Samba Share Types in OMV

    • Offizieller Beitrag

    Samba shares types


    OMV has the capability of configuring shares accordingly with their defined user access privileges. This means they won't act in the file system layer they will run in the samba authentication layer. From there the access can be controlled to be read only, write access and guest account log in. This is done with the PRIVILEGES button in the shared folder section not the ACL



    Remember that this is a two leg thing, if write access is enabled and by any chance your share has a modified system permission of 755 (the default is 2775) the authorized user will not be able to write to the share.


    Shares in Samba can be catalogued in OMV into three categories with their most important directives indicated below:


    Non-public (Private): login always required, Guest Allowed denied
    guest ok = no
    valid users = User1, User2, @Group1, @Group2 ## this will deny all none authorized users
    read list = User1, @Group1
    write list = User2, @Group2

    • This means that every user will have to provide valid OMV credentials to access that share.
    • Also this type of shares requires at least one definition of a valid user, otherwise the directive would be empty. THIS WILL ALLOW EVERY USER TO LOG INTO THE SHARE


    Semi-public: when login is not provided, guest user is used. This is the option Guest Allowed from the samba share option


    guest ok = yes
    read list = User1, @Group1
    write list = User2, @Group2


    Notice here if you have a user that you have not set up privileges for (thank means blank tick boxes) he will be able to login anyway and have write access.


    Public only: guest user always used. This is the Guest Only option in the samba share configuration
    guest ok = yes
    guest only = yes


    Notes:

    • The guest account is mapped to system account nobody, he doesn’t belong to group users, thus he HAS BY DEFAULT NO WRITE ACCESS just READ. This is can be reverted modifying the POSIX permissions of the share to 777.
    • These directives are NOT ACL
    • The semi public is valid for OMV version 1.10



    Questions:
    I have setup a semi-public shares how to I enter credentials if the guest will always log in first?


    You have to use windows map network drive feature to provide login credentials




    In Mac OS X you can use CMD+K (if you are in Finder)


    I have guest allowed or guest only enabled, but windows keeps asking for password?


    You probably have an identical windows-omv username. Windows is sending windows account credentials before. If you want to login as Guest type nobody in login and no password. Yes, nobody like this :



    The login keeps saying login denied?


    This is more likely caused by two things:

    • Permission issue (ACL or non default POSIX permission mode/ownership). You can use the reset permission utility provided with omv-extras, next to Shared Folder sections to bring back to default permission and flush problematic ACL's. edit: In OMV3 the reset permission utility is a independent plugin
    • Out of sync password in between linux and samba. This is very rare but it has happened. Test in ssh the following smbpasswd username enter password and try and login again.

    I can't delete files or edit files that other users have created?



    • The default umask in samba is 644 for files. So to enable flexible sharing tick Enable permission inheritance in the samba share settings this will force 664 creation mode. Files created previously need to change their permission mode. Use reset permission utility.
    • Check that you don't have read only enabled. This option overrides privileges and POSIX
  • For those who have trouble with accessing shares from a Win10 machine with a different login and can't logout, try this:


    http://www.howtogeek.com/howto…c-path-drives-in-windows/ and reboot (A shutdown won't work because of the "fast boot" option with Win 10).


    Also, maybe you accidentally made available offline a folder from your share (with the wrong login) [yeah, I messed around big time my initial setup. It's great for learning tought], you can flush the sync data from the Configuration panel -->the Sync Center, under "Manage offline files" [Screen capture in French: "Gérer les fichiers hors connexion". Deactivate and clear your offlines files and reboot (A reboot and not a shut down).
    The Sync Center was always connecting to my shares with my initial login and the command "net use" was reporting nothing with my machine...


    Below a screen capture from the sync center after I reset everything.

