Jump to content
guru79

Problem Z Konfiguracją Samby Fc21.

Recommended Posts

Witam.

Po instalacji FC21 mam problem z sambą, a w zasadzie prawami do katalogów.

Mogę wejść w katalog ale za żadne chiny nie mogę do niego nic zapisać.

Dostęp do folderu oczywiście po podaniu nazwu użytkownika i hasła.

Oto kod, jeśli ktoś może coś doradzić bardzo proszę:


#======================= Global Settings =====================================

[global]



        workgroup = WORKGROUP
        server string = Samba Linux Serwer %v

        netbios name = serlinux

#       interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
#       hosts allow = 127. 192.168.12. 192.168.13.

;       max protocol = SMB2

# --------------------------- Logging Options -----------------------------


        # log files split per-machine:
        log file = /var/log/samba/log.%m
        # maximum size of 50KB per log file, then rotate:
        max log size = 50

# ----------------------- Standalone Server Options ------------------------
#

        security = user
        passdb backend = tdbsam


# ----------------------- Domain Members Options ------------------------
#
# security = must be set to domain or ads.
# Use "password server = *" to automatically locate Domain Controllers.

;       security = domain
;       passdb backend = tdbsam
;       realm = MY_REALM

;       password server = <NT-Server-Name>

# ----------------------- Domain Controller Options ------------------------

#
#
;       security = user
;       passdb backend = tdbsam

;       domain master = yes
;       domain logons = yes

        # the following login script name is determined by the machine name
        # (%m):
;       logon script = %m.bat
        # the following login script name is determined by the UNIX user used:
;       logon script = %u.bat
;       logon path = \\%L\Profiles\%u
        # use an empty path to disable profile support:
;       logon path =

        # various scripts can be used on a domain controller or a stand-alone
        # machine to add or delete corresponding UNIX accounts:

;       add user script = /usr/sbin/useradd "%u" -n -g users
;       add group script = /usr/sbin/groupadd "%g"
;       add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"
;       delete user script = /usr/sbin/userdel "%u"
;       delete user from group script = /usr/sbin/userdel "%u" "%g"
;       delete group script = /usr/sbin/groupdel "%g"


# ----------------------- Browser Control Options ----------------------------

;       local master = no
;       os level = 33
;       preferred master = yes

#----------------------------- Name Resolution -------------------------------

;       wins support = yes
;       wins server = w.x.y.z
;       wins proxy = yes

;       dns proxy = yes

# --------------------------- Printing Options -----------------------------

        load printers = yes
        cups options = raw

;       printcap name = /etc/printcap
        # obtain a list of printers automatically on UNIX System V systems:
;       printcap name = lpstat
;       printing = cups

# --------------------------- File System Options ---------------------------

;       map archive = no
;       map hidden = no
;       map read only = no
;       map system = no
;       store dos attributes = yes


#============================ Share Definitions ==============================

[homes]
        comment = Home Directories
        browseable = no
        writable = yes
;       valid users = %S
;       valid users = MYDOMAIN\%S

[printers]
        comment = All Printers
        path = /var/spool/samba
        browseable = no
        guest ok = no
        writable = no
        printable = yes

# Un-comment the following and create the netlogon directory for Domain Logons:
;       [netlogon]
;       comment = Network Logon Service
;       path = /var/lib/samba/netlogon
;       guest ok = yes
;       writable = no
;       share modes = no

# Un-comment the following to provide a specific roving profile share.
# The default is to use the user's home directory:
;       [Profiles]
;       path = /var/lib/samba/profiles
;       browseable = no
;       guest ok = yes

# A publicly accessible directory that is read only, except for users in the
# "staff" group (which have write permissions):
        [public]
        comment = Dysk Publiczny
        path = /home/samba
        public = yes
        writable = yes
        printable = no
        read only = no
        write list = +staff
        create mask = 0770
        force create mode = 0770
        directory mask = 0770
        force directory mode = 0770

        [windykacja]
        comment = Folder Prywatne
        path = /home/prywatne
        writable = yes
        public = no
        #user = prywatne
        #group = prywatne
        create mask = 0640
        directory mask = 0750
        available = yes
        valid users = prywatne

Share this post


Link to post
Share on other sites

Mało danych.

