Create User Authenticated Samba Share

Tuxedo · **Joined:** Wed Jan 28, 2009 11:30 pm **Posts:** 1353

By default TonidoPlug is not configured to provide user based access to samba shares.
Here is a guide to provide user based access.
By doing this setup, users can access their home directories by authenticating themselves with their login and password. They cannot view or access other user shares without their login credentials.
By default when an user is created in the linux OS, it is not available as a samba user automatically. This usually is done as a separate step. In our setup we automate this process.

Setup
1. Install libpam-smbpass package. This package provides necessary tools to synchronize linux OS user/passwords with samba repository.

Code:

apt-get install libpam-smbpass

2. Open /etc/samba/smb.conf with a text editor and make the following changes.

3. By default TonidoPlug allows full access to everybody. Disable this default behavior. Look for the following lines and comment them.

Code:

# What naming service and in what order should we use to resolve host names
# to IP addresses
;   name resolve order = lmhosts host wins bcast
;   force user = root
;   force group = root

;   guest ok = yes
;   browseable = yes
;   public = yes
;   writable = yes

The above lines shows the commented configuration lines

4. By default TonidoPlug allows share level access. Change this to user level access.
Look for line "security = share" and change it as follows

Code:

# "security = user" is always a good idea. This will require a Unix account
# in this server for every user accessing the server. See
# /usr/share/doc/samba-doc/htmldocs/Samba3-HOWTO/ServerType.html
# in the samba-doc package for details.
   security = user

5. Enable automatic synchronization of user and password information from linux OS to samba.

Code:

# This boolean parameter controls whether Samba attempts to sync the Unix
# password with the SMB password when the encrypted SMB password in the
# passdb is changed.
   unix password sync = yes

6. We need to users to access their home directories when they login with userid and password. Samba configuration should be enabled to expose user home directories.

Code:

# Un-comment the following (and tweak the other settings below to suit)
# to enable the default home directory shares.  This will share each
# user's home directory as \server\username
[homes]
   comment = Home Directories
   browseable = yes

# By default, the home directories are exported read-only. Change the
# next parameter to 'no' if you want to be able to write to them.
  read only = no

# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
;   create mask = 0700

# Directory creation mask is set to 0700 for security reasons. If you want to
# create dirs. with group=rw permissions, set next parameter to 0775.
;   directory mask = 0700

# By default, \server\username shares can be connected to by anyone
# with access to the samba server.  Un-comment the following parameter
# to make sure that only "username" can connect to \server\username
# This might need tweaking when using external authentication schemes
   valid users = %S

7. Save the smb.conf file and restart samba daemon.

Code:

# /etc/init.d/samba restart

Test
For testing, we will create a user on the TonidoPlug and try to access the user's home directory as a samba share.

1. Create a user on TonidoPlug. You can do this by doing SSH to TonidoPlug as root user.

Code:

# useradd -m -k /etc/skel demouser

2. Set a password for the demouser.

Code:

# passwd demouser

3. Important: Open another SSH session to TonidoPlug and login as the new user. This is only trigger I could find to synchronize the OS user details with samba.
You can close the SSH session as soon as login is successful.

4. For the other SSH session (as root user) verify if the new linux user is synchronized with samba.

Code:

 pdbedit -w -L
nobody:65534:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U          ]:LCT-00000000:
root:0:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:0708DD6BC4B608A64FC970497CC6F7AD:[U          ]:LCT-4A09E411:
demouser:1001:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:A827E65ED0E8EA4B14721624A19DE519:[U          ]:LCT-4A9E8E33:

You should see 'demouser' as an entry in the output.

5. Now from the windows machine, open an explorer window and type the \\<Tonido_Plug_IP>\demouser. It should prompt for username and password. Enter 'demouser' and its password. Once you click 'Ok' it should show the demouser's home directory with full access only to his home directory.

alex_ncus · **Joined:** Wed Sep 02, 2009 12:29 pm **Posts:** 5

Excellent writeup! Thank you.

Question: doesn't this create the home directory on the TonidoPlug flash drive (rather than the intended USB drive)?

I added the following in the [homes] section to point to the USB drive:

Code:

path=/media/usb0/%S

You'll also need to 'mkdir /media/usb0/demouser' to create the directory to store your files.

pealmasa · **Joined:** Mon Apr 13, 2009 10:00 pm **Posts:** 22

I could use some help on this. I followed the procedures you give and I have an error on install the package:

root@TonidoPlug:~# apt-get install libpam-smbpass
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
libcap2 libpam-runtime samba samba-common
Suggested packages:
openbsd-inetd inet-superserver smbldap-tools ldb-tools ufw
The following NEW packages will be installed:
libcap2 libpam-smbpass
The following packages will be upgraded:
libpam-runtime samba samba-common
3 upgraded, 2 newly installed, 0 to remove and 85 not upgraded.
E: Could not open lock file /var/cache/apt/archives/lock - open (2 No such file or directory)
E: Unable to lock the download directory

Anyway, I went on configuring the rest of the procedures and when I SSH with the recently created user logon I get kicked from SSH.
And when I command:
pdbedit -w -L

