SMB/CIFS guest access problem

  • Hi,


    I recently upgraded from OMV Version 0.2 to 0.3 (now running 0.3.0.18) and I have problems regarding SMB/CIFS and access rights.


    I have several folders that I want to share via SMB/CIFS (read only and guest access, i.e. without entering user and password)
    These folders should also be shared via FTP (read and write via user ftpadmin)


    Example:


    +++ Shared Folders +++
    Name: Test
    Privileges: ftpadmin: read/write
    ACL: ftpadmin: read/write


    +++ SMB/CIFS +++
    Shared Folder: Test
    Public: yes
    Read only: yes
    (all other settings: default values)


    +++ FTP +++
    Shared Folder: Test


    Now I can access the folder "Test" via FTP (user: ftpadmin) and I have read/write access.
    But when I access via SMB/CIFS (Win7), I have to enter a user name and password.
    If I remove the privileges (ftpadmin: read/write) I can access the folder via SMB/CIFS without entering user and password.
    But that of course has the consequence that I can not see the folder via FTP (user: ftpadmin).



    This worked with OMV 0.2
    Does anyone have any idea how to solve this problem?


    Regards

  • Tested also with a clean installation on a virtual machine - same problem.


    Where are all the system users like nobody under privileges?
    I think adding user nobody under shared folders privileges would fix the problem?!

    • Offizieller Beitrag

    As shown at the bottom of the privileges dialog these settings are only used to configure the access rights for the several services. The filesystem permissions must be set using the ACL browser. Most services, e.g. SMB, also depend on the filesystem permissions, thus you have to configurte these correctly. You will find the nobody user in the ACL browser dialog for example.

  • Yes I know, but it's a access right problem, isn't it?
    If I set read/write for nobody user in the ACL browser dialog, it doesn't help.


    The question is, what I have to do for:
    - share a folder via SMB/CIFS (read only and guest access, i.e. without entering user and password) and
    - share the same folder via FTP (read and write with user ftpadmin)

  • For the public share, set the ACL to read/write for nobody, owner, users and others. On the main page for SMB, check Allow client access to accounts with null passwords. Then, on your public share for SMB, check Public and Inherit ACLs. That should make your public share readable and writable by anyone without a login. If you want it read only for guests, simply set the nobody user in ACL to read only, and select which users/groups are allowed to write. Don't check any options for service privileges, or the share will prompt for a login.

  • Create a new share for users, and then go to the users section, click on the Settings tab. Enable the user home directory, and select the user share you just created. Make sure the new share is readable by that user. I actually had a similar issue for FTP, but the solution I gave you previously was specifically for SMB.

  • Sorry for the late reply, but I had no time to deal with OMV.


    Zitat von "Spy Alelo"

    Create a new share for users, and then go to the users section, click on the Settings tab. Enable the user home directory, and select the user share you just created. Make sure the new share is readable by that user. I actually had a similar issue for FTP, but the solution I gave you previously was specifically for SMB.


    This maybe works, but for me this is only a workaround. I don't want to create a user home directory.
    All folders are in the root directory:
    /folder1
    /folder2
    /folder3
    ...


    With your solution I must create a home folder e.g. /homedir and put all my folder in:
    /homedir/folder1
    /homedir/folder2
    /homedir/folder3
    ...


    =========================================================


    I found another temporary solution (but the web interface overwrites this file always).
    When I add nobody to valid users in /etc/samba/smb.conf, all works as before:
    (Valid users conflicts with guest ok = yes ?)


    /EDIT:
    I changed the line validusers="" to validusers="nobody" in the file /usr/share/openmediavault/scripts/samba.d/20shares. So I have solved my problem but maybe the solution has some side effects. The file has to edit after every OMV update.

  • Hey, guys, I found the #1 reason for this problem and I think that this can be easily fixed. Here's what's going on:


    When directory is created and give public/guest access right the smb.conf for a given share contains:

    Code
    ...
    guest ok = yes
    ...
    valid users =
    ...
    write list =
    ...


    and everything works fine.


    Then if you make user "UserX", click on share->permission and check "Read/Write" for user XYZ the smb.conf now has:

    Code
    ...
    guest ok = yes
    ...
    valid users = UserX
    ...
    write list = UserX
    ...


    So Samba ignores the "guest ok = yes" and is looking only for "UserX" user. Also in syslog you can see message:

    Code
    Dec  5 01:48:56 NAS smbd[7167]:   change_to_user: SMB user YOUR_WINDOWS_OR_LINUX_USERNAME (unix user nobody, vuid 100) not permitted access to share YOUR_SHARE_NAME.


    i.e. user "nobody" is no longer given the access, thus making share not public anymore.



    And here's how Volker can fix this bug (2 choices):


    1) If "Public" (guest ok = yes) is set in smb.conf, then make enabling Permission "Read/Write" on share not add any entries to "valid users =" and "write list =" entries in smb.conf


    or


    2) If "Public" (guiest ok = yes) is set for share in smb.conf, then when enabling "Read/Write" Permission on share also add ", nobody" to "valid users =" and "write list =" entries in smb.conf, so entries become like:

    Code
    ...
    guest ok = yes
    ...
    valid users = UserX,UserY,UserZ,nobody
    ...
    write list = UserX,UserY,UserZ,nobody
    ...



    Any of the above 2 solutions will fix this annoyance and make FTP with password + SMB Guest on the same share work smoothly.







    EDIT: Oh, Daifel, I haven't seen your post, didn't switch to second page. You've found the problem as such too. Though I think if you enable nobody on a global level it might always allow that even for the shares that you don't want to. So doing either one of the 2 solutions above sounds like a logical way it should work, i.e. only if "guest ok = yes" is set for a given share, then append ", nobody" to vaild users and write list. I hope Volker can fix this soon.

    • Offizieller Beitrag


    Fix has been done in openmediavault 0.4.9, see http://openmediavault.svn.sour…iew=revision&revision=416. Thanks for the research and tip.


    I have added the guest account user to the valid/write user lists, thus the configured user privileges still apply, too.


    P.S.: Please open a new bug report next time, this will speed up the process. Second, i can not read all posts, thus some posts like yours might get missed.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!