Samba problem after 7.05.2018 update

samba

#21

What would warrant this change from nobody to guest?
Why would nobody be blocked?
Guest is not what windows would send.

This one introduces a major security risk, but if your OK with that, then by all means…


#22

If you have to completely tear Samba down to get it built again you might as well give NFS a shot. There’s actually a GUI configurator for it produced by Red Hat that’s in the AUR. Just saying with all the headaches with Samba lately, you don’t hear anybody complaining about nfs.


#23

I thought so as I remembered this:
nobody:x:99:99:nobody:/:/usr/bin/nologin
It misled me. Sorry.

Disclaimer: The proposals are aimed on troubleshooting

OffTopic: How can I make this disclaimer as a permanent post signature? :yum:


#24

I even changed /var/lib/samba/usershare/ ownership to me:sambashare, permissions are drwxrwx-t, but Dolphin is still incapable of adding shares via its GUI (there was no problem before update).

My question is: If I run Dolphin, it runs as what user:group? I thought it will be me:me but now I’m confused. Something is blocking it.


#25

You need to add a -R so the changes propagate to the files in the folder as well

The folder has been assigned the wrong permissions at install. The folder is used for sensitive information and needs to be private to owner - which is the smb daemon user.


#26

It already had that property. Previously ownership was root:sambashare but inside, created shares belonged to me:sambashare.

Anyway, just to be sure I did again:

sudo chown -R michaldybczak:sambashare /var/lib/samba/usershare/
sudo chmod 700 -R /var/lib/samba/private/

Still no luck, Dolphin does squat.


#27

Out of luck then - :meh: :frowning_face:

If that don’t work - I don’t know


#28

Maybe is needed to restart the smb.service and nmb.service after doing those changes …


#29

Do you not know how to read?
You have to set the exec bit on your home folder to share from dolphin, period…

sudo chmod o+x /home/michaldybczak

or

sudo setfacl -m user:nobody:x /home/michaldybczak

#30

I did

sudo chmod o+x /home/michaldybczak

It didn’t seem to do anything, because Dolphin still is unable to write shares and my home was already with those permissions, just because I need to access it from test user sometimes (so we share groups so I could read/write).


#31

I did experiment. I changed in smb.conf:

usershare path = /home/michaldybczak/.sambashares

I created /home/michaldybczak/.sambashares and restarted smb and nmb. Dolphin still can’t remeber saves. I do belong to sambashere group.


#32

In that case change “usershare owner only = true” to “usershare owner only = false”.
This will remove the local limitation.
Also make sure you have the correct services running:

sudo systemctrl status smb nmb

Also that your test user is also in the sambashare group, and that the permissions on /var/lib/samba/usershare are correct.

Where your getting /var/lib/samba/private/ from?
You should never change the permissions on this folder.

I think at this point you may have foobared your smb.conf file, and/or all of your samba setup.


#33

Not sure what /var/lib/samba/private/ actually is for. This was only mentioned to change permissions after update (and I did) but I have no idea how it influences the rest.

My current smb.conf is:

[global]
   workgroup = WORKGROUP
   dns proxy = no
   log file = /var/log/samba/%m.log
   max log size = 1000
   client max protocol = NT1
   server role = standalone server
   passdb backend = tdbsam
   obey pam restrictions = yes
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
   pam password change = yes
   map to guest = bad user
   usershare allow guests = yes
   name resolve order = lmhosts bcast host wins
   security = user
   guest account = nobody
   usershare path = /var/lib/samba/usershare
   usershare max shares = 100
   usershare owner only = yes
   group = sambashare
   force create mode = 0070
   force directory mode = 0070
   unix extensions = no
   wide links = yes
   follow symlinks = yes
sudo systemctl status smb nmb
● smb.service - Samba SMB Daemon
   Loaded: loaded (/usr/lib/systemd/system/smb.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2018-05-08 19:54:23 CEST; 26s ago
     Docs: man:smbd(8)
           man:samba(7)
           man:smb.conf(5)
 Main PID: 9145 (smbd)
   Status: "smbd: ready to serve connections..."
    Tasks: 4 (limit: 4915)
   Memory: 8.9M
   CGroup: /system.slice/smb.service
           ├─9145 /usr/bin/smbd --foreground --no-process-group
           ├─9147 /usr/bin/smbd --foreground --no-process-group
           ├─9148 /usr/bin/smbd --foreground --no-process-group
           └─9149 /usr/bin/smbd --foreground --no-process-group

maj 08 19:54:23 alienware-PC systemd[1]: Starting Samba SMB Daemon...
maj 08 19:54:23 alienware-PC smbd[9145]: [2018/05/08 19:54:23.278356,  0] ../lib/util/become_daemon.c:138(daemon_ready)
maj 08 19:54:23 alienware-PC smbd[9145]:   daemon_ready: STATUS=daemon 'smbd' finished starting up and ready to serve connections
maj 08 19:54:23 alienware-PC systemd[1]: Started Samba SMB Daemon.

