stevepedwards.com/DebianAdmin linux mint IT admin tips info

Linux Mint Samba and Windows Shares

I wanted to document any apparent major changes that may exist in the methods for getting these newer versions of linux Mint and Windows 7 that I use now, regarding file sharing Linux and Windows over a home network.

There seem to be a few people on forums that struggle immensely with this - as I did in my early days of linux - but it hasn't changed much in the last decade from a practical point of view, even if software development has continued and much coding under the surface has been done in the newer Samba implementations - whatever version number these currently are.

To just get up and running for accessing and writing your own files in your home directory across a network, with a basic easier introduction, see the samba section in this later Post first:

Post New Mint Install Tweaks Options

The main thing to be familiar with is the sections in the

vi /etc/samba/smb.conf

file. You do get very familiar with the sections you need to know once you have set it up a few hundred times!

The main thing to note, as in the previous Apache2 Post, is that some lines are missing compared to older Debian smb.conf versions, as example directives, and MAY require not only to be uncommented and/or amended as in the past, but known about in the first place to add in! HOWEVER - you do not NEED to know these initially for a simple home setup, as the default file works just fine to see and copy files remotely, if not to write to them just yet. See the above Post FIRST for the simplest setup for a remote Mint PC, to have full read/write access your home directory files there!

The best way to understand what I mean is to give a full working example from my currently working network later, but first, be aware that this is not the most secure way to configure a samba conf file for another network - corporate etc. - but as I am behind a firewall and am the only user it is fine as I don't have to worry about user privileges - except as far as being able to WRITE to my own files, rather than restricting my own access by not being able to get this procedure right.

The most easily forgotten action for me in the past was forgetting to set an smbpassword for the linux user account so that it is hashed correctly for Windows to allow access to its shares from the Linux PC , so I'll show what I just discovered today as far as Mint goes that I never had to do for Debian before.

The issue was NOT being able to set an smbpassword for my user, because the smbpassword file did not exist and had to be created first!

If you try to add an smbpassword for a user that is not in the SAM database (or because there is no DB file yet!) you get told:

IomegaMint www # smbpasswd jan
Ignoring unknown parameter "SO_RCVBUF"
New SMB password:
Retype new SMB password:
Failed to find entry for user jan.

You have to add the user first with:

smbpasswd -a jan

You can also check if it exists already by discovering the pdbedit cmd and then running it:

IomegaMint www # man pdbedit

PDBEDIT(8) System Administration tools PDBEDIT(8)

NAME
pdbedit - manage the SAM database (Database of Samba Users)

SYNOPSIS
pdbedit [-a] [-b passdb-backend] [-c account-control] [-C value] [-d debuglevel]
[-D drive] [-e passdb-backend] [-f fullname] [--force-initialized-passwords]
[-g] [-h homedir] [-i passdb-backend] [-I domain] [-K] [-L] [-m] [-M SID|RID]
[-N description] [-P account-policy] [-p profile] [--policies-reset] [-r]
[-s configfile] [-S script] [-t] [--time-format] [-u username] [-U SID|RID] [-v]
[-V] [-w] [-x] [-y] [-z] [-Z]

DESCRIPTION
This tool is part of the samba(7) suite.

The pdbedit program is used to manage the users accounts stored in the sam
database and can only be run by root.

The pdbedit tool uses the passdb modular interface and is independent from the
kind of users database used (currently there are smbpasswd, ldap, nis+ and tdb
based and more can be added without changing the tool).

There are five main ways to use pdbedit: adding a user account, removing a user
account, modifying a user account, listing user accounts, importing users
accounts.

IomegaMint www # pdbedit
Ignoring unknown parameter "SO_RCVBUF"
Usage: [OPTION...]
-L, --list list all users

With the -L switch you will know if the file contains any users or not and if not, you can add one with:

-a, --create                          create user

IomegaMint www # pdbedit -a bill

Ignoring unknown parameter "SO_RCVBUF"
new password:
retype new password:
Unix username: bill
NT username:
Account Flags: [U ]
User SID: S-1-5-21-1235505570-2037705510-1443688369-1002
Primary Group SID: S-1-5-21-1235505570-2037705510-1443688369-513
Full Name:
Home Directory: \\iomegamint\bill
HomeDir Drive:
Logon Script:
Profile Path: \\iomegamint\bill\profile
Domain: IOMEGAMINT
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: Wed, 06 Feb 2036 15:06:39 GMT
Kickoff time: Wed, 06 Feb 2036 15:06:39 GMT
Password last set: Mon, 17 Nov 2014 22:11:24 GMT
Password can change: Mon, 17 Nov 2014 22:11:24 GMT
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
IomegaMint www #

Now if you run the -L switch you see the users added:

IomegaMint www # pdbedit -L
Ignoring unknown parameter "SO_RCVBUF"
stevee:1000:stevee
bill:1001:
root:0:root

So, now you can change the smbpassword for the user bill that is in the DB so they should have access to the Windows shares when all else has been completed to make the shares available both ways.

