[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: A little Samba help please



On Sat, 2006-03-25 at 21:39 -0700, Craig White wrote:
> On Sat, 2006-03-25 at 18:14 -0800, Knute Johnson wrote:
> > I've been trying to get Samba to work for a long time and I think I'm 
> > close now.  I can see my network from Linux with only one small 
> > issue.  Sometimes the first time I try to open a share with Nautilus 
> > (is is still Nautilus in FC5?) it give me an error message that I 
> > might not have permission.  The next time I try it it opens just 
> > fine.  It isn't all shares, just some that do that.  They are all 
> > Windows shares though.
> > 
> > My real problem is seeing my Linux shares on the Windows box.  They 
> > show up in the My Network Places but when I try to open them I get 
> > KJLAPTOP\share is not accessible ... Access Denied.  This problem was 
> > with directories I created.  If I share /usr/share for example I can 
> > see it just fine.  I've played with setting the SELinux context with 
> > chcon but I got nowhere.  What is different about a directory I 
> > create and one that is already there?
> > 
> > I have my Samba server settings configured for Authentication Mode = 
> > Share, Encrypt Passwords = Yes, Guest Account = No Guest Account, and 
> > the only Samba user is nobody.  That doesn't seem to matter anyway.  
> > The Share is configured as Writable, Visible and Allow Access to 
> > everyone.  The ports are open.
> > 
> > It works when I use a directory that was already there but not with a 
> > directory I create.  I want to create a directory in /var.  Anybody 
> > got any ideas?
> > 
> > My system is recent FC5 upgrade from FC4.  No other problems seen.
> ----
> I typically only use samba as a domain controller or member server -
> which means that I never use 'security = share' which is somewhat of a
> legacy mode Windows file share - meant to mimic the sharing methodology
> employed by Windows 95/98 where there isn't really a user involved.
> 
> You are creating issues with SELinux running and I can't help with FC-5
> since I haven't gone there but on FC-4, I probably could have helped.
> Obviously, you are going to see avc denied messages pertaining to samba
> trying to share directories that don't have the proper context.
> 
> My thoughts are that you shouldn't share /usr/share directory via samba
> - I can't think of a single logical reason to do that. I have shared
> things out of /var like /var/www/html via samba and that is workable and
> obviously, you can create your own directories in /var tree and only
> need to fix the selinux contexts again to permit it. I would suggest
> that you post your selinux errors - here or on the fedora-selinux list
> (better) because here, the only likely help you will get is Paul Horwath
> at this point.
> 
> Anyway, I typically have all my samba shares in the /home tree, for
> example:
> 
> /home/filessystems
> /home/filessystems/samba
> /home/filessystems/samba/netlogon
> /home/filessystems/samba/shared_files
> /home/filessystems/samba/profiles
> /home/filessystems/samba/homes
> 
> and I can pretty much avoid the selinux issues.

First step in diagnosing whether or not a problem is SELinux is to try:

# setenforce 0

If the problem goes away then it's SELinux. If not, look elsewhere for
the problem.

Paul.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]