# ----------------------- Network Related Options
-------------------------
#
# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
#
# server string is the equivalent of the NT Description field
#
# netbios name can be used to specify a server name not tied to the
hostname
#
# Interfaces lets you configure Samba to use multiple interfaces
# If you have multiple network interfaces then you can list the ones
# you want to listen on (never omit localhost)
#
# Hosts Allow/Hosts Deny lets you restrict who can connect, and you can
# specifiy it as a per share option as well
#
; netbios name = MYSERVER
; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
; hosts allow = 127. 192.168.12. 192.168.13.
# --------------------------- Logging Options
-----------------------------
#
# Log File let you specify where to put logs and how to split them up.
#
# Max Log Size let you specify the max size log files should reach
# logs split per machine
; log file = /var/log/samba/%m.log
# max 50KB per log file, then rotate
; max log size = 50
# ----------------------- Standalone Server Options
------------------------
#
# Security can be set to user, share(deprecated) or server(deprecated)
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
# ----------------------- Domain Members Options ------------------------
#
# Security must be set to domain or ads
#
# Use the realm option only with security = ads
# Specifies the Active Directory realm the host is part of
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
#
# Use password server option only with security = server or if you can't
# use the DNS to locate Domain Controllers
# The argument list may include:
# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
# or to auto-locate the domain controller/s
# password server = *
; security = domain
; passdb backend = tdbsam
; realm = MY_REALM
; password server = <NT-Server-Name>
# ----------------------- Domain Controller Options
------------------------
#
# Security must be set to user for domain controllers
#
# Backend to store user information in. New installations should
# use either tdbsam or ldapsam. smbpasswd is available for backwards
# compatibility. tdbsam requires no further configuration.
#
# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
#
# Domain Logons let Samba be a domain logon server for Windows
workstations.
#
# Logon Scrpit let yuou specify a script to be run at login time on
the client
# You need to provide it in a share called NETLOGON
#
# Logon Path let you specify where user profiles are stored (UNC path)
#
# Various scripts can be used on a domain controller or stand-alone
# machine to add or delete corresponding unix accounts
#
; security = user
; passdb backend = tdbsam
; domain master = yes
; domain logons = yes
# the login script name depends on the machine name
; logon script = %m.bat
# the login script name depends on the unix user used
; logon script = %u.bat
; logon path = \\%L\Profiles\%u
# disables profiles support by specifing an empty path
; logon path =
; add user script = /usr/sbin/useradd "%u" -n -g users
; add group script = /usr/sbin/groupadd "%g"
; add machine script = /usr/sbin/useradd -n -c "Workstation
(%u)" -M -d /nohome -s /bin/false "%u"
; delete user script = /usr/sbin/userdel "%u"
; delete user from group script = /usr/sbin/userdel "%u" "%g"
; delete group script = /usr/sbin/groupdel "%g"
# ----------------------- Browser Control Options
----------------------------
#
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
#
# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
#
# Preferred Master causes Samba to force a local browser election on
startup
# and gives it a slightly higher chance of winning the election
; local master = no
; os level = 33
; preferred master = yes
#----------------------------- Name Resolution
-------------------------------
# Windows Internet Name Serving Support Section:
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
#
# - WINS Support: Tells the NMBD component of Samba to enable it's
WINS Server
#
# - WINS Server: Tells the NMBD components of Samba to be a WINS Client
#
# - WINS Proxy: Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one WINS Server on the network. The default is NO.
#
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups.