IomegaMint www # smbpasswd bill
Ignoring unknown parameter "SO_RCVBUF"
New SMB password:
Retype new SMB password:
IomegaMint www #

OK, that's the user access side catered for as far as passwords go, so what about the PC and drive physical sharing side?

I'll skip over the bulk of Windows side as this should be known by most already - the basic right click of the Win folder or drive you want to share, set the permissions and add users as required:

Share2.jpg

Share1.jpg

Once shared this folder becomes visible on the Windows network as:

Share3.jpg

To share folders on the Mint side, I have created the directories /share  just as a folder, and /Storebird to mount my external large backup drive. I'll explain how that gets mounted so it is automatically shared at boot up later by editing the /etc/fstab file. For now, see how these folders relate to the smb.conf file. Look at the smb.conf file and create your equivalent sections right at the bottom:

vi /etc/samba/smb.conf

[share]
path = /share
writeable = 1
browseable = 1
create mask = 0775
directory mask = 0775
available = yes
valid users = stevee, root

[SB]
path=/Storebird
writeable=1
browseable=yes
create mask=0775
directory mask=0775
available = yes
valid users = stevee, root

Note the interchangeable Boolean logic: yes =1; no = 0, and the directory permissions 0775 relating to user, group,others as rwxrwxr-x permissions. If you don't understand that, download my Beginner's Mint PDFs:

 

Free Tutor’s/New User’s Linux Mint 5 Day Essentials Introduction Course Material

Uncomment these:

####### Authentication #######

# "security = user" is always a good idea. This will require a Unix account
# in this server for every user accessing the server. See
# /usr/share/doc/samba-doc/htmldocs/Samba3-HOWTO/ServerType.html
# in the samba-doc package for details.
security = user

[homes]
comment = Home Directories
browseable = 1

# By default, the home directories are exported read-only. Change the
# next parameter to 'no' if you want to be able to write to them.
read only = 0

# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
create mask = 0775

# Directory creation mask is set to 0700 for security reasons. If you want to
# create dirs. with group=rw permissions, set next parameter to 0775.
directory mask = 0775
   writeable = 1

# By default, \\server\username shares can be connected to by anyone
# with access to the samba server. Un-comment the following parameter
# to make sure that only "username" can connect to \\server\username
# The following parameter makes sure that only "username" can connect
#
# This might need tweaking when using external authentication schemes
valid users = %S

Everything else in smb.conf I have always left alone and not had a problem sharing both ways on a standard Windows WORKGROUP that has no domain server etc.  but check that

workgroup = WORKGROUP

is present also as this is the default windows network name - excluding the new Win7 annoying HOME network options.

To check the smb.conf file is in order, run

IomegaMint www # testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Unknown parameter encountered: "SO_RCVBUF"
Ignoring unknown parameter "SO_RCVBUF"
Processing section "[homes]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[share]"
Processing section "[SB]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions

[global]
server string = %h server (Samba, Linux Mint)
map to guest = Bad User
obey pam restrictions = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *pas
sword\supdated\ssuccessfully* .
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
smb ports = 139
disable netbios = Yes
dns proxy = No
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
idmap config * : backend = tdb

[homes]
comment = Home Directories
valid users = %S
read only = No
create mask = 0775
directory mask = 0775

[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0700
printable = Yes
print ok = Yes
browseable = No

[print$]
comment = Printer Drivers
path = /var/lib/samba/printers

[share]
path = /
valid users = stevee
read only = No
create mask = 0775
directory mask = 0775

[SB]
path = /SB
valid users = stevee, root
read only = No
create mask = 0775
directory mask = 0775

The point to realise with user net access is that it is easier to have EXACTLY the same user names AND passwords on both Win and Lin PCs accounts as linux is case sensitive, and that way each user is automatically in it's own group on each PC, so the 775 perms will allow local user ( perm 7) AND remote user write access to their files as they are in the same group (2nd perm 7), with only read and execute access (5) for Others - as suggested in the smbconf file. That way each user can access, delete and write their own files locally or remotely once an smbpassword has been set for each user on the linux box and they have authenticated remotely. The local lin PC user's folders also have to be owned and set at 775 on any /Share folder of root's main dir / that requires writing to e.g. (chown -R stevee /Share) and (chmod -R 775 /Share) as local perms over ride network perms obviously.. The default perms for /home/user/* folder access is 755, so is (obviously?) read/exe accessible to the net user at the minimum anyway. If that is not "obvious" to you, read my Course PDFs on Perms.

So, onto mounting the physical drive with the share privileges you require, that will mount automatically at boot and be available over the network immediately....

