Samba selectively connecting to shares
Justin W
jlist at jdjlab.com
Fri May 4 12:52:20 UTC 2007
Simon Slater wrote:
> G'day all,
> I am just setting up Samba on FC6 and am running into a strange
> problem - from both the Linux and windows (98) sides there is access to
> the home directory share, but not the /pub directory nor printer. I
> have read everything I could lay my hands on in the last couple of days,
> but still cannot figure it out. If someone can help, here are the
> details:
>
> - smb.conf [snipped of comments]
>
> [global]
>
> # workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
> workgroup = MYGROUP
>
> # server string is the equivalent of the NT Description field
> server string = Samba Server on Ipex
>
> # Security mode. Defines in which mode Samba will operate. Possible
> # values are share, user, server, domain and ads. Most people will want
> # user level security. See the Samba-HOWTO-Collection for details.
> security = user
>
> # This option is important for security. It allows you to restrict
> # connections to machines which are on your local network. The
> # following example restricts access to two C class networks and
> # the "loopback" interface. For more examples of the syntax see
> # the smb.conf man page
> hosts allow = 192.168.0. 127.
>
> # If you want to automatically load your printer list rather
> # than setting them up individually then you'll need this
> load printers = yes
>
> # It should not be necessary to specify the print system type unless
> # it is non-standard. Currently supported print systems include:
> # bsd, cups, sysv, plp, lprng, aix, hpux, qnx
> printing = cups
>
> # This option tells cups that the data has already been rasterized
> cups options = raw
>
> # this tells Samba to use a separate log file for each machine
> # that connects
> log file = /var/log/samba/%m.log
>
> # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
> # via DNS nslookups. The default is NO.
> dns proxy = no
> restrict anonymous = no
> domain master = no
> preferred master = no
> max protocol = NT
> acl compatibility = winnt
> ldap ssl = No
> server signing = Auto
>
> [homes]
> comment = Home Directories
> read only = no
> case sensitive = no
> strict locking = no
> msdfs proxy = no
> browseable = no
>
> [printers]
> comment = All Printers
> path = /usr/spool/samba
> # Set public = yes to allow user 'guest account' to print
> browseable = no
> printable = yes
>
> [pub]
> path = /pub
> guest ok = yes
> browseable = yes
> public = yes
> read only = no
> writeable = yes
> case sensitive = no
> strict locking = no
> msdfs proxy = no
> comment = Public Files
>
> [simon]
> comment = Simon's Home on Ipex
> path = /home/simon
> guest ok = no
> read only = no
>
> Attempts to access /home/simon followed by /pub then the printer to
> print a test page from the windows side gives:
> - /var/log/messages:
>
> May 4 15:24:20 Ipex kernel: audit(1178256260.821:137): avc: denied
> { getattr } for pid=31602 comm="smbd" name="WtLoss.ods" dev=dm-0
> ino=1302342 scontext=root:system_r:smbd_t:s0
> tcontext=user_u:object_r:user_home_dir_t:s0 tclass=file
> May 4 15:24:20 Ipex kernel: audit(1178256260.821:138): avc: denied
> { getattr } for pid=31602 comm="smbd" name="WtLoss.ods" dev=dm-0
> ino=1302342 scontext=root:system_r:smbd_t:s0
> tcontext=user_u:object_r:user_home_dir_t:s0 tclass=file
> May 4 15:24:20 Ipex kernel: audit(1178256260.881:139): avc: denied
> { getattr } for pid=31602 comm="smbd" name=".recently-used" dev=dm-0
> ino=1302406 scontext=root:system_r:smbd_t:s0
> tcontext=user_u:object_r:user_home_dir_t:s0 tclass=file
> May 4 15:24:20 Ipex kernel: audit(1178256260.882:140): avc: denied
> { getattr } for pid=31602 comm="smbd" name=".recently-used" dev=dm-0
> ino=1302406 scontext=root:system_r:smbd_t:s0
> tcontext=user_u:object_r:user_home_dir_t:s0 tclass=file
> May 4 15:24:55 Ipex smbd[31602]: [2007/05/04 15:24:55, 0]
> smbd/service.c:make_connection_snum(911)
> May 4 15:24:55 Ipex smbd[31602]: '/usr/spool/samba' does not exist or
> permission denied when connecting to [LexmarkLaser] Error was No such
> file or directory
> May 4 15:26:57 Ipex smbd[31641]: [2007/05/04 15:26:57, 0]
> lib/util_sock.c:read_data(534)
> May 4 15:26:57 Ipex smbd[31641]: read_data: read failure for 4 bytes
> to client 192.168.0.3. Error = Connection reset by peer
>
>
> - /var/log/samba/toshiba.log
>
> [2007/05/04 15:24:20, 1] smbd/service.c:make_connection_snum(941)
> toshiba (192.168.0.2) signed connect to service simon initially as
> user simon (uid=500, gid=500) (pid 31602)
> [2007/05/04 15:24:55, 0] smbd/service.c:make_connection_snum(911)
> '/usr/spool/samba' does not exist or permission denied when connecting
> to [LexmarkLaser] Error was No such file or directory
>
>
> Between these 2 entries was an attempt to connect to /pub share but
> nothing logged.
>
> net use x:\\Ipex\pub returns Error 67. Everything else from the Samba
> Checklist checks out. Windows error messages are "not accessible".
> Access from Konqueror gives an error of "does not exist".
>
> I am totally flummoxed. Can anyone shed some light?
>
> Thanks
> Simon Slater
>
>
It looks like an selinux problem to me. Try relabling your directories
to allow samba to access them. If you only need samba to access them,
then the first line following will do, but if it needs to be shared with
other services like apache or NFS, then the second group of following
lines is what is needed.
chcon -R -t samba_share_t /pub
or
setsebool -P allow_smbd_anon_write=1
chcon -R -t public_content_rw_t /pub
I hope this helps you.
Justin
More information about the fedora-list
mailing list