SAMBA and WINDOWS 10

Issues related to configuring your network
wp.rauchholz
Posts: 46
Joined: 2016/11/20 11:58:45

SAMBA and WINDOWS 10

Postby wp.rauchholz » 2017/11/23 17:26:27

I just upgraded my PC to W10.
Probably a stupid question: what is the username/password combination I need to enter? I am not able to access. Ialways get he answer that the username/password is wrong.
I tried linux username/password (linux password and windows password), W10 computername/share owner / password (linux and windows). Nothing works

Wolfgang

poky
Posts: 86
Joined: 2013/03/27 12:18:03

Re: SAMBA and WINDOWS 10

Postby poky » 2017/11/23 19:26:11

Windows 10:
Run > Secpol.msc
Set Local Policies > Security Options > Network Security: LAN Manager authentication level to 'Send NTLMv2 response only. Refuse LM & NTLM'

wp.rauchholz
Posts: 46
Joined: 2016/11/20 11:58:45

Re: SAMBA and WINDOWS 10

Postby wp.rauchholz » 2017/11/24 16:19:49

I just checked. This is the current setting.
I checked in /var/log/samba. There is no error messaage

Other ideas?

wp.rauchholz
Posts: 46
Joined: 2016/11/20 11:58:45

Re: SAMBA and WINDOWS 10

Postby wp.rauchholz » 2017/11/28 16:12:01

Still not solved. Can'd find anything on the web.
I do see my [home] share form my laptop, but I still cannot sign it.
Is there something wrong with the permission?
drwx-----x. 16 wp.rauchholz wp.rauchholz 4096 Nov 28 16:25 wp.rauchholz

My samba config looks like this.
[global]
workgroup = LOGON
server string = Samba Server %v
netbios name = centos
security = user
map to guest = bad user
dns proxy = no
ntlm auth = yes
wins support = yes
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes

Thanks for your hrlp. Wolfgang

sywhk
Posts: 7
Joined: 2015/05/01 17:16:40

Re: SAMBA and WINDOWS 10

Postby sywhk » 2017/12/28 16:47:56

Configuring a Samba server can have many different ways. For a easy set up in a home network, I share below my set up note for your reference.

Good Luck!

Code: Select all

Configuration of Samba server in CentOS(Fedora/RHEL) as a standalone server i.e. not a domain controller

The server and client are both behind the internet gateway - the router.

Server - CentOS(Fedora/RHEL)
Client - Windows 7/10

Note :
Since the configuration rules for different versions may change,it is advisable to use the default configuration file of the corresponding version and then merge
specific setting of the existing configuration file into the new one after upgrading samba server.  If secure linux is enforced, re-runing some secure linux command
may be needed.  See the below part on secure linux below.

The default configuration file of upgraded version is usually installed alone with the software. Backup and edit the default configuration as the production
configuration file.


Server side

1) ensure Samba server is running (smb & nmb) in the manage service GUI properly or manually as below
   Centos :
   Type the following command in a linux console
   To check Samba server status :
   ps -e | grep nmb ; ps -e | grep smb
   If smbd and nmbd processes are found,the samba server is up and function properly.
   As of newer version of samba, rebooting the system after installation of samba package shall start the server.
   In newer version CentOS :
   systemctl status nmb.service; systemctl status smb.service
   These command should shows the processes are active and running
   
2) enable firewall rule for Samba in firewall setup
   CentOS 7 :
   firewall-cmd --permanent --zone=public --add-service=samba
   firewall-cmd --reload

3) setup Samba - CentOS
         
   *** Note : Use GUI tool to configure Samba will overwrite manually edited smb.conf file ***
   
   Note : (samba client package must be installed to use smbpasswd tool : yum install samba-client)
   Command in console terminal (root) :
   smbpasswd -a newuser (where newuser is the samba username which must be a valid user on the linux server host)

   Consult corresponding samba server documentation for add user command.
   
   Manual set up of Samba server :
   As this server is used in local network i.e. behind router, it is a better idea to set up a static address for the linux host where the samba server is running.  Consult the router documentation for set up of static ip for client host.
   
   Use editors vi(vim) or nano to edit text files in console only system.  Consult respective editor's documentation for usage command.
   
