[Wolves] Logging onto a Linux machine.

Mark Ellse mark at ellse.org
Wed Apr 24 01:22:18 UTC 2019 

On 22/04/2019 02:51, Mark Ellse via Wolves wrote:

> > I've recently built a Linux Mint machine for a second backup server.
> Samba
> > installs by sharing a folder. Guest access, if I set it, works: so
> sharing
> > is working. But user access only won't work because it won't give access
> if
> > I to a given username and password and I've checked with creating another
> > user "username" and "password".
> >
> > I know that this should work because I have another similar machine which
> > works fine as a server for Windows File History from my main Windows 10
> > machine so I think I am doing something daft. I suspect that it is
> because
> > I am not using the full username. As well as "username" I have also used
> > "machinename/username" etc.
> >
> > I'd be grateful for any hints.
>
> Hi Mark
>
> Glad to see you're still out there :)
>
> I'm not a Samba expert but I'd need to know the following to be able to
> help at all:
>
> * What samba version is the server?
> * What samba version (or Windows OS) is the client?
> * What errors are you seeing when connecting fails?
>
> My first thought was that this might be an SMB protocol version issue.
> The old SMBv1 protocol which offers Network Neighbourhood style share
> auto-discovery and browsing is insecure (see WannaCry and Petya) and no
> longer enabled by default in Windows, but SMBv1 was still the default
> protocol version in Samba last time I checked about 18 months ago.
>
> When you try to connect an SMBv2 or SMBv3 only client to a server
> talking SMB1 or vice versa, it will fail to negotiate a protocol and
> give you some errors like:
>
> # smbclient -L 127.0.0.1 -U adam
>
> smb1cli_req_writev_submit: called for dialect[SMB3_11] server[127.0.0.1]
> Error returning browse list: NT_STATUS_REVISION_MISMATCH
> Reconnecting with SMB1 for workgroup listing.
> protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE
> Failed to connect with SMB1 -- no workgroup available
>
> ...but if that were the problem then your guest account wouldn't work
> either.
>
> I know there were plans to disable SMBv1 by default in Samba but I don't
> know if that's the case yet. Nevertheless, for disabling SMBv1, take a
> look at:
>
> https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/
>
>
> https://www.cyberciti.biz/faq/how-to-configure-samba-to-use-smbv2-and-disable-smbv1-on-linux-or-unix/
>
> In any case, I'd recommend working out what Samba versions you're using
> for server and client:
>
> samba -V
> (or maybe samba-tool -V or smbclient -V on a Linux client)
>
> And also looking at the server's Samba logs in:
>
> /var/log/samba/log.smbd
> /var/log/samba/log.nmbd
> /var/log/samba/log.<your client's address>
>
> Hopefully you'll see some errors that give you a clue about what's going
> on. As always the Arch wiki is useful and fairly detailed, though being
> about Arch Linux it's obviously not applicable verbatim to Mint:
>
> https://wiki.archlinux.org/index.php/Samba
>
> Without knowing the Samba versions, what errors are being logged or
> errors you're seeing when it fails to connect, it's difficult to say
> anything.
>
> Adam
> *****************
>

Hi Adam,

Yes, good to make contact again and many thanks for you help.

It occurred to me to try to log on to my shared account from the same Mint
machine. I have two accounts, one called mark, the other called user.

I shared the folder in mark (without guest permission), logged onto the
machine as user as well and tried accessing mark/sharetest. I couldn't.

I then switched user to mark, changed the permissions to allow guest
access: I could.

Then switched the permissions back to remove guest access and I couldn't.

In other words, I am getting the same behaviour from a different user on
the linux machine to itself.

It then occurred to me to log on as mark and try to access sharetest (a
folder belonging to mark) through the network. Nemo then asked for
credentials and refused to accept "mark" and "password".

In summary, user "mark" can create a folder in his home directory, share it
to registered users, access it directly but not on his own machine via
Network.

It occurs to me again that I am probably not using the full username when
logging on. Is that possible? The computer name is bu. The user name is
mark. Should I be using something like /bu/mark?

Further to the questions you raise, samb -V returns:

mark at bu:~$ samba -V
Version 4.7.6-Ubuntu

The log file in /var gives this:

[2019/04/24 01:42:50.127351,  0]
../source3/param/loadparm.c:3350(process_usershare_file)
  process_usershare_file: stat of /var/lib/samba/usershares/sharetest
failed. Permission denied
[2019/04/24 01:43:29.390587,  0]
../source3/param/loadparm.c:3350(process_usershare_file)
  process_usershare_file: stat of /var/lib/samba/usershares/sharetest
failed. Permission denied

log.nmbd gives the following: (It is nice that it has become a local master
browser. That used to be a problem in mixed Linux/Windows networks.)

Samba name server BU is now a local master browser for workgroup WORKGROUP
on subnet 192.168.1.252

  *****
[2019/04/23 17:15:14.492888,  0]
../lib/util/become_daemon.c:124(daemon_ready)
  STATUS=daemon 'nmbd' finished starting up and ready to serve connections
[2019/04/24 01:00:04.859013,  0]
../lib/util/become_daemon.c:124(daemon_ready)
  STATUS=daemon 'nmbd' finished starting up and ready to serve connections

log.smbd gives

[2019/04/23 17:15:14.996888,  0]
../lib/util/become_daemon.c:124(daemon_ready)
  STATUS=daemon 'smbd' finished starting up and ready to serve connections
[2019/04/24 01:00:06.086195,  0]
../lib/util/become_daemon.c:124(daemon_ready)
  STATUS=daemon 'smbd' finished starting up and ready to serve connections

I have, by the way, re-enabled SMBv1 in Windows. That was knocked off by a
recent Windows10 update, causing FileHistory to be unable to access my
other backup server.

If this does give you or anyone else, insight into the problem I'd be
grateful for help.

By the way, I retired in 2014. For the last 10 years or so of my time there
we used Linux for all the file servers (a lot of SME server plus a server
that Ron commissioned for us); in the IT room we used LTSP; for most of the
staff machines we used Ubuntu; for all the office admin we used Libre/Open
office. In a bad year we would spend as much as £5000 on IT. Since I left
it's become a full Microsoft shop and the operating costs are more than
twenty times as much.

Cheers,

Mark

Since I left school has become

More information about the Wolves mailing list