SMB/CIFS guest access problem

    This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

    • SMB/CIFS guest access problem

      Hi,

      I recently upgraded from OMV Version 0.2 to 0.3 (now running 0.3.0.18) and I have problems regarding SMB/CIFS and access rights.

      I have several folders that I want to share via SMB/CIFS (read only and guest access, i.e. without entering user and password)
      These folders should also be shared via FTP (read and write via user ftpadmin)

      Example:

      +++ Shared Folders +++
      Name: Test
      Privileges: ftpadmin: read/write
      ACL: ftpadmin: read/write

      +++ SMB/CIFS +++
      Shared Folder: Test
      Public: yes
      Read only: yes
      (all other settings: default values)

      +++ FTP +++
      Shared Folder: Test

      Now I can access the folder "Test" via FTP (user: ftpadmin) and I have read/write access.
      But when I access via SMB/CIFS (Win7), I have to enter a user name and password.
      If I remove the privileges (ftpadmin: read/write) I can access the folder via SMB/CIFS without entering user and password.
      But that of course has the consequence that I can not see the folder via FTP (user: ftpadmin).


      This worked with OMV 0.2
      Does anyone have any idea how to solve this problem?

      Regards
    • Re: SMB/CIFS guest access problem

      As shown at the bottom of the privileges dialog these settings are only used to configure the access rights for the several services. The filesystem permissions must be set using the ACL browser. Most services, e.g. SMB, also depend on the filesystem permissions, thus you have to configurte these correctly. You will find the nobody user in the ACL browser dialog for example.
      Absolutely no support through PM!

      I must not fear.
      Fear is the mind-killer.
      Fear is the little-death that brings total obliteration.
      I will face my fear.
      I will permit it to pass over me and through me.
      And when it has gone past I will turn the inner eye to see its path.
      Where the fear has gone there will be nothing.
      Only I will remain.

      Litany against fear by Bene Gesserit
    • Re: SMB/CIFS guest access problem

      Yes I know, but it's a access right problem, isn't it?
      If I set read/write for nobody user in the ACL browser dialog, it doesn't help.

      The question is, what I have to do for:
      - share a folder via SMB/CIFS (read only and guest access, i.e. without entering user and password) and
      - share the same folder via FTP (read and write with user ftpadmin)
    • Re: SMB/CIFS guest access problem

      For the public share, set the ACL to read/write for nobody, owner, users and others. On the main page for SMB, check Allow client access to accounts with null passwords. Then, on your public share for SMB, check Public and Inherit ACLs. That should make your public share readable and writable by anyone without a login. If you want it read only for guests, simply set the nobody user in ACL to read only, and select which users/groups are allowed to write. Don't check any options for service privileges, or the share will prompt for a login.
    • Re: SMB/CIFS guest access problem

      Create a new share for users, and then go to the users section, click on the Settings tab. Enable the user home directory, and select the user share you just created. Make sure the new share is readable by that user. I actually had a similar issue for FTP, but the solution I gave you previously was specifically for SMB.
    • Re: SMB/CIFS guest access problem

      Sorry for the late reply, but I had no time to deal with OMV.

      "Spy Alelo" wrote:

      Create a new share for users, and then go to the users section, click on the Settings tab. Enable the user home directory, and select the user share you just created. Make sure the new share is readable by that user. I actually had a similar issue for FTP, but the solution I gave you previously was specifically for SMB.

      This maybe works, but for me this is only a workaround. I don't want to create a user home directory.
      All folders are in the root directory:
      /folder1
      /folder2
      /folder3
      ...

      With your solution I must create a home folder e.g. /homedir and put all my folder in:
      /homedir/folder1
      /homedir/folder2
      /homedir/folder3
      ...

      =========================================================

      I found another temporary solution (but the web interface overwrites this file always).
      When I add nobody to valid users in /etc/samba/smb.conf, all works as before:
      (Valid users conflicts with guest ok = yes ?)

      Source Code

      1. [Test]
      2. path = /media/d1dafd37-10d7-4fd2-9ff8-7a11bc45ed27/test
      3. guest ok = yes
      4. read only = yes
      5. browseable = yes
      6. inherit acls = yes
      7. inherit permissions = no
      8. ea support = no
      9. store dos attributes = no
      10. printable = no
      11. create mask = 0755
      12. force create mode = 0644
      13. directory mask = 0755
      14. force directory mode = 0755
      15. hide dot files = yes
      16. valid users = ftpadmin nobody
      17. invalid users =
      18. read list =
      Display All


      /EDIT:
      I changed the line validusers="" to validusers="nobody" in the file /usr/share/openmediavault/scripts/samba.d/20shares. So I have solved my problem but maybe the solution has some side effects. The file has to edit after every OMV update.
    • Re: SMB/CIFS guest access problem

      Hey, guys, I found the #1 reason for this problem and I think that this can be easily fixed. Here's what's going on:

      When directory is created and give public/guest access right the smb.conf for a given share contains:

      Source Code

      1. ...
      2. guest ok = yes
      3. ...
      4. valid users =
      5. ...
      6. write list =
      7. ...

      and everything works fine.

      Then if you make user "UserX", click on share->permission and check "Read/Write" for user XYZ the smb.conf now has:

      Source Code

      1. ...
      2. guest ok = yes
      3. ...
      4. valid users = UserX
      5. ...
      6. write list = UserX
      7. ...