The file that determines what physical drives are mounted - and how - is the file system tables file, fstab. It may look like this:

sudo vi /etc/fstab

# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point> <type> <options> <dump> <pass>
# / was on /dev/sdb2 during installation
UUID=e3ca06fe-a349-41b1-a2b9-d50928d63731 / ext4 errors=remount-ro 0 1
# swap was on /dev/sdb1 during installation
UUID=ca148e7e-eb62-4522-be0a-1d5c9935210d none swap sw 0 0
//bedw7/g /Quadra cifs user=stevee,pass=xxxx,rw 0 0
//DellMint/share /DellMint cifs user=stevee,pass=xxxx,rw 0 0
UUID=90C4E18EC4E1773E /SB ntfs rw 0 0vi /etc/fstab

As this file suggests, you can find the UUID of any hard drive attached to the linux box by running:

IomegaMint www # sudo blkid
/dev/sda1: LABEL="SB" UUID="90C4E18EC4E1773E" TYPE="ntfs"
/dev/sdb1: UUID="ed906923-eb08-4f72-9f2e-3176f6e23088" TYPE="ext4"
/dev/sdb3: UUID="01B7CE5467FF8212" TYPE="ntfs"
/dev/sdb5: UUID="97bc598b-17a2-480d-b91d-217800f90a95" TYPE="swap"

Now that the rather cool Mint colourises vi output for programmer code and other fields, I'll do it here as I can't paste the colours as it is in the terminal above. This helps understand what the parameters do for a mounted drive and that you have them written and tab/spaced correctly. The main new feature for me here is the identifying of drives by their UUID

http://en.wikipedia.org/wiki/Universally_unique_identifier

The main points here are the way the drive is mounted on the linux box - a share or locally wired - and what file system it is formatted with.

If a share from another Win PC on the net, then the naming is of the form:

//bedw7/g /Quadra cifs

showing the Win NETBIOS PC name with the drive letter on the Win PC, and the linux folder (Quadra) where it is mounted locally, and the Common Internet Filesystem (CIFS replaced Server Message Block, SMB) as it's local non literal format, when it may really be NTFS on the remote Win PC drive.

If the drive is locally wired, either bus or USB, it will have a local device number (sda1 as the primary partition (1) of the primary SATA device (a) on the motherboard, and now with the new UUID and its local literal format such as NTFS or ext4:

/dev/sda1: LABEL="SB" UUID="90C4E18EC4E1773E" TYPE="ntfs"

So, between the fstab file,

sudo lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 1.4T 0 disk
└─sda1 8:1 0 1.4T 0 part /1500GB
sdb 8:16 0 931.5G 0 disk
└─sdb1 8:17 0 931.5G 0 part /Quadra
sdc 8:32 0 149.1G 0 disk
├─sdc1 8:33 0 142.6G 0 part /
├─sdc2 8:34 0 1K 0 part
└─sdc5 8:37 0 6.5G 0 part [SWAP]
sdd 8:48 0 931.5G 0 disk
└─sdd1 8:49 0 931.5G 0 part /Storebird

sudo blkid
[sudo] password for stevee:
/dev/sda1: LABEL="1500 Gbyte" UUID="A2D00CDED00CBB15" TYPE="ntfs"
/dev/sdb1: UUID="ca81e6dd-2423-4080-b945-66bae46d3f48" TYPE="ext4"
/dev/sdc1: UUID="51800665-dd6d-4c80-adf4-cf8c0061d0be" TYPE="ext4"
/dev/sdc5: UUID="3d132205-41b8-41d5-b4ce-a15fb87e8422" TYPE="swap"
/dev/sdd1: UUID="87b55176-f602-48db-ac1c-4fe0101b1a79" TYPE="ext4"

and

sudo fdisk -l
[sudo] password for stevee:

Disk /dev/sda: 160.0 GB, 160041885696 bytes
255 heads, 63 sectors/track, 19457 cylinders, total 312581808 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x0000efb1

Device Boot Start End Blocks Id System
/dev/sda1 * 2048 310501375 155249664 83 Linux
/dev/sda2 310503422 312580095 1038337 5 Extended
/dev/sda5 310503424 312580095 1038336 82 Linux swap / Solaris

you should be able to get all the info you need on any hard drive attached to the system.

The final point is that you can add the smbpasswd of a user, in text (xxxx above) into the fstab file so the user will have automatic access to that shared drive by clicking on it but without having to enter uname/pwd ID in a login box, with a privilege of rw (read/write) etc. that follows in the next column.

