Windows 10 Standard User cannot connect to Red Hat Linux Share

Page 1 of 2 12 LastLast

  1. Posts : 7
    Windows 10
       #1

    Windows 10 Standard User cannot connect to Red Hat Linux Share


    I have an issue that has been ongoing.
    I will use one user as an example, but it is happening with multiple users.

    We setup a new system with Windows 10 Pro 64-bit (latest updates).
    All Windows systems have static IP addresses.
    We are using a domain and not a workgroup.
    Our server is running Red Hat Linux Server with Version 1.5 Samba.
    Our Sonicwall firewall is our DHCP server.
    SMB 1.0 (client, direct, server) is enabled on the Windows system.
    The Windows system has an administrator user (DEXX) and a standard user (JOHN).
    The Linux server has a general admin username and password.
    There is a user setup called JOHN and a folder named JOHN.
    The Red Hat Server has a public folder that all systems are supposed to be able to access to save and read files.

    Using the Linux admin user and password, DEXX can connect to public (or anything else).
    All systems can connect to public using the same user/password.

    Keep in mind that people who maintain our server do not know Windows.
    The people who maintain our desktops systems do not know Linux.

    Here is where the problem lies. JOHN cannot connect to public.
    The first error message says the user does not have permission to connect to the share.
    The second message says that you cannot connect to the same share using multiple usernames/passwords.
    Whether we try to connect using the domain \\DOMAN\Public or the ip address \\192/168\100\120\Public we get the same result.

    I have been through this forums and others and tried the various "fixes".
    net user * /d
    enabling SMB 1.0 in Windows 10
    modifying the registry
    enabling network discovery to auto start.
    Just to name a few.

    I think the issue is a permission issue in the way the Linux people setup the server.
    NO standard windows user can connect to public.
    Every admin windows user can (using the same admin user/pass - which is stupid!)
    But who wants to have every Windows user an admin user - especially beginners and novices.
    (we already had a user delete an entire folder, losing years of data)

    The people who maintain our server refuse to give me the root username/password so I can check myself how the linux users are setup. I am no expert, but I have used Linux in the past and know how to check permissions.

    Does anyone have experience with this Server/Client setup that may shed some light on what to look for or try to make this work correctly?

    Appreciate the help.
      My Computer


  2. Posts : 668
    Win 10 pro
       #2

    Hi,
    JOHN is possibly not registered as a "samba" user.
      My Computer


  3. Posts : 7
    Windows 10
    Thread Starter
       #3

    JOHN is a registered on the server and has a personal folder.
      My Computer

  4. bro67's Avatar
    Posts : 8,409
    Mac OS Catalina
       #4

    Sounds like you are using a really old version of Red Hat. Samba 1.5 is very outdated and full of security risks, same as SMBv1. Post your Smb.conf file from /etc/samba/smb.conf You need to make sure that you have your Samba users created and also that the share definition is in /var/lib/samba/usershares See https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html for creating the Samba Config. You can use Webmin to handle the Server side stuff from a remote workstation on the network. Also allows you to see server load, etc..
      My Computers


  5. Posts : 7
    Windows 10
    Thread Starter
       #5

    I used the get-smbconnection command to get the smb version. It said 1.5. So I am pretty sure that is what it is.
    I will try to look into smb.conf and usershares. I need to get the password and login to the server.
    Very annoyed they are keeping this from us. It is our server!

    By the way I stated in my initial question:
    We are using a domain and not a workgroup.
    I should say we are on a domain using a workgroup and not a homegroup.
      My Computer

  6. bro67's Avatar
    Posts : 8,409
    Mac OS Catalina
       #6

    Run smbstatus in the CLI to get the real version. lsb_release for showing your version of Redhat. "Homegroup" was only Microsoft's way of thinking that network sharing was way too hard for the standard user, after they had been doing it up until XP. A workgroup would have no issues with Samba. I would suggest disabling SMBv1 to start things off. Also a Domain is way different from a Workgroup. It takes a lot more to setup a Linux server on a Domain than it does with a Workgroup.
      My Computers