; wins support = yes
; wins server = w.x.y.z
; wins proxy = yes
; dns proxy = yes
# --------------------------- Printing Options
-----------------------------
#
# Load Printers let you load automatically the list of printers rather
# than setting them up individually
#
# Cups Options let you pass the cups libs custom options, setting it
to raw
# for example will let you use drivers on your Windows clients
#
# Printcap Name let you specify an alternative printcap file
#
# You can choose a non default printing system using the Printing option
; printcap name = /etc/printcap
#obtain list of printers automatically on SystemV
; printcap name = lpstat
; printing = cups
# --------------------------- Filesystem Options
---------------------------
#
# The following options can be uncommented if the filesystem supports
# Extended Attributes and they are enabled (usually by the mount option
# user_xattr). Thess options will let the admin store the DOS attributes
# in an EA and make samba not mess with the permission bits.
#
# Note: these options can also be set just per share, setting them in
global
# makes them the default for all shares
; map archive = no
; map hidden = no
; map read only = no
; map system = no
; store dos attributes = yes
#============================ Share Definitions
==============================
[data]
writeable = yes
path = /data
[CDPA]
force create mode = 777
valid users =
kend,joye,susanh,wendyh,nicoleg,jilll,caseyf,sheilal,elvirat,jont,jennd,christia,rossl
writeable = yes
create mode = 777
path = /data/CDPA
force directory mode = 777
directory mode = 777
[Data]
force create mode = 777
valid users = kend,stacys,rondaw,luser
writeable = yes
create mode = 777
path = /data/Data
force directory mode = 777
directory mode = 777
[NHTD RRDC]
writeable = yes
path = /data/NHTD RRDC
write list = kend,laurao,daenaa,danettem
force directory mode = 777
force create mode = 777
valid users =
kend,laurao,daenaa,danettem,brookea,rondaw,loriw,jont,ellenr
create mode = 777
directory mode = 777
[Public]
force create mode = 777
writeable = yes
create mode = 777
path = /data/Public
force directory mode = 777
directory mode = 777
invalid users = guest
Could you post a copy of your /etc/samba/smb.conf file, or post the
full output of [ testparm -v ], without the brackets, from the
command line?
The -v option lists everything including defaults.
Try to connect your Mac user to samba using smbclient. I'm running
samba locally and can connect to samba from 192.168.1.109 using the
following command:
$ smbclient -L 192.168.1.78 --user=leland
After typing the above into a command line, I'm prompted for a
password. After entering the password, I can connect.
Make sure you have all necessary samba programs install on the Mac.
Make sure the Mac user has been properly added to the your Linux
samba server, and his samba password setup. The following link
explains how:
http://www.cyberciti.biz/faq/adding-a-user-to-a-samba-smb-share/
Make sure the samba ports 137, 138, and 139 are not blocked by any
firewalls.
Make sure your smb.conf file give read/write permissions to the
share, (eg read only = no).
The following link may also help:
https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/problems.html
Regards,
LelandJ
On 03/11/2014 02:02 PM, Leland F Jackson wrote:
Could you post a copy of your /etc/samba/smb.conf file, or post the
full output of [ testparm -v ], without the brackets, from the
command line? The -v option list everything including defaults.
Try to connect your Mac user to samba using smbclient. I'm running
samba locally and can connect to samba from 192.168.1.109 using the
following command:
smbclient -L 192.168.1.78 --user=leland
After typing the above into a command line, I'm prompted for a
password, and able to connect after entering it. The password must
be enter into the samba server using the
Make sure you have samba install on the Mac.
Make sure the Mac samba user has been properly added with samba
password.
http://www.cyberciti.biz/faq/adding-a-user-to-a-samba-smb-share/
Make sure the samba ports 137, 138, and 139 and not blocked by any
firewalls.
Regards,
LelandJ
On 03/11/2014 10:11 AM, Ken Dibble wrote:
A gray share means that the user is already connected, most likely
with his default account.
Thanks Christof.
"Default account"? I am not familiar with Macs, but the user is not
logging into his local machine with the domain user account I am
referring to. He has his own local account for the Mac. I don't see
how the Mac would automatically know his domain user account
credentials in order to connect to a network share. However, he is
clearly not connected to the share I want him to access.
The user can see all machines on the network.
The user can see all the share folders on the CentOS file server.
Sometimes the Mac indicates the user is connected to the file
server as "Guest", and sometimes it does not. Clearly there are
bugs in this interface. However, whether or not a successful
connection is indicated, the user has no access to the contents of
the share I want him to have. Being "allegedly" connected as
"Guest" no longer confers access since changes were made to the
file server to disallow guest access.
From the Network list, the Mac user can click on the share folder
on the server and press "Connect As..." and get a dialog to present
his credentials today (yesterday this wouldn't work). He can then
enter the domain user credentials to log into the share, but the
Mac won't accept them. The dialog box shakes back and forth and
nothing happens.
As I mentioned, I know these credentials are correct because they
work for the internal email being served by the SAMBA 3 domain
controller.
It has been suggested that these problems may be due to bugs in SMB2.
If you have any further thoughts I would be most appreciative.
Thanks.
Ken Dibble
www.stic-cil.org
