17 Replies Latest reply on Aug 17, 2018 8:04 AM by jack.chaney56

    A File Server That Won't Share Shares

    oghma

      I've moved on from my first post "What Are The Basics?"

       

      For context, my HW:

      Raspberry Pi 3 B+ and a 16Gb mSD card with LITE imaged onto it

      Pi-Desktop and a Kingston 480Gb mSATA

      USB Keyboard/Mouse combo

      10.1” TFT LCD Colour Monitor and a 20cm HDMI cable

       

      For context, my environment::

      Cat5e with RJ45 ports leading to a HP hub.

      (Wi-Fi useless in my old house with thick walls. Not willing to spend a fortune with Wi-Fi extenders. Tried one - doesn't work well.)

      What I've done:
      used fstab to mount three partitions on the mSATA so they are there at bootup.
      lines follow the format:

      PARTUUID=5daf9610-09    /mnt/MYLABEL    vfat    defaults,auto,umask=000,users,rw 0 0

      where 09 is either 01, 02 or 03 and MYLABEL are the three associated folders in /mnt that are my mountpoints.

       

      When I issue a "mount" command I get:

      /dev/sda9 on /mnt/MYLABEL type vfat (rw, nosuid,nodev,noexec,relatime,fmask=000,dmask=000,allow_utime=0022,codepage=437,iocharset=asci,shortname=mixed.errors=remount-ro)

      where 9 is either 1, 2 or 3 and MYLABEL are the three associated folders in /mnt that are my mountpoints.

      The options "nosuid, nodev and noexec" are unexpected, as I thought the opposite values are set by the "default" option.

       

      I have confirmed that these mounts are owned by root.

       

      I have updated the smb.conf with the following:

      [global]

      case sensitive = auto

      preserve case = yes

      short preserve case = yes

      netbios name = Pi

      server string = RaspFS01

      workgroup = MYWKGRP

       

      [MYSHARE9]

      # share for the partition MYLABEL

      path = /mnt/MYLABEL

      comment = My sharing folders

      browseable = yes

      writeable = yes

      only guest = no

      create mask = 0777

      directory mask = 0777

      public=no

      valid users = MYUSERS

      force group = MYWKGRP

       

      where 9 is 1, 2 or 3. MYLABEL is the same as the mountpoints above. MYUSERS is a comma seperated list of accounts I created including the user pi (See my next step). MYWKGRP is the workgroup I have on my PC.

       

      I have set up users using "adduser" command

      I have also made them members of the same groups as user pi

       

      I have made the Pi boot with a static IP address and identified the static gateway and static_domain_name_servers as my BT Router.
      Once rebooted I can ping google, so I'm still connected to the internet. I've also successfully run the update on the OS.
      Now the fun!
      When I try to create a mapping from my PC to the Pi, I get "Access Denied" no matter what user I use, even pi.
      I ran the diagnostics from my PC and I can find the server, (although it does not show up in Networks). I even confirm the share exists. I just can't map to it.
      I try to change the ownership of the mounts from root using the chmod command, but I get "Operation is not allowed". (Yes with sudo.)
      I can't seem to allow any user to use these mounts remotely. I can only use them from the Pi! This is not a file server, but just a workstation. I can't find a way to associate MYWKGRP with these mounts with the right permissions.
      I've seen a way to explicitly state a user and passwaord in the fstab file, but that would not syncronise with any change of password with the PC. (Not to mention the horrible hole in security!)
      Can anyone tell me what I'm missing? Thanks for reading this far.
        • Re: A File Server That Won't Share Shares
          shabaz

          Hi Steven,

           

          Great that things have progressed. Regarding the current issue, I'm not sure of the answer, but there were some comments here that could be useful:

          https://www.raspberrypi.org/forums/viewtopic.php?t=40130

          One of the comments mentions changing the permissions and ownership (chmod and chgrp or chown) of the folders and content prior to doing the mount.

          Snippet from there:

          You have to create the folder with the user used to mount the partition. The mount will not overwrite this ownership and rights. Only the content of the mounted partition will use this rights

          Also on most modern linux distributions, the chown is for the root user so that's why you have the permission denied message

          So first unmount the partition, do the chown with sudo, do the chmod with sudo and do again the mount

           

           

          3 of 3 people found this helpful
          • Re: A File Server That Won't Share Shares
            14rhb

            Steven,

             

            Useful reading material on NFS and file access - I think your anser can be found in there, especially if you set up NFS.