  • Hello . I'm completely lost. I have for several days tried to mount a samba with openmediavault.At the moment I am testing with Virtualbox. I have no problem accessing the server via FTP, SSH or any other means of access, except in SMB
    I watched your tutorial and many more again and again the same problems. I created several "users"


    Jean, Pierre, marc and Yves, for future local use only. No external access to the network (no external domain name)I manage to create the SMB server, and it is discovered in w10 (my computer), that of my children on the same network is invisible. (all computers are equipped with w10 or w10 pro)Then I try to connect to each user from my computer to check if the accounts are all ok. And I can't do it, except for one "marc" account. I have all tried deleting Mapping, deleting dns caches, or other wacky ideas. Nothing works. So I decided to delete the users Marc from the server. As a result, I no longer have access to the smb on the w10. I can see it but I cannot connect it.I'm going crazy so much it keeps me from sleeping. If I manage to set up all this OMV server, I can buy the hardware to go on a fixed installation.thanks a lot for your help ||||

  • Hello,

    I’ve a problem login into share folder.


    With a pc not in workgroup smb or nfs always give me a ‘user or password is not correct’


    Using pc in workgroup smb works fine with user login.


    How can I fix?

  • Hello,


    I have the exact same issue. Somebody have an idea?

    Thanks

  • The same issue. Have working laptop at home and wanted to add password for all local folders on servers and for windows it does not work.

    Without any credentials OMV works smoothly, but when you are trying to setup different permission for folder - it sucks.

  • I've noticed a lot of posts similar to the ones above with problems setting up share permissions while searching to fix my issues. I outline my solutions in case it helps others looking at this thread.


    This is my first install of OMV, I am familiar with using Linux Mint, but not a command line guru.


    Problem: couldn't access shared folders with permissions set, and even "open to the world/everyone" access there were odd behaviors. This was the same as others have outlined, no matter what permissions I changed, or setup on OMV, I still couldn't access shared folders.


    Solution: Two things fixed all my issues, and both, were due to my miss-understanding of how things worked.


    1. I used OMV "Disks" menu to "wipe" the disks and then the "File Systems" menu to "create" the file system.

    = Reason: My error was assuming that since I had formatted the data drives as EXT4 with Linux Mint while I was testing them they would be just fine to mount and start using. This was partially correct but I underestimated the issues with the group and user ID assigned to the disks via Linux Mint. I realised the error looking at the permissions and users via SSH for the mounted drives using "ls -l /srv/" comparing with a disk I did wipe with OMV when checking for the problem. It was easier for me to just wipe all the data drives using OMV than muck round with changing owner/group and permissions on the command line, since I was starting with empty drives anyway.


    2. I re-did the passwords for my two users in the "user" menu in OMV.

    = Reason: I had read that sometimes the samba passwords and system password files can get out of sync and to re-do the password for the samba shares is sometimes required. I assumed because I had just install OMV this wasn't my issue, however after trying everything else and finding shared folders worked after wiping the drive as above but samba shares weren't working correctly I did the passwords again. Bingo, everything working fine!


    Being a new user and not being able to find mention of these two things above in any of the posts I read I thought I would join the group and document it in case it helps someone else.

  • kiwibum, did the docs at https://openmediavault.readthe…#creating-a-network-share not help to solve the issue?

    omv 6.9.6-2 (Shaitan) on RPi CM4/4GB with 64bit Kernel 6.1.21-v8+

    2x 6TB 3.5'' HDDs (CMR) formatted with ext4 via 2port PCIe SATA card with ASM1061R chipset providing hardware supported RAID1


    omv 6.9.3-1 (Shaitan) on RPi4/4GB with 32bit Kernel 5.10.63 and WittyPi 3 V2 RTC HAT

    2x 3TB 3.5'' HDDs (CMR) formatted with ext4 in Icy Box IB-RD3662-C31 / hardware supported RAID1

    For Read/Write performance of SMB shares hosted on this hardware see forum here

  • kiwibum, did the docs at https://openmediavault.readthe…#creating-a-network-share not help to solve the issue?

    No, because those docs assume that I had done the setup correctly and wiped the data disks in OMV. Once I realised my error and reformatted my data disks with OMV, following those instructions for creating shared folders worked. Actually, creating the folders worked using the drives formatted by Linux Mint, but accessing the folders via network was problematic. From what I could tell the problem was permissions based.


