[Wolves] Logging onto a Linux machine.

[davidjackson]

-------- Original message --------From: Mark Ellse via Wolves <wolves at mailman.lug.org.uk> Date: 24/04/2019  02:21  (GMT+00:00) To: wolves at mailman.lug.org.uk Cc: Mark Ellse <mark at ellse.org> Subject: [Wolves] Logging onto a Linux machine. On 22/04/2019 02:51, Mark Ellse via Wolves wrote:> > I've recently built a Linux Mint machine for a second backup server.> Samba> > installs by sharing a folder. Guest access, if I set it, works: so> sharing> > is working. But user access only won't work because it won't give access> if> > I to a given username and password and I've checked with creating another> > user "username" and "password".> >> > I know that this should work because I have another similar machine which> > works fine as a server for Windows File History from my main Windows 10> > machine so I think I am doing something daft. I suspect that it is> because> > I am not using the full username. As well as "username" I have also used> > "machinename/username" etc.> >> > I'd be grateful for any hints.>> Hi Mark>> Glad to see you're still out there :)>> I'm not a Samba expert but I'd need to know the following to be able to> help at all:>> * What samba version is the server?> * What samba version (or Windows OS) is the client?> * What errors are you seeing when connecting fails?>> My first thought was that this might be an SMB protocol version issue.> The old SMBv1 protocol which offers Network Neighbourhood style share> auto-discovery and browsing is insecure (see WannaCry and Petya) and no> longer enabled by default in Windows, but SMBv1 was still the default> protocol version in Samba last time I checked about 18 months ago.>> When you try to connect an SMBv2 or SMBv3 only client to a server> talking SMB1 or vice versa, it will fail to negotiate a protocol and> give you some errors like:>> # smbclient -L 127.0.0.1 -U adam>> smb1cli_req_writev_submit: called for dialect[SMB3_11] server[127.0.0.1]> Error returning browse list: NT_STATUS_REVISION_MISMATCH> Reconnecting with SMB1 for workgroup listing.> protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE> Failed to connect with SMB1 -- no workgroup available>> ...but if that were the problem then your guest account wouldn't work> either.>> I know there were plans to disable SMBv1 by default in Samba but I don't> know if that's the case yet. Nevertheless, for disabling SMBv1, take a> look at:>> https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/>>> https://www.cyberciti.biz/faq/how-to-configure-samba-to-use-smbv2-and-disable-smbv1-on-linux-or-unix/>> In any case, I'd recommend working out what Samba versions you're using> for server and client:>> samba -V> (or maybe samba-tool -V or smbclient -V on a Linux client)>> And also looking at the server's Samba logs in:>> /var/log/samba/log.smbd> /var/log/samba/log.nmbd> /var/log/samba/log.<your client's address>>> Hopefully you'll see some errors that give you a clue about what's going> on. As always the Arch wiki is useful and fairly detailed, though being> about Arch Linux it's obviously not applicable verbatim to Mint:>> https://wiki.archlinux.org/index.php/Samba>> Without knowing the Samba versions, what errors are being logged or> errors you're seeing when it fails to connect, it's difficult to say> anything.>> Adam> *****************>Hi Adam,Yes, good to make contact again and many thanks for you help.It occurred to me to try to log on to my shared account from the same Mintmachine. I have two accounts, one called mark, the other called user.I shared the folder in mark (without guest permission), logged onto themachine as user as well and tried accessing mark/sharetest. I couldn't.I then switched user to mark, changed the permissions to allow guestaccess: I could.Then switched the permissions back to remove guest access and I couldn't.In other words, I am getting the same behaviour from a different user onthe linux machine to itself.It then occurred to me to log on as mark and try to access sharetest (afolder belonging to mark) through the network. Nemo then asked forcredentials and refused to accept "mark" and "password".In summary, user "mark" can create a folder in his home directory, share itto registered users, access it directly but not on his own machine viaNetwork.It occurs to me again that I am probably not using the full username whenlogging on. Is that possible? The computer name is bu. The user name ismark. Should I be using something like /bu/mark?Further to the questions you raise, samb -V returns:mark at bu:~$ samba -VVersion 4.7.6-UbuntuThe log file in /var gives this:[2019/04/24 01:42:50.127351,  0]../source3/param/loadparm.c:3350(process_usershare_file)  process_usershare_file: stat of /var/lib/samba/usershares/sharetestfailed. Permission denied[2019/04/24 01:43:29.390587,  0]../source3/param/loadparm.c:3350(process_usershare_file)  process_usershare_file: stat of /var/lib/samba/usershares/sharetestfailed. Permission deniedlog.nmbd gives the following: (It is nice that it has become a local masterbrowser. That used to be a problem in mixed Linux/Windows networks.)Samba name server BU is now a local master browser for workgroup WORKGROUPon subnet 192.168.1.252  *****[2019/04/23 17:15:14.492888,  0]../lib/util/become_daemon.c:124(daemon_ready)  STATUS=daemon 'nmbd' finished starting up and ready to serve connections[2019/04/24 01:00:04.859013,  0]../lib/util/become_daemon.c:124(daemon_ready)  STATUS=daemon 'nmbd' finished starting up and ready to serve connectionslog.smbd gives[2019/04/23 17:15:14.996888,  0]../lib/util/become_daemon.c:124(daemon_ready)  STATUS=daemon 'smbd' finished starting up and ready to serve connections[2019/04/24 01:00:06.086195,  0]../lib/util/become_daemon.c:124(daemon_ready)  STATUS=daemon 'smbd' finished starting up and ready to serve connectionsI have, by the way, re-enabled SMBv1 in Windows. Hi MarkI am no expert on this but sometimes we miss the simple things. The username and password for samba shares are not set as a user account, and are a special samba user set the password using something like:-sudo smbpasswd -a <user-name>Hope this helps Dave