   For CentOS : (as root or sudo)
   smbpasswd -a username (add user)
   smbpasswd -e username (enable user)
   
   Backup cureent configuration first :
   cp /etc/samba/smb.conf /etc.samba/conf.org
   cp /etc/samba/smb.conf.example /etc/samb.conf

   Edit configuration in smb.conf in the following sections :
   
   The [global] section -
   
   workgroup = WORKGROUPNAME (where WORKGROUPNAME is the MS Windows workgroup name)
   netbios name = hostname (where hostname is the linux server name)   

   The "Share Definitions" section -
   
   Simple setup of a shared folder :
   [eBooks]
   path = /eBooks
   read only = no
   browseable = yes
   valid users = sambausername (where sambausername is the samba username)
   Simple setup of a shared folder to members of a group
   [eBooks]
   path = /eBooks
   read only = no
   browseable = yes
   write list = @<groupname>
     
   To reload smb.conf for Fedora (as root or sudo) :
   smbd reload
   
   For newer version of CentOS e.g. CentOS 7, use systemctl to enable samba server as below.
   systemctl enable smb
   systemctl enable nmb
   systemctl restart smb
   systemctl restart nmb
   
   To check if the samba server is up and running, type "ps -e | grep nmb" & "ps -e | grep smb".
   
   Note :
   To access a share folder, the samba user should also be added as a local user of the samba server host and has access right to the share folder.
   
   Folder exclusively for the user :
   create a folder such as /data/ebook : 1) mkdir /data/ebook 2) chown <username> /data/ebook 3) chmod 770 /data/ebook
   
   Folder for share of a user group : (new user)
   create a share folder such as /data/ebook : 1) mkdir /data/ebook 2) chmod 770 /data/ebook 3) groupadd <grpname> 4) useradd -G <grpname> <username>
   5) passwd <username>
   
   Add a new user to a primary group : useradd -g <groupname> <username>
   Add a user to secondary/supplementary group : usermod -a -G <groupname> <username>
   Change a user to a primary group : usermod -g <groupname> <username>

4) If Secure Linux is enforced, setup must be done before new share folders could be accessed.
   
   Create folders to be shared in linux host and then label the folders to be shared.

   Extract from man page of samb_selinux :

   FILE_CONTEXTS
       SELinux requires files to have an extended attribute  to  define  the  file  type.
       Policy governs the access daemons have to these files.  If you want to share files
       other than home directories, those files must be labeled samba_share_t.  So if you
       created  a  special directory /var/eng, you would need to label the directory with
       the chcon tool.

       chcon -t samba_share_t /var/eng

       To make this change permanent (survive a relabel), use the semanage command to add
       the change to file context configuration:
       
       To install semanage, type yum install policycoreutils_python
       semanage fcontext -a -t samba_share_t "/var/eng(/.*)?"

       This command adds the following entry to "/etc/selinux/<POLICYTYPE>/contexts/files/file_contexts.local".
      e.g. <POLICYTYPE> like targeted

       /var/eng(/.*)? system_u:object_r:samba_share_t:s0

       Run the restorecon command to apply the changes:

       restorecon -R -v /var/eng/
       (see "man samba_selinux" for details)
       
       The file_contexts.local can also be manually created.
       touch /etc/selinux/<POLICYTYPE>/contexts/files/file_contexts.local
       vi /etc/selinux/<POLICYTYPE>/contexts/files/file_contexts.local
       (add this line "/var/eng(/.*)? system_u:object_r:samba_share_t:s0")
       
   To share home directories of users :
       setsebool -P samba_enable_home_dirs on

   To share ntfs HDD drive, use the below command.  Before that, ntfs-3g package must be installed for read/write ntfs volume.
       setsebool -P samba_share_fusefs on
   
   To auto mount the ntfs HDD on system start up, add the below line to /etc/fstab file.
   <device id e.g. sdb1>   <mount point>            ntfs    defaults   0 0
   sample :
   /dev/sdb1                       /mnt/ntfsdrv            ntfs    defaults,    0 0
   
5) Access the Samba server (two ways)
   i)  In Windows file explorer, type "\\192.168.0.xxx" (ip for the samba server host) and press ENTER to login samba server.
   ii) Edit the file C:\WINDOWS\system32\drivers\etc\host to add a line "192.168.0.xxx   hostname" for Windows XP.
       Browse the samba share in Network Neighborhood and click on the network machine with the Linux host name..

   For Windows 7, the samba server host should up automatically in Network Neighborhood.  To auto log in the samba server host,
   first add a user in the Linux host with the same Samba user name and password.

Client side

1) may need to define trusted network in firewall of the client side -
   can be the internal ip, host name or the mac address of of the linux host
2) point to the Samba Server in the network and logon using the Samba user name and password