    I did read the "Solutions to common problems" sticky post in the forums, and heeded the advise regarding changing things outside of OMV interface on config files. This is why I decided to start again with my data drives rather than try to fix the base ownership and permissions via the command line.


    One of the reasons I posted my findings above, I had read a couple of threads where the poster had previous Linux experience and were blaming OMV interface for not doing things correctly. I now wonder if they made the same wrong assumptions I did, we always think we know better;).

  • Hey Guys - this now appears to be quite different in OMV6 ? I can not find any similar screens as shown in the first post in terms of samba user permissions etc ?


    I am trying to do a restricted share on OMV 6 - that will only be accessible from a fixed set of IP addresses and will require a valid login from the OMV users group - just playing around with the options at the moment to get what i want - but they do not seem to be mapping to read me above ?


    Craig

  • Strongly agree with curto, just above. Could somebody make a new thread and un-pin this one? It's years out of date.


    I am finding LOTS of posts on the forum (including mine from yesterday lol) from people who are trying to figure out WTF is up with SMB.


    We need some kind of guidance that is simple and up-to-date.


    I was enjoying the OMV experience, but some changes in 6.x broke my config, and are taking back to my earlier sense that SMB is a pile of sh*t.

    • Offizieller Beitrag

    It's not up to date yet (the screen shots are for OMV5) but the permissions concepts, in the permissions doc, are the same for OMV6 and the screen presentation is not hugely different.

    I can not find any similar screens as shown in the first post in terms of samba user permissions etc ?


    I am trying to do a restricted share on OMV 6 - that will only be accessible from a fixed set of IP addresses and will require a valid login from the OMV users group - just playing around with the options at the moment to get what i want -

    I think you'll find what you want -> here. This link leads to a section of the permissions doc where SMB access using IP's is explained. Note that if an IP address is specified, the user of the IP specified workstation will still be required to have access at the shared folder level. It becomes an "AND" operation. Access will require an allowed IP address AND a user within an authorized group.

    Note that if an address is inserted into the "Allow" field, all workstation IP's that are allowed for that share must be added to the field. (And, as noted in the doc, using DHCP can be problematic.)


    I am finding LOTS of posts on the forum (including mine from yesterday lol) from people who are trying to figure out WTF is up with SMB.


    We need some kind of guidance that is simple and up-to-date.

    Again, while the screen shots are out of date, the concepts are the same. -> Take a look at the Permissions Doc.

  • Again, while the screen shots are out of date, the concepts are the same.

    This is helpful — thanks! Skimming it over, I find this:


    Zitat

    Mixing Standard and Extended permissions can cause inexplicable effects, if not done carefully.


    ...and maybe that's what happened. Need to investigate further.

    • Offizieller Beitrag
    Mixing Standard and Extended permissions can cause inexplicable effects, if not done carefully.

    There is no doubt about this. In Linux, if Standard AND Extended permissions exist for the same user and / or group, the user gets the lowest level access (as noted in the doc). This is opposite of the Windows world where the highest level access is granted, regardless of how it's applied. (This is part of why Windows is easy to compromise.)

    For home use and for the sake of simplicity, there are few good reasons to use Linux Extended (ACL) permissions. It's best to stick with Standard permissions.

  • So, I went through and removed all ACL permissions from my shared folders.


    However, the permissions errors persist.


    Using macOS, I can copy a file from my workstation to the SMB volume and it works. However, if I copy a folder, I find that it gets created with '

    drw-rws---' permissions, i.e., 'x' is missing. At that point, the copy operation fails, and macOS tells me that I don't have permission to read the file inside the folder (this seems incorrect, as I assume it should tell me that the problem is with the destination, not the source files).


    I tried chmod u+x MyFolder on the OMV server, and after that I can copy the file.


    Another strange this is that if I point the macOS Finder and the OMV share and click on the button to create a new folder, it gets created with the u+x permission, as I would expect.


    Is this some kind of bug, or are my permissions still messed up, or... ?