  7. Posts : 668
    Win 10 pro
       #7

    Artman62 said:
    JOHN is a registered on the server and has a personal folder.
    This is not enough, JOHN *must* be part of the samba group; a regular user is not.
      My Computer


  8. Posts : 7
    Windows 10
    Thread Starter
       #8

    I ran smbstatus. We have Samba Version 3.6.23-51.elb. Red Hat release is 6.10
    When I ran smbstatus it returned this:
    Samba Version 3.6.23-51.elb
    Username Group Machine ip address
    debby workgroup work06 10.168.101.06
    debby workgroup work13 10.168.101.13
    robert workgroup work08 10.168.101.08
    dexx workgroup work01 10.168.101.01
    dexx workgroup work01 10.168.101.01
    mike workgroup work12 10.168.101.12
    dexx workgroup work09 10.168.101.09
    debby workgroup work06 10.168.101.06
    dexx workgroup work04 10.168.101.04
    dexx workgroup work05 10.168.101.05
    larry workgroup work11 10.168.101.11
    patty workgroup work02 10.168.101.02

    Here is my smb.conf (the names have been changed to protect the innocent):
    # This is the main Samba configuration file. You should read the
    # smb.conf(5) manual page in order to understand the options listed
    # here. Samba has a huge number of configurable options (perhaps too
    # many!) most of which are not shown in this example
    #
    # For a step to step guide on installing, configuring and using samba,
    # read the Samba-HOWTO-Collection. This may be obtained from:
    # http://www.samba.org/samba/docs/Samb...Collection.pdf
    #
    # Many working examples of smb.conf files can be found in the
    # Samba-Guide which is generated daily and can be downloaded from:
    # http://www.samba.org/samba/docs/Samba-Guide.pdf
    #
    # Any line which starts with a ; (semi-colon) or a # (hash)
    # is a comment and is ignored. In this example we will use a #
    # for commentry and a ; for parts of the config file that you
    # may wish to enable
    #
    # NOTE: Whenever you modify this file you should run the command "testparm"
    # to check that you have not made any basic syntactic errors.
    #
    #---------------
    # SELINUX NOTES:
    #
    # If you want to use the useradd/groupadd family of binaries please run:
    # setsebool -P samba_domain_controller on
    #
    # If you want to share home directories via samba please run:
    # setsebool -P samba_enable_home_dirs on
    #
    # If you create a new directory you want to share you should mark it as
    # "samba_share_t" so that selinux will let you write into it.
    # Make sure not to do that on system directories as they may already have
    # been marked with othe SELinux labels.
    #
    # Use ls -ldZ /path to see which context a directory has
    #
    # Set labels only on directories you created!
    # To set a label use the following: chcon -t samba_share_t /path
    #
    # If you need to share a system created directory you can use one of the
    # following (read-only/read-write):
    # setsebool -P samba_export_all_ro on
    # or
    # setsebool -P samba_export_all_rw on
    #
    # If you want to run scripts (preexec/root prexec/print command/...) please
    # put them into the /var/lib/samba/scripts directory so that smbd will be
    # allowed to run them.
    # Make sure you COPY them and not MOVE them so that the right SELinux context
    # is applied, to check all is ok use restorecon -R -v /var/lib/samba/scripts
    #
    #--------------
    #
    #======================= Global Settings =====================================

    [global]

    # 2016-12-06 - add the following
    follow symlinks = yes
    wide links = yes
    unix extensions = no
    # end

    veto files = /.FIL/.vix/.tar/.ltar/
    delete veto files = no

    # veto oplock files =/*.htm/*.HTM/*.xls/*.xlsx/*.XLS/*.XLSX
    # acl allow execute always = True


    # ----------------------- Network Related Options -------------------------
    #
    # workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
    #
    # server string is the equivalent of the NT Description field
    #
    # netbios name can be used to specify a server name not tied to the hostname
    #
    # Interfaces lets you configure Samba to use multiple interfaces
    # If you have multiple network interfaces then you can list the ones
    # you want to listen on (never omit localhost)
    #
    # Hosts Allow/Hosts Deny lets you restrict who can connect, and you can
    # specifiy it as a per share option as well
    #
    workgroup = WORKGROUP
    server string = Samba Server Version %v

    ; netbios name = MYSERVER

    ; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
    ; hosts allow = 127. 192.168.12. 192.168.13.