             

            https://linuxconfig.org/how-to-configure-nfs-on-linux

             

            https://raspberrypi.stackexchange.com/questions/87057/cannot-automatically-mount-nfs-share-to-raspberry-pi

             

            https://serverfault.com/questions/212178/chown-on-a-mounted-nfs-partition-gives-operation-not-permitted

             

            The last link perhaps contains something really useful...

            "By default the root_squash export option is turned on, therefore NFS does not allow a root user from the client to perform operations as root on the server, instead mapping it to the user/group id specified by anonuid and anongid options (default=65534). This is configurable in /etc/exports together with other export options."

             

            Rod

            2 of 2 people found this helpful
              • Re: A File Server That Won't Share Shares
                oghma

                14rhb,

                Thanks for the imput, but I only have one Linux machine - the Pi. Not going to migrate my entire collection of computers over-night, especially since I'm having these issues.

                 

                shabaz,

                 

                This was useful. I went back to my notes on what I did and realised that I did not modify the permissions on the /mnt/MYLABELS mount points. So...

                 

                umount the three /MYLABELS

                 

                ls -l gives:

                drwxr-xr-x 2 root root 4096 Jul 24 15:34 MYLABEL

                where MYLABEL is one of my three mount point folders. They are all the same.

                 

                sudo chmod 777 /mnt/MYLABEL

                Did this for all three.

                 

                sudo chgrp users *

                (I only have the three mount point folders in /mnt, so I changed all of them at once.)

                 

                ls -l now gives:

                drwxrwxrwx 2 root users 4096 Jul 24 15:34 MYLABEL

                where MYLABEL is as above.

                 

                 

                Now I try to map from Windows 10.

                 

                Network still doesn't show the Pi. However, I can ping either the IP or the HostName from my PC.

                 

                When I use \\HostName\SHARENAME

                where SHARENAME is the section name in smb.conf, I can 'browse' and see all the shares.

                 

                However, providing the credentials of my new user I get the same Access Denied message.

                Providing the credentials of the user pi I get the message 'The user name or password is incorrect'.

                Obviously I rechecked the passwords by logging in and out with both the user pi and my new user. Both worked.

                 

                 

                I seem to be creeping forward, but as you can imagine, this is very frustrating. There seems to be no central admin tool like there was in Novel. I'm sure I'm at the point where this behaviour is so unlikely that a solution is far from obvious. As I'm exhibiting more experience than the average newbie, I don't know if the assumption will be that I've done everything right, so the response will be, "Well, that's a poser!". I'm willing to check every step, again. But I'm currently out of ideas on where to look. Everything seems fine to me, except that it doesn't work. Thanks for reading this far.

                1 of 1 people found this helpful
                  • Re: A File Server That Won't Share Shares
                    14rhb

                    Hi Steven,

                     

                    My apologies - I misread your post and thought you were trying to transfer between two Linux boxes....in which case you can ignore all of what I've said (unless you are bored and want a good read ).

                     

                    The command lsblk and the utility gnome-disks are sometimes useful for seeing what is mounted/unmounted and where they reside. When I've had errors refusing access after mounting a usb pendrive I've also used sudo chown -hR <user><group> <path to drive> 

                     

                    regards,

                     

                    Rod

                      • Re: A File Server That Won't Share Shares
                        oghma

                        14rhb/Rod,

                         

                        The lsblk command shows what I expect. The sda name is split into my three partitions.

                         

                        The gnome-disks utility is for GUI, but I have a LITE installation. I'm deliberatly avoiding a GUI install to increate the available space for my Spooler, if I ever get that far!

                         

                        The chown command has now changed the owner, so ls -l now gives:

                        drwxrwxrwx 2 pi users 4096 Jul 24 15:33 MYLABEL
                        where MYLABEL are the three associated folders in /mnt that are my mountpoints.
                        This has made no difference to the problem I have, as stated in my post after shabaz. I still can't map to the MYLABELs. Credentials on my user gives Access Denied, and pi credentials still give me a 'The user name or password is incorrect' message.
                        I can't help be think that this is a permissions issue. However, I don't know how to make all the different areas match. Can someone give me pointers to check what where? Thanks for reading this far.
                          • Re: A File Server That Won't Share Shares
                            shabaz

                            I'm wondering if the errors you're getting could be specific to the Windows versions. What is the precise text of the error messages?

