A little Samba help please
Paul Howarth
paul at city-fan.org
Sun Mar 26 12:56:35 UTC 2006
On Sat, 2006-03-25 at 21:39 -0700, Craig White wrote:
> On Sat, 2006-03-25 at 18:14 -0800, Knute Johnson wrote:
> > I've been trying to get Samba to work for a long time and I think I'm
> > close now. I can see my network from Linux with only one small
> > issue. Sometimes the first time I try to open a share with Nautilus
> > (is is still Nautilus in FC5?) it give me an error message that I
> > might not have permission. The next time I try it it opens just
> > fine. It isn't all shares, just some that do that. They are all
> > Windows shares though.
> >
> > My real problem is seeing my Linux shares on the Windows box. They
> > show up in the My Network Places but when I try to open them I get
> > KJLAPTOP\share is not accessible ... Access Denied. This problem was
> > with directories I created. If I share /usr/share for example I can
> > see it just fine. I've played with setting the SELinux context with
> > chcon but I got nowhere. What is different about a directory I
> > create and one that is already there?
> >
> > I have my Samba server settings configured for Authentication Mode =
> > Share, Encrypt Passwords = Yes, Guest Account = No Guest Account, and
> > the only Samba user is nobody. That doesn't seem to matter anyway.
> > The Share is configured as Writable, Visible and Allow Access to
> > everyone. The ports are open.
> >
> > It works when I use a directory that was already there but not with a
> > directory I create. I want to create a directory in /var. Anybody
> > got any ideas?
> >
> > My system is recent FC5 upgrade from FC4. No other problems seen.
> ----
> I typically only use samba as a domain controller or member server -
> which means that I never use 'security = share' which is somewhat of a
> legacy mode Windows file share - meant to mimic the sharing methodology
> employed by Windows 95/98 where there isn't really a user involved.
>
> You are creating issues with SELinux running and I can't help with FC-5
> since I haven't gone there but on FC-4, I probably could have helped.
> Obviously, you are going to see avc denied messages pertaining to samba
> trying to share directories that don't have the proper context.
>
> My thoughts are that you shouldn't share /usr/share directory via samba
> - I can't think of a single logical reason to do that. I have shared
> things out of /var like /var/www/html via samba and that is workable and
> obviously, you can create your own directories in /var tree and only
> need to fix the selinux contexts again to permit it. I would suggest
> that you post your selinux errors - here or on the fedora-selinux list
> (better) because here, the only likely help you will get is Paul Horwath
> at this point.
>
> Anyway, I typically have all my samba shares in the /home tree, for
> example:
>
> /home/filessystems
> /home/filessystems/samba
> /home/filessystems/samba/netlogon
> /home/filessystems/samba/shared_files
> /home/filessystems/samba/profiles
> /home/filessystems/samba/homes
>
> and I can pretty much avoid the selinux issues.
First step in diagnosing whether or not a problem is SELinux is to try:
# setenforce 0
If the problem goes away then it's SELinux. If not, look elsewhere for
the problem.
Paul.
More information about the fedora-list
mailing list