    # --------------------------- Logging Options -----------------------------
    #
    # Log File let you specify where to put logs and how to split them up.
    #
    # Max Log Size let you specify the max size log files should reach

    # logs split per machine
    log file = /var/log/samba/log.%m
    # max 50KB per log file, then rotate
    max log size = 50

    # ----------------------- Standalone Server Options ------------------------
    #
    # Scurity can be set to user, share(deprecated) or server(deprecated)
    #
    # Backend to store user information in. New installations should
    # use either tdbsam or ldapsam. smbpasswd is available for backwards
    # compatibility. tdbsam requires no further configuration.

    security = user
    passdb backend = tdbsam
    # 2016-12-06 - add the following
    map to guest = Bad User
    map to guest = Bad Password
    # end



    # ----------------------- Domain Members Options ------------------------
    #
    # Security must be set to domain or ads
    #
    # Use the realm option only with security = ads
    # Specifies the Active Directory realm the host is part of
    #
    # Backend to store user information in. New installations should
    # use either tdbsam or ldapsam. smbpasswd is available for backwards
    # compatibility. tdbsam requires no further configuration.
    #
    # Use password server option only with security = server or if you can't
    # use the DNS to locate Domain Controllers
    # The argument list may include:
    # password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
    # or to auto-locate the domain controller/s
    # password server = *


    ; security = domain
    ; passdb backend = tdbsam
    ; realm = MY_REALM

    ; password server = <NT-Server-Name>

    # ----------------------- Domain Controller Options ------------------------
    #
    # Security must be set to user for domain controllers
    #
    # Backend to store user information in. New installations should
    # use either tdbsam or ldapsam. smbpasswd is available for backwards
    # compatibility. tdbsam requires no further configuration.
    #
    # Domain Master specifies Samba to be the Domain Master Browser. This
    # allows Samba to collate browse lists between subnets. Don't use this
    # if you already have a Windows NT domain controller doing this job
    #
    # Domain Logons let Samba be a domain logon server for Windows workstations.
    #
    # Logon Scrpit let yuou specify a script to be run at login time on the client
    # You need to provide it in a share called NETLOGON
    #
    # Logon Path let you specify where user profiles are stored (UNC path)
    #
    # Various scripts can be used on a domain controller or stand-alone
    # machine to add or delete corresponding unix accounts
    #
    ; security = user
    ; passdb backend = tdbsam

    ; domain master = yes
    ; domain logons = yes

    # the login script name depends on the machine name
    ; logon script = %m.bat
    # the login script name depends on the unix user used
    ; logon script = %u.bat
    ; logon path = \\%L\Profiles\%u
    # disables profiles support by specifing an empty path
    ; logon path =

    ; add user script = /usr/sbin/useradd "%u" -n -g users
    ; add group script = /usr/sbin/groupadd "%g"
    ; add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"
    ; delete user script = /usr/sbin/userdel "%u"
    ; delete user from group script = /usr/sbin/userdel "%u" "%g"
    ; delete group script = /usr/sbin/groupdel "%g"


    # ----------------------- Browser Control Options ----------------------------
    #
    # set local master to no if you don't want Samba to become a master
    # browser on your network. Otherwise the normal election rules apply
    #
    # OS Level determines the precedence of this server in master browser
    # elections. The default value should be reasonable
    #
    # Preferred Master causes Samba to force a local browser election on startup
    # and gives it a slightly higher chance of winning the election
    ; local master = no
    ; os level = 33
    ; preferred master = yes

    #----------------------------- Name Resolution -------------------------------
    # Windows Internet Name Serving Support Section:
    # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
    #
    # - WINS Support: Tells the NMBD component of Samba to enable it's WINS Server
    #
    # - WINS Server: Tells the NMBD components of Samba to be a WINS Client
    #
    # - WINS Proxy: Tells Samba to answer name resolution queries on
    # behalf of a non WINS capable client, for this to work there must be
    # at least one WINS Server on the network. The default is NO.
    #
    # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
    # via DNS nslookups.