● nmb.service - Samba NMB Daemon
   Loaded: loaded (/usr/lib/systemd/system/nmb.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2018-05-08 19:54:18 CEST; 31s ago
     Docs: man:nmbd(8)
           man:samba(7)
           man:smb.conf(5)
 Main PID: 8958 (nmbd)
   Status: "nmbd: ready to serve connections..."
    Tasks: 1 (limit: 4915)
   Memory: 2.9M
   CGroup: /system.slice/nmb.service
           └─8958 /usr/bin/nmbd --foreground --no-process-group

maj 08 19:54:18 alienware-PC systemd[1]: Starting Samba NMB Daemon...
maj 08 19:54:18 alienware-PC nmbd[8958]: [2018/05/08 19:54:18.190484,  0] ../lib/util/become_daemon.c:138(daemon_ready)
maj 08 19:54:18 alienware-PC nmbd[8958]:   daemon_ready: STATUS=daemon 'nmbd' finished starting up and ready to serve connections
maj 08 19:54:18 alienware-PC systemd[1]: Started Samba NMB Daemon.

#34

Looks good so far.
First, change map to guest = bad user to map to guest = bad password
Second, remove:

unix extensions = no
wide links = yes
follow symlinks = yes

and add in it’s place:

name resolve order = lmhosts bcast host wins

Third, where is the rest of your smb.conf file?

[homes]
comment = Home Directories
browseable = no
read only = yes
create mask = 0700
directory mask = 0700
valid users = %S

[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = no
read only = yes
create mask = 0700

[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no

Last, but most important, let’s try to fix your permissions and ownerships, shall we?

sudo chown -R root:sambashare /var/lib/samba/usershare
sudo chmod 1770  /var/lib/samba/usershare
sudo chgrp sambashare var/lib/samba/usershare
sudo chmod 755 /var/lib/samba/private
sudo systemctl restart smb nmb

#35

Thanks for helping me @AJSlye.
OK, I did it all. So my smb.conf is:

[global]
   workgroup = WORKGROUP
   dns proxy = no
   log file = /var/log/samba/%m.log
   max log size = 1000
   client max protocol = NT1
   server role = standalone server
   passdb backend = tdbsam
   obey pam restrictions = yes
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
   pam password change = yes
   map to guest = bad password
   usershare allow guests = yes
   name resolve order = lmhosts bcast host wins
   security = user
   guest account = nobody
   usershare path = /var/lib/samba/usershare
   usershare max shares = 100
   usershare owner only = yes
   group = sambashare
   force create mode = 0070
   force directory mode = 0070
   name resolve order = lmhosts bcast host wins
   
[homes]
comment = Home Directories
browseable = no
read only = yes
create mask = 0700
directory mask = 0700
valid users = %S

[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = no
read only = yes
create mask = 0700

[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no

And I run the commands you gave me.

To be on safer side, I edited conf in nano and rebooted whole system. Still, Dolphin samba sharing isn’t happening. I so wanted to mark that “solved” button… :wink: I know that if I put sambashares manually they would show up, but that’s not the point. Dolphin sambasharing worked well before update.

Also, I have a question: I previously deleted the Homes and Print part, as I thought this is just to provide some blueprints if I wanted to have shares within conf. I know it works because in my very old samba setting I added shares to conf manually. So are such lines not contradictory to what is in /var/lib/usershare ?

I start to wonder, is there maybe a regression in Dolphin that screws this with samba? We would need it for sure to file a bug. Unfortunately, the update was not just Plasma and KDE programs but also a big samba update so it’s hard to figure out what went wrong and where.

Also, is Dolphin GUI sambasharing working for you guys after this update? I’m not talking about existing shares but creating new ones.

EDIT: I did put one of the old shares and it showed up on network and I still needed root credentials. So we are dealing here with 2 problems:

1. Dolphin is not creating shares
2. Shares are requiring root credentials despite everything set to guest passwordless access.


#36

No, that [HOMES] config I put in there is for allowing users to share from within their own home directories, provided they set them up properly.

Make sure that you have not changed the owner or permission for any other folders under /var/lib/samba/ or for /var/lib/samba/ itself. They should all be 755 except usershare.

Also have you tried logging into samba using your credentials first?

I don’t usually use samba at home, but I’ll check at the office tomorrow morning.

PS, Samba has always been a PITA TBH… I switched to using nfs at home years ago, but then I haven’t run windows in my home since 1998…


#37

Hey guys, I just had a thought. I’m not sure, but I think I read somewhere that the last update had introduced a bug in Pam. Is it possible that might be interfering with authentication.


#38

If you can find the link to that, it would be helpful.


#39

I’ll try. It’s just that I read so many links in a day it might be like trying to find a needle in a haystack.


#40

So is that issue reproducible for others? It would be good to know if I messed something or is it more general problem.

It’s more complicated then that in my case but I think it’s correct. Here are my permissions:

Of course /var/lib/samba/ is 755.