      So Samba ignores the "guest ok = yes" and is looking only for "UserX" user. Also in syslog you can see message:

      Source Code

      1. Dec 5 01:48:56 NAS smbd[7167]: change_to_user: SMB user YOUR_WINDOWS_OR_LINUX_USERNAME (unix user nobody, vuid 100) not permitted access to share YOUR_SHARE_NAME.

      i.e. user "nobody" is no longer given the access, thus making share not public anymore.


      And here's how Volker can fix this bug (2 choices):

      1) If "Public" (guest ok = yes) is set in smb.conf, then make enabling Permission "Read/Write" on share not add any entries to "valid users =" and "write list =" entries in smb.conf

      or

      2) If "Public" (guiest ok = yes) is set for share in smb.conf, then when enabling "Read/Write" Permission on share also add ", nobody" to "valid users =" and "write list =" entries in smb.conf, so entries become like:

      Source Code

      1. ...
      2. guest ok = yes
      3. ...
      4. valid users = UserX,UserY,UserZ,nobody
      5. ...
      6. write list = UserX,UserY,UserZ,nobody
      7. ...



      Any of the above 2 solutions will fix this annoyance and make FTP with password + SMB Guest on the same share work smoothly.






      EDIT: Oh, Daifel, I haven't seen your post, didn't switch to second page. You've found the problem as such too. Though I think if you enable nobody on a global level it might always allow that even for the shares that you don't want to. So doing either one of the 2 solutions above sounds like a logical way it should work, i.e. only if "guest ok = yes" is set for a given share, then append ", nobody" to vaild users and write list. I hope Volker can fix this soon.
    • Re: SMB/CIFS guest access problem

      "premudriy" wrote:

      Hey, guys, I found the #1 reason for this problem and I think that this can be easily fixed. Here's what's going on:

      When directory is created and give public/guest access right the smb.conf for a given share contains:

      Source Code

      1. ...
      2. guest ok = yes
      3. ...
      4. valid users =
      5. ...
      6. write list =
      7. ...

      and everything works fine.

      Then if you make user "UserX", click on share->permission and check "Read/Write" for user XYZ the smb.conf now has:

      Source Code

      1. ...
      2. guest ok = yes
      3. ...
      4. valid users = UserX
      5. ...
      6. write list = UserX
      7. ...


      So Samba ignores the "guest ok = yes" and is looking only for "UserX" user. Also in syslog you can see message:

      Source Code

      1. Dec 5 01:48:56 NAS smbd[7167]: change_to_user: SMB user YOUR_WINDOWS_OR_LINUX_USERNAME (unix user nobody, vuid 100) not permitted access to share YOUR_SHARE_NAME.

      i.e. user "nobody" is no longer given the access, thus making share not public anymore.


      And here's how Volker can fix this bug (2 choices):

      1) If "Public" (guest ok = yes) is set in smb.conf, then make enabling Permission "Read/Write" on share not add any entries to "valid users =" and "write list =" entries in smb.conf

      or

      2) If "Public" (guiest ok = yes) is set for share in smb.conf, then when enabling "Read/Write" Permission on share also add ", nobody" to "valid users =" and "write list =" entries in smb.conf, so entries become like:

      Source Code

      1. ...
      2. guest ok = yes
      3. ...
      4. valid users = UserX,UserY,UserZ,nobody
      5. ...
      6. write list = UserX,UserY,UserZ,nobody
      7. ...



      Any of the above 2 solutions will fix this annoyance and make FTP with password + SMB Guest on the same share work smoothly.






      EDIT: Oh, Daifel, I haven't seen your post, didn't switch to second page. You've found the problem as such too. Though I think if you enable nobody on a global level it might always allow that even for the shares that you don't want to. So doing either one of the 2 solutions above sounds like a logical way it should work, i.e. only if "guest ok = yes" is set for a given share, then append ", nobody" to vaild users and write list. I hope Volker can fix this soon.


      Fix has been done in openmediavault 0.4.9, see openmediavault.svn.sourceforge…iew=revision&revision=416. Thanks for the research and tip.

      I have added the guest account user to the valid/write user lists, thus the configured user privileges still apply, too.

      P.S.: Please open a new bug report next time, this will speed up the process. Second, i can not read all posts, thus some posts like yours might get missed.
      Absolutely no support through PM!

      I must not fear.
      Fear is the mind-killer.
      Fear is the little-death that brings total obliteration.
      I will face my fear.
      I will permit it to pass over me and through me.
      And when it has gone past I will turn the inner eye to see its path.
      Where the fear has gone there will be nothing.
      Only I will remain.

      Litany against fear by Bene Gesserit
    • Re: SMB/CIFS guest access problem

      The bugfix has some side effects, please see forums.openmediavault.org/viewtopic.php?f=14&t=1239. Any tips to fix that are welcome. I have opened a bugreport for that: bugtracker.openmediavault.org/view.php?id=681
      Absolutely no support through PM!

      I must not fear.
      Fear is the mind-killer.
      Fear is the little-death that brings total obliteration.
      I will face my fear.
      I will permit it to pass over me and through me.
      And when it has gone past I will turn the inner eye to see its path.
      Where the fear has gone there will be nothing.
      Only I will remain.

      Litany against fear by Bene Gesserit