    ; wins support = yes
    ; wins server = w.x.y.z
    ; wins proxy = yes

    ; dns proxy = yes

    # --------------------------- Printing Options -----------------------------
    #
    # Load Printers let you load automatically the list of printers rather
    # than setting them up individually
    #
    # Cups Options let you pass the cups libs custom options, setting it to raw
    # for example will let you use drivers on your Windows clients
    #
    # Printcap Name let you specify an alternative printcap file
    #
    # You can choose a non default printing system using the Printing option

    # 01/14/2017 - disable printers
    #load printers = yes
    load printers = no
    cups options = raw

    ; printcap name = /etc/printcap
    #obtain list of printers automatically on SystemV
    ; printcap name = lpstat
    ; printing = cups

    # --------------------------- Filesystem Options ---------------------------
    #
    # The following options can be uncommented if the filesystem supports
    # Extended Attributes and they are enabled (usually by the mount option
    # user_xattr). Thess options will let the admin store the DOS attributes
    # in an EA and make samba not mess with the permission bits.
    #
    # Note: these options can also be set just per share, setting them in global
    # makes them the default for all shares

    ; map archive = no
    ; map hidden = no
    ; map read only = no
    ; map system = no
    ; store dos attributes = yes


    #============================ Share Definitions ==============================

    [homes]
    comment = Home Directories
    browseable = no
    writable = yes
    ; valid users = %S
    ; valid users = MYDOMAIN\%S

    [printers]
    comment = All Printers
    path = /var/spool/samba
    browseable = no
    guest ok = no
    writable = no
    printable = yes

    # Un-comment the following and create the netlogon directory for Domain Logons
    ; [netlogon]
    ; comment = Network Logon Service
    ; path = /var/lib/samba/netlogon
    ; guest ok = yes
    ; writable = no
    ; share modes = no



    [public]
    comment = Public shares folder
    path = /u2/public
    valid users = @GROup
    write list = @GROup
    force group = group
    read only = No
    create mask = 0660
    force create mode = 0660
    directory mask = 0770
    force directory mode = 0770


    # Un-comment the following to provide a specific roving profile share
    # the default is to use the user's home directory
    ; [Profiles]
    ; path = /var/lib/samba/profiles
    ; browseable = no
    ; guest ok = yes


    # A publicly accessible directory, but read only, except for people in
    # the "staff" group
    ; [public]
    ; comment = Public Stuff
    ; path = /home/samba
    ; public = yes
    ; writable = yes
    ; printable = no
    ; write list = +staff
      My Computer

  9. Eagle51's Avatar
    Posts : 1,471
    Win10 Home x64 - 1809
       #9

    Hey Artman62,
    Looking at your smbstatus, looks like you're using Groups. If that's the case, then you need to add JOHN to the appropriate Group and to the Samba user group ... Please verify you are using Groups, before using the following commands !!!

    sudo usermod -a -G workXX john

    Where XX is the Group Number (i.e. work01,work02,etc)

    sudo smbpasswd -a john

    You will be prompted to enter and verify a new password for the john (i.e. john's win10 password)

    sudo smbpasswd -e john

    Not sure if you need to enable john or not
      My Computers


  10. Posts : 7
    Windows 10
    Thread Starter
       #10

    Eagle51,
    Yes, the group is WORKGROUP. All users are a member of WORKGROUP. JOHN is a member of WORKGROUP.

    Is there a command I can use to see if JOHN is a member of samba? That is where I think the problem is.

    If you look at the smbstatus output, you will see 4 Machines are using the Dexx username (and corresponding password), which is a Linux admin user, and two are using the user debby username (and password). All machines have their own usernames and passwords, so this should not be.

    If I had to guess, I would say these machines have the same issue as JOHN and they just used the admin user and password to connect.

    Not optimal.
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 14:36.
Find Us




Windows 10 Forums