The user I created doesn't appear

Any ideas?
Tks

pealmasa · **Joined:** Mon Apr 13, 2009 10:00 pm **Posts:** 22

OK I got it! Just manually created the missing dirs.
Everything ok now.

pealmasa wrote:

I could use some help on this. I followed the procedures you give and I have an error on install the package:

root@TonidoPlug:~# apt-get install libpam-smbpass
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
libcap2 libpam-runtime samba samba-common
Suggested packages:
openbsd-inetd inet-superserver smbldap-tools ldb-tools ufw
The following NEW packages will be installed:
libcap2 libpam-smbpass
The following packages will be upgraded:
libpam-runtime samba samba-common
3 upgraded, 2 newly installed, 0 to remove and 85 not upgraded.
E: Could not open lock file /var/cache/apt/archives/lock - open (2 No such file or directory)
E: Unable to lock the download directory

Anyway, I went on configuring the rest of the procedures and when I SSH with the recently created user logon I get kicked from SSH.
And when I command:
pdbedit -w -L

The user I created doesn't appear

Any ideas?
Tks

RomanH · **Joined:** Wed Nov 17, 2010 2:42 pm **Posts:** 2

I've succesfully followed all of Tuxedo's steps (incl. creating the two directories, as pealmasa did). I can now connect from Windows and Ubuntu computers to my Tonidoplug via Samba by loging in as the newly created user. I can see my home directory and the content of the USB stick connected to my plug. However, I can only read the content. I cannot write on my USB stick since over Samba since I do not have the rights to do that. What's the best way to solve this problem? How can I give myself writing privileges outside my home directory?

thanks!

RomanH

RomanH · **Joined:** Wed Nov 17, 2010 2:42 pm **Posts:** 2

ah, found the solution

just added
write list = [list of all the users that should be allowed to write]
e.g.
write list = Peter Paul Mary

to the section [disk1part1] at the end of the file.

prsnwd · **Joined:** Sat Feb 26, 2011 4:09 am **Posts:** 16

I have a windows vista machine and I have followed the above steps using SSH via putty, including:
apt-get install libpam-smbpass
and making the directories

How do I open /etc/samba/smb.conf with a text editor via the putty terminal?

Is there a text editor installed on the plug and if so, what command should I use?

Thanks

agrajag · **Joined:** Tue Dec 14, 2010 9:25 am **Posts:** 77

try this:

Code:

nano /etc/samba/smb.conf

prsnwd · **Joined:** Sat Feb 26, 2011 4:09 am **Posts:** 16

thanks for the tip regarding nano.
I am now encountering the following errors:

Code:

root@TonidoPlug:~# apt-get install libpam-smbpass
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
  libcap2 libpam-runtime samba samba-common
Suggested packages:
  openbsd-inetd inet-superserver smbldap-tools ldb-tools ufw
The following NEW packages will be installed:
  libcap2 libpam-smbpass
The following packages will be upgraded:
  libpam-runtime samba samba-common
3 upgraded, 2 newly installed, 0 to remove and 85 not upgraded.
Need to get 9089kB of archives.
After this operation, 3891kB of additional disk space will be used.
Do you want to continue [Y/n]? y
Err http://ports.ubuntu.com jaunty/main libpam-runtime 1.0.1-9ubuntu1
  Could not resolve 'ports.ubuntu.com'
Err http://ports.ubuntu.com jaunty/main libcap2 2.11-2
  Could not resolve 'ports.ubuntu.com'
Err http://ports.ubuntu.com jaunty/main samba 2:3.3.2-1ubuntu3
  Could not resolve 'ports.ubuntu.com'
Err http://ports.ubuntu.com jaunty/main samba-common 2:3.3.2-1ubuntu3
  Could not resolve 'ports.ubuntu.com'
Err http://ports.ubuntu.com jaunty/main libpam-smbpass 2:3.3.2-1ubuntu3
  Could not resolve 'ports.ubuntu.com'
Failed to fetch http://ports.ubuntu.com/pool/main/p/pam/libpam-runtime_1.0.1-9ubuntu1_all.deb  Could not resolve 'ports.ubuntu.com'
Failed to fetch http://ports.ubuntu.com/pool/main/libc/libcap2/libcap2_2.11-2_armel.deb  Could not resolve 'ports.ubuntu.com'
Failed to fetch http://ports.ubuntu.com/pool/main/s/samba/samba_3.3.2-1ubuntu3_armel.deb  Could not resolve 'ports.ubuntu.com'
Failed to fetch http://ports.ubuntu.com/pool/main/s/samba/samba-common_3.3.2-1ubuntu3_armel.deb  Could not resolve 'ports.ubuntu.com'
Failed to fetch http://ports.ubuntu.com/pool/main/s/samba/libpam-smbpass_3.3.2-1ubuntu3_armel.deb  Could not resolve 'ports.ubuntu.com'
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?
root@TonidoPlug:~#

Any tips on resolving this would be appreciated.
Thanks

madhan · **Posted:** Fri Mar 04, 2011 8:22 am

It appears your plug is unable to connect to the Ubuntu archives. Is your connection ok?

Create User Authenticated Samba Share

Who is online