    • Offizieller Beitrag

    First, I'll say that I know next to nothing about Mac's.
    Second: I'm going on the assumption that you've taken the advice in the document and that your shared folder (file permissions) properly match your SMB permissions.
    Third: The following assumes that nothing has happened to break the OS. If CLI permissions changes were done on the OS drive, it would be best to rebuild.
    ________________________________________________________

    There's a few things you can try, testing access as you go with each of the following:
    - In Shared Folder permissions, with file/folder permissions set properly (the group users should be Read/Write/Execute), use the "Replace all existing permissions" with "Recursive" checked.
    - In the Samba share, in extra options, use the statement:
    write list=@users

    (The above assumes that you created users in the GUI that are added, by default, to the group named "users".)
    - You could try turning off whatever your Mac uses as a firewall, just as test. (I'm assuming that OMV's firewall is still at default install settings.)
    - You could try setting the Shared Folder to "Others" Read/Write/Execute AND the Group users to Read/Write/Execute. Set the SMB share to "Guests Allowed". Then see what happens. (This is wide open permissions for all clients on the local LAN.)

    - Finally (I've only seen this once) you can set "Privileges" for the user affected to Read/Write. (Under Storage, Shared Folders, Privileges.) This shouldn't be necessary but you mentioned the "x" (execute) flag, so this may have something to do with a program on the Mac.
    - If you're using chmod on the CLI, assuming "users" is the group, chmod g+x might be better or even chmod o+x.
    (To prevent odd scenarios, I'd recommend avoiding the CLI and sticking with permission changes in the GUI.)

    Finally, I have no idea what the format is for the data drive in use and what, exactly, formatted it. I'm assuming EXT4 or another native format to Linux AND that the drive was formatted by OMV. 

    If the drive was formatted by Windows (NTFS) or a Mac (HFS), that's not a good idea. There's no one to one permissions mapping between these drive formats and Linux formats. (Yes, this happens a lot.)

    If the data disk was created by another Linux workstation it's a foreign volume. To straighten out permissions on a foreign volume or other persistent permissions issues, there's a plugin called openmediavault-resetperms that can force a reset of shared folder permissions. If you use it, I'd recommend going with "Everyone" Read/Write and check the box for Clear ACL's. You can tighten permissions up when the problem is cleared.

    Finally, (assuming the data disk was formatted by OMV) create a new share exactly as described -> here. No variations other than whatever you decide to name the share. See how the Mac deals with it.


  • Borbio In #15 above you said you "removed all ACL permissions from my shared folders." I'm wondering how you did that. In my brief, but not current, use of OMV6, the "shared folder ACL" webui does not have a "strip ACL" function. The only way I know of doing this is at the CLI.


    I hesitate to quibble with crashtest who's time and effort went into creating that permissions doc, but it includes the statement that "Extended Permissions are not native to Linux", which to my mind is incorrect. If you agree that "native" in this context means "designed to support", then clearly ACLs are native to Linux in both the kernel config and the various filesystems it's designed to work with (see mount options used in your /etc/fstab file). But an important question is which type of ACL does Linux support?


    Linux supports POSIX.1e while MAC OS, which is Unix like, supports NFSv4 ACLs and Windows ACLs are close to but not exactly the same as NFSv4 ACLs. Using ACLS in OMV6 and sharing the data via SAMBA with a MAC us problematic. AFAIK, SAMBA's translation between POSIX and NFSv4 ACLs is imperfect and you certainly wouldn't want to try to change ALCs from the MAC side in finder. Of course, y ou are also left head-scratching as to which of SAMBA's various optional parameters and vfs objects should be used and added to your share definition to get anything like a usable config.

  • Borbio In #15 above you said you "removed all ACL permissions from my shared folders." I'm wondering how you did that. In my brief, but not current, use of OMV6, the "shared folder ACL" webui does not have a "strip ACL" function. The only way I know of doing this is at the CLI.

    use resetpermission plugin:


  • raulfg3 A whole extra plugin and webgui clutter when you could use "setfacl -b" or "seftacl -b -R" at the CLI?

    Yes, if you are not familiar with CLI, of course you can do what you want:


Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!