                            There are some error messages on XP described here:

                            https://ask.fedoraproject.org/en/question/109910/samba-and-windows-xp-unknown-user-name-or-bad-password/

                            However with Windows 10 which you mention you tried, it refers to a slightly different error that doesn't mention the username:

                            https://superuser.com/questions/1125438/windows-10-password-error-with-samba-share

                            Anyway it could be worth making the changes suggested in these links too, in case it helps.

                            Unfortunately I've not tried this, so I can only suggest some vague ideas : (

                            Sometimes I'll also try to do a packet capture to see how far the protocol got, but I don't know this protocol well enough to be sure if this is a good idea, or a useless idea.

                            There could also possibly be error messages somewhere in /var/log on the pi (type ls -altr to see the latest modified files there as the last ones in the list).

                            3 of 3 people found this helpful
                              • Re: A File Server That Won't Share Shares
                                oghma

                                shabaz,

                                 

                                I am only using Windows 10. The second link has lead me on a trail to use make amendments to my smb.conf and the pdbedit utility. It turns out that I added the pi user to samba, but not the new user. D'oh!

                                 

                                Not quite there yet, as I'm still getting an error message, all be it a different one. However, I did manage to map to the Pi, but not with one of my shares! I just have to figure out where it connects to and why, then I might make some progress. It's taken me all day, so I've not even begun on Sean's help yet.

                                 

                                I'll keep you both posted on my progress and the new lines in smb.conf, when it's a bit more stable. Thanks guys so far.

                      • Re: A File Server That Won't Share Shares
                        colporteur

                        The last time i setup SAMBA was using the configuration from the following site.

                        https://github.com/thinkst/opencanary

                        It is a wide open share but it did work.

                         

                        My thoughts are once you can see and interact with the share (i.e. working), you can make the access control changes.

                         

                        I have limited MS windows knowledge so I am of little help when it comes to active directory tweaks in SAMBA.

                         

                        Sean

                        1 of 1 people found this helpful
                        • Re: A File Server That Won't Share Shares
                          oghma

                          The story so far:

                           

                          From the second link sueested by shabaz I've added the following lines to my smb.conf. (some where already there, but I include them for completeness.):

                           

                          #### Dubugging/Accounting ####

                          log file = /var/log/samba/log.%m

                          max log size = 100

                          syslog = 0

                           

                          ###### Authentication ######

                           

                          server role = standalone server

                          passdb backend = tdbsam

                          obey pam restrictions = yes

                          unix password sync = yes

                          password program = /usr/bin/passwd %u

                          password chat = *Enter\snew\spassword:* *Retype\snew\spassword:* %n\n *password\supdated\ssuccessfully*

                          pam password change = yes

                          map to guest = bad user

                           

                          ntlm auth = yes

                          encrypt passwords = yes

                          smb passwd file = /etc/samba/smbpasswd

                          security = user

                          dns proxy = no

                           

                          [homes]

                          read only = no

                          create mask = 0775

                          directory mask = 0775

                          valid users = %S

                           

                          Each share section still looks like this:

                           

                          [shMYSHARE]

                          # share for the partition MYSHARE

                          path = /mnt/MYSHARE

                          comment = Primary sharing folders

                          browseable = yes

                          writeable = yes

                          only guest = no

                          guest ok = no

                          create mask = 0777

                          directory mask = 0777

                          public=no

                          valid users = MYUSERS  # user list separated by commas

                          force group = MYWORKGROUP

                           

                          There are three MYSHARE sections.

                           

                          Now to what happens:

                           

                          I've managed to create a share called MYUSER which maps to the home directory of the user I log in as. Don't ask me how! I've chmod the permissions on the home directory to be rwxrwxrwx. As you can see above in the [homes] section , I've also changed the masks to 0775. This allows me to map to my 16Gb mSD card home directory. However, I still can't map to my shares. I get a different error message now. :

                           

                          I'm still thinking this is a permissions issue, but I've given all the permissions I can think of.

                           

                          The opencanary app suggested by sean looks terrifying. I'm on the Internet all the time, and having a completely open Pi is not what I want to do. I know Unix viruses are far less common, but hackers do things for 'fun'. Of course, they are never 'fun' for the poor victim. I just don't want to line myself up to be one.

                           

                          Is there a permissions editor to manage the whole set from O/S through samba to files and directories? This sure would make my life a lot easier! So, limiting the advise to the permission issues on the Pi, what do you suggest? What's my checklist? Thank you for reading this far.

                          1 of 1 people found this helpful
                            • Re: A File Server That Won't Share Shares
                              colporteur

                              The configuration provided for use in opencanary I would not recommended for public use. I suggested it as as starting point since it was a known good configuration that last time I used SAMBA. If it worked (i.e. you saw the share and files) than you at least have a working install. By the sound of it, you are not at working.