When any changes are made, restart the samba daemon with:

IomegaMint www # /etc/init.d/samba restart

To view available shares on the Win PC from the linux box use:

stevee@IomegaMint ~ $ smbclient -L Acer1
Unknown parameter encountered: "SO_RCVBUF"
Ignoring unknown parameter "SO_RCVBUF"
Enter stevee's password:
Domain=[ACER1] OS=[Windows 7 Professional 7600] Server=[Windows 7 Professional 6.1]

Sharename Type Comment
--------- ---- -------
ADMIN$ Disk Remote Admin
C$ Disk Default share
E Disk
E$ Disk Default share
IPC$ IPC Remote IPC
Lexmark 2600 Series Printer Lexmark 2600 Series
print$ Disk Printer Drivers
SHARE Disk
Users Disk
Domain=[ACER1] OS=[Windows 7 Professional 7600] Server=[Windows 7 Professional 6.1]

Server Comment
--------- -------

Workgroup Master
--------- -------

(NOTE: to see all shares in Raspbian you need to append a uname:

root@raspberrypi:/home/stevee# smbclient -L acer64 --user=stevee
Enter stevee's password:
Domain=[ACER64] OS=[Windows 7 Professional 7600] Server=[Windows 7 Professional 6.1]

Sharename Type Comment
--------- ---- -------
ADMIN$ Disk Remote Admin
C$ Disk Default share
D Disk
D$ Disk Default share
IPC$ IPC Remote IPC
Lexmark 2600 Series Printer Lexmark 2600 Series
print$ Disk Printer Drivers
Domain=[ACER64] OS=[Windows 7 Professional 7600] Server=[Windows 7 Professional 6.1]

Server Comment
--------- -------

Workgroup Master
--------- -------

To show the Mint shares are also available with the same command:

IomegaMint stevee # smbclient -L IomegaMint
Unknown parameter encountered: "SO_RCVBUF"
Ignoring unknown parameter "SO_RCVBUF"
Enter root's password:
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 4.1.6-Ubuntu]

Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (IomegaMint server (Samba, Linux Mint))
SB Disk
share Disk
print$ Disk Printer Drivers
homes Disk Home Directories
root Disk Home Directories
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 4.1.6-Ubuntu]

Server Comment
--------- -------
IOMEGAMINT IomegaMint server (Samba, Linux Mint)

Workgroup Master
--------- -------
WORKGROUP ACER1

Now this just leaves a problem with both Mint Petra and the newer Mint Quianna, which is not being able to access the Win shares in their GUIs...

Netshare.jpg

I know this is not a connection issue as I can ping the PC and mount the remote Win drive locally from the cmd line:

MintAspire-5630 stevee # ping Acer1
PING Acer1.lan (192.168.1.97) 56(84) bytes of data.
64 bytes from Acer1.lan (192.168.1.97): icmp_seq=1 ttl=128 time=2.91 ms
64 bytes from Acer1.lan (192.168.1.97): icmp_seq=2 ttl=128 time=1.31 ms
64 bytes from Acer1.lan (192.168.1.97): icmp_seq=3 ttl=128 time=1.36 ms
^C
--- Acer1.lan ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 1.319/1.866/2.919/0.745 ms

MintAspire-5630 stevee # mount -t cifs //Acer1/e /Acer1e/ -o user=stevee
Password for stevee@//Acer1/e:
MintAspire-5630 stevee # ls /Acer1e/
ASNTraining MSAV
ATI Nmap
AutoDoc OBDWiz
AutoEng Office2007....

This occurs in both Petra and Quianna versions of Mint. So - what's going on...? I suspect its the GUI aspect of Mint, not Samba/CIFS for the connection reasons above. It's not too inconvenient at this point as the drive is still accessible from the file system under /Acer1e in the GUI - but it's annoying not having something work that should.

The X system also appears to have issues in Mint as I can't connect properly to Mint using TightVNC from a Win PC either - I just get a black screen after successful password exchange.

Let me know if you find out....

Well, it turns out it's some lines in smb.conf - after a fiddle I got Mint shares on the Win PC:

NetShareMint

 

so what did I change, and did it allow Win shares viewable in the Mint GUI too?

Yes, it did:

MintShares.jpg

Although most are probably not needed, the lines I added/changed were on the assumption that the machine/share names is the data that is missing from all this as I know that samba IS working because of the data shown with smclient -L for both PCs, so probably only the lmhosts line is needed - and I remember I used to always have that line in the past - but not the wins support and server lines - I'll remove those and test again later now it's working:

;disable netbios = 0
;smb ports = 139

wins support = 1

I added the ip address of the Win7 box Acer1 on a hunch

wins server = 192.168.1.97   

name resolve order = lmhosts host wins bcast

I have included the whole file as a link here:

smb.conf.txt

so if you are having trouble getting Linux/Win talking you can rename it to use it, study it and compare it to your own to see if that is the problem or look at something else like firewalls, ip address issues or other connectivity problems.

Comments are closed.

Post Navigation