Posted on 06-19-2012 06:20 AM
The OS is CentOS 6.2, JSS 8.52 running fine on it.
Here's what I've got so far:
$yum install samba
$sudo useradd -d /home/casperadmin casperadmin -s /bin/false -N
$sudo useradd -d /home/casperinstall casperinstall -s /bin/false -N
$sudo passwd casperadmin
$sudo passwd casperinstall
$sudo smbpasswd -a casperadmin
$sudo smbpasswd -a casperinstall
$sudo mkdir /srv/samba/CasperShare
$sudo chown casperadmin /srv/samba/CasperShare
$ls -al /srv/samba/
drwxr-xr-x. 2 casperadmin root 4096 Jun 19 08:15 CasperShare
Contents of /etc/samba/smb.conf file:
[global] workgroup = MYGROUP security = user passdb backend = tdbsam
[CasperShare] comment = CasperShare path = /srv/samba/CasperShare browseable = yes guest ok = no read only = no create mask = 0755 read list = casperinstall write list = casperadmin
Result:
Both casperadmin and casperinstall can mount and read from the share, but casperadmin cannot write to it. When mounting CasperShare from my Mac using the casperadmin and attempting to copy a file to it, I first get a Mac authentication window, then the error "Items can't be copied to "CasperShare" because you don't have permission to read them."
Thanks all for any help/suggestions. Much appreciated. :)
Posted on 06-19-2012 06:44 AM
Have you checked your samba logs for a specific error? Be sure to have "valid users" or "valid groups" along with your read/write list of