I have a Samba related problem.
I have a successful samba server set up on my home server. Unfortunately only my account can access the shares when force user is not set to my account (server). I cannot understand why the other user cannot access my share "Vector_Public" when I haven't set "force user = server". Do you have any ideas to what might cause this? I'm a Samba noob so please if I've misunderstood any of the settings:
[Vector_Public]
comment = Vector public share
read only = no
path = /media/Storage/Public
guest ok = no
force user = server
force group = storage_public
create mask = 0770
directory mask = 0770
security mask = 0770
force create mode = 0770
force directory mode = 0770
valid users = server storage_share
browseable = yes
writeable = yes
vfs objects = recycle
recycle:repository = .deleted/%U
recycle:keeptree = yes
recycle:touch = yes
recycle:versions = yes
recycle:maxsize = 0
[Vector_Private]
comment = Vector private share (Niklas)
read only = no
path = /media/Storage/Private
guest ok = no
force user = server
force group = server
create mask = 0770
directory mask = 0770
security mask = 0770
force create mode = 0770
force directory mode = 0770
valid users = server
browseable = yes
writeable = yes
vfs objects = recycle
recycle:repository = .deleted/%U
recycle:keeptree = yes
recycle:touch = yes
recycle:versions = yes
recycle:maxsize = 0
The permissions on the two directories are:
drwx------ 6 server server 4096 2011-10-05 20:40 Private
drwxrwx--- 5 server storage_public 4096 2011-10-05 20:28 Public
It's the directory Public that I have this problem on.
Apparently none of the settings under the share Vector_Public changes this behaviour so it must be because of some other setting, these are all the other settings in my config:
workgroup = ROSENQVIST
server string = %h server (Samba, Ubuntu)
# wins support = no
; wins server = w.x.y.z
dns proxy = no
; name resolve order = lmhosts host wins bcast
; interfaces = 127.0.0.0/8 eth0
; bind interfaces only = yes
log file = /var/log/samba/log.%m
max log size = 1000
# syslog only = no
syslog = 0
panic action = /usr/share/samba/panic-action %d
security = user
# 'encrypt passwords' in the smb.conf(5) manpage before enabling.
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
; domain logons = yes
; logon path = \\%N\profiles\%U
# logon path = \\%N\%U\profile
; logon drive = H:
# logon home = \\%N\%U
; logon script = logon.cmd
; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u
; add group script = /usr/sbin/addgroup --force-badname %g
; printing = bsd
; printcap name = /etc/printcap
; printing = cups
; printcap name = cups
; include = /home/samba/etc/smb.conf.%m
; idmap uid = 10000-20000
; idmap gid = 10000-20000
; template shell = /bin/bash
; winbind enum groups = yes
; winbind enum users = yes
; usershare max shares = 100
usershare allow guests = no
Any ideas what I should do? (please also check the new comments)
Additionally, how do I know if my network have WINS server support?
The problem was because of an issue with flow of permissions. Everything worked when I changed the parent directory's (to the directories that were shared) permissions to allow reading for other users.
Your public folder only provides access to users who are either "server" or are in the group "storage_public". If you don't use "force user" and allow anonymous access then the share is probably accessed with the user nobody, which is not in "storage_public".
You probably want to change the permissions of your Public folder to "drwxrwxr-x", which would make it possible for Samba users to read from but not write to the Public folder.
To do this, use "chmod o+rX Public"
With regard to WINS:
It's not your network that has WINS support, but individual servers that can provide it. You can enable wins support in a particular server by setting "wins support = yes".