:
 
sudo smbpasswd -a local_username
 
sudo smbpasswd -a local_username
 
</pre>
 
</pre>
 +
 +
== tree connect failed: NT_STATUS_ACCESS_DENIED error ==
 +
If you get this when attempting to run '''smbclient -L''', check you don't have any "valid users" entries in smb.conf which are not associated with a share.
  
 
== Managing Users ==
 
== Managing Users ==

Revision as of 11:47, 9 August 2007

See http://ubuntuguide.org/wiki/Dapper#Samba_Server

NT_STATUS_LOGON_FAILURE / ERRDOS - ERRnoaccess error

Ensure you've added a valid samba user using (as documented in the ubuntu guide):

sudo smbpasswd -a local_username

tree connect failed: NT_STATUS_ACCESS_DENIED error

If you get this when attempting to run smbclient -L, check you don't have any "valid users" entries in smb.conf which are not associated with a share.

Managing Users

Persistent Storage

The default Ubuntu samba installation uses a tdbsam (Trivial DB for Samba) backend, which stores password information in a binary DB file /var/lib/samba/passdb.tdb. This can be changed by modifying the setting

passdb backend = tdbsam

Valid options are Plain Text, smbpasswd, tdbsam, ldapsam, ldapsam_compat, xmlsam, mysqlsam and pgsqlsam.

Adding users

To add a samba password for an existing local user

sudo smbpasswd -a local_username

If necessary, one or more remote usernames can be mapped to a local username. Firstly, add to smb.conf:

username map = /etc/samba/smbusers

Then, create a map of entries in /etc/samba/smbusers containing entries of the form:

local_username = remote_username

Note, however, that samba usernames are not case sensitive, so entries in smbusers to simply map case differences are not needed.

Listing samba users

sudo pdbedit -L

Deleting samba users

sudo smbpasswd -x local_username

Note that, when installed, samba creates samba users for all local users. This may not be desirable, in which case they can be removed using the script below. It may be worth keeping the "nobody" account active, for guest users.

for user in `sudo pdbedit -L | sed -e 's!:.*!!' | grep -v nobody | <grep -v desiredusers> `; do echo $user; sudo smbpasswd -x $user; done

File Permissions

To edit a file from a linux client on a linux server as a non-root client user, the following must all be true:

  • UNIX user (on server) associated with client specified samba user must have UNIX permission to edit the file
  • Samba share must have one of:
    • read only = no
    • read only = yes & writelist contains samba user
    • read only = yes & writelist contains "@unixgroup" and UNIX user (on server) associated with client specified samba user is a member of @unixgroup
  • Client smbfs must have fmask=777, or specify uid=clientuser (or fmask=775 and gid=clientgroup, where client user is a member of client group)