1. Użytkownicy w sambie dodani?

2. Używasz SELinuxa?

3. Jakie prawa i przynależność ma katalog?

4. Używasz SGIDa?

5. Co pokazuje systemctl status smb i nmb?

6. Co na to logi?

Share this post


Link to post
Share on other sites

1. Tak. Użytkownik lokalny dodany + użytkownik w sambie również. Hasło i login przyjmuje jak chcemy z sieci wejść na folder.

2. Chyba nie: 3.17.4-301.fc21.i686+PAE
3. 777 + przynależność do użytkownika prywatne i grupy prywatne

4. Nie.

5.

smb:

systemctl status smb
● smb.service - Samba SMB Daemon
   Loaded: loaded (/usr/lib/systemd/system/smb.service; disabled)
   Active: active (running) since pon 2015-01-19 11:37:06 CET; 1 weeks 1 days ago
 Main PID: 25472 (smbd)
   Status: "smbd: ready to serve connections..."
   CGroup: /system.slice/smb.service
           ├─25472 /usr/sbin/smbd
           └─25473 /usr/sbin/smbd

sty 19 11:37:06 localhost.localdomain smbd[25471]: [2015/01/19 11:37:06.71801...
sty 19 11:37:06 localhost.localdomain smbd[25471]: standard input is not a so...
sty 19 11:37:06 localhost.localdomain smbd[25472]: [2015/01/19 11:37:06.72607...
Hint: Some lines were ellipsized, use -l to show in full.

nmb:

systemctl status nmb
● nmb.service - Samba NMB Daemon
   Loaded: loaded (/usr/lib/systemd/system/nmb.service; disabled)
   Active: active (running) since śro 2015-01-14 08:59:32 CET; 1 weeks 6 days ago
 Main PID: 10108 (nmbd)
   Status: "nmbd: ready to serve connections..."
   CGroup: /system.slice/nmb.service
           └─10108 /usr/sbin/nmbd

sty 27 09:02:59 localhost.localdomain nmbd[10108]: [2015/01/27 09:02:59.18678...
sty 27 09:02:59 localhost.localdomain nmbd[10108]: process_get_backup_list_re...
sty 27 09:22:06 localhost.localdomain nmbd[10108]: [2015/01/27 09:22:06.96784...
sty 27 09:22:06 localhost.localdomain nmbd[10108]: process_get_backup_list_re...
sty 27 10:19:50 localhost.localdomain nmbd[10108]: [2015/01/27 10:19:50.92509...
sty 27 10:19:50 localhost.localdomain nmbd[10108]: process_get_backup_list_re...
sty 27 11:12:03 localhost.localdomain nmbd[10108]: [2015/01/27 11:12:03.32019...
sty 27 11:12:03 localhost.localdomain nmbd[10108]: process_get_backup_list_re...
sty 27 11:57:49 localhost.localdomain nmbd[10108]: [2015/01/27 11:57:49.16452...
sty 27 11:57:49 localhost.localdomain nmbd[10108]: process_get_backup_list_re...
Hint: Some lines were ellipsized, use -l to show in full.

Share this post


Link to post
Share on other sites

Ad.2. jądro nie ma znaczenia. Pokaż:

grep SELINUX= /etc/selinux/config | grep -v \#

Share this post


Link to post
Share on other sites

albo łatwiej:

getenforce

Z drugiej strony skoro jest 777 i nie da się zapisać, to stawiam na SELinuxa, bo w sumie każdy ma prawa zapisu (co samo w sobie jest bez sensu) i już chyba tylko SELinux może zabraniać.

Jak to sprawdzisz i nadal nie będzie działało, to podzielę się swoją konfiguracją.

Share this post


Link to post
Share on other sites

Wynik z :grep SELINUX= /etc/selinux/config | grep -v \#

SELINUX=enforcing

Wyłączyłem SE, i jest OK, tak jak ma być...

Podpowiedźcie mi proszę jeszcze jak na stałe albo wyłączyć firewalla (co pewnie nie jest polecane) albo dokonać zmian żeby wpuszczał po sambie do katalogu.

Jak wyłącze firewalla: systemctl stop firewalld.service

 Wpuszcza na serwer jak nie to nie :(

Share this post


Link to post
Share on other sites

Nie używam firewalld, a iptables.

Możesz firewalld skonfigurować graficznie:

firewall-config

Lub z konsoli (wpisując swoją sieć w miejsce podanej):

firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.56.0/24" service name="samba" log prefix="samba" level="info" limit value="1/m" accept'

Nie testowałem, bo jak pisałem nie używam tego firewalla.

 

I to 777 zmień :).

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×