                               

                              Can you ping the Pi from the windows desktop PC? i.e. ping <IP Address>

                              I noticed you workgroup listing is MYWORKGROUP. Confirm that is what your windows desktop is using. I thought windows default was workgroup but I have limited experience with windows and try to keep it that way.

                               

                              Sean

                              1 of 1 people found this helpful
                                • Re: A File Server That Won't Share Shares
                                  oghma

                                  Sean,

                                   

                                  As I stated on my 6-Aug-2018 reply I can ping using both HOSTNAME and IPaddress. I have rechecked this and both still work.

                                   

                                  The default Windows workgroup is indeed WORKGROUP. However, I have changed it on both the Pi and my Windows 10 PC to the same thing, (even in the same case).

                                   

                                  As I can authenticate to this misterious "User share" that is not mentioned in any of my configuration files, I am assuming that the server and authentication parts work. When I map to the "User share", I don't even have to provide a password, as I have already syncronised the passwords on the Pi and the PC. When I try to map to the Shares, I get the error message above. (9-Aug-2018 reply)

                                   

                                  In order to keep my network simple, I have everything on the same subnet as my BT hub. This means that I do not need another router, nore do I need a DNS table. I feel that this would add yet another complication, and I appear to have enough of those to keep me occupied!

                                   

                                  Continued below...

                                  1 of 1 people found this helpful
                              • Re: A File Server That Won't Share Shares
                                jack.chaney56

                                I'd like to suggest checking out http://www.linuxfromscratch.org and checking out the Beyond Linux From Scratch section. In there (Section IV. Networking) it covers software and configuration for setting up SAMBA as well as several other server host options.

                                 

                                Jack

                                2 of 2 people found this helpful
                                  • Re: A File Server That Won't Share Shares
                                    oghma

                                    Jack,

                                     

                                    This looks like the most comprehensive collection of actual configuration advice I've seen to-date. Thank you.

                                     

                                    I take your point that at this stage you are drawing my attention to particular sections, however, I feel that I should take a look at the whole journey to improve my understanding of how the parts of Linux work together. It's been far too long since I built servers, and I think the whole thing will do me some good. I plan to start with the first book before getting to the Beyond Linux From Scratch page(s). Of course, the only down side of this is that there are 370 pages in the first book alone!

                                     

                                    Thanks again. I'll let you know how I get on. (I'm a slow reader, so this could take a while.)

                                      • Re: A File Server That Won't Share Shares
                                        ebalem

                                        I've just seen your posts and the suggestions about share problems, and I wonder if the problem is with windows 10 not your pi server.

                                        In recent builds of win10 they have removed the homegroup support and do not by default include support for older versions of smb sharing.

                                        Simple workgroup sharing is now much more tricky even between windows pc's. It may be worth you searching on these issues to find more info.

                                        1 of 1 people found this helpful
                                          • Re: A File Server That Won't Share Shares
                                            oghma

                                            Eddie,

                                             

                                            I was never using the <HOMEGROUP> feature. Also, as my nework is on the same subnet, I did not need to use a <DOMAIN>.

                                             

                                            I've checked that <MYWORKGROUP> is set for both the Pi and my PC. I can also see another Win10 PC on the same subnet, with the same <MYWORKGROUP>. The windows side would appear to be behaving itself!

                                             

                                            I keep coming back to the permissions or the mount parameters. I'm about half way through the big read from Jack's post. I'll keep you all posted with my progress. Thanks again for your advice.

                                          • Re: A File Server That Won't Share Shares
                                            jack.chaney56

                                            I have been through the exercise of doing an LFS install since back in the early versions (When BLFS only had one X solution). The process becomes easier each time I repeat it. Two things to note if you are going to take the giant step and create your own installation. First, I can almost guarantee you won't get it right the first time, so expect to have to repeat the process a few times. Second, the lack of baggage (extra services, and drivers) greatly reduces the load on the processor. You will be astounded by the increase in speed, when all the useless stuff isn't running in the background.

                                             

                                            If you are hooking a shared server on a network, it might be a good idea to go over the sections on security implementations.

                                             

                                            Jack

                                             

                                            ps. I just remembered there is a new listing for LFS on RPi. I haven't tried it out yet, but I am sure it will prove similar. The biggest issue I always run into is building the kernel with all the switches set correctly. Since RPi is generally a single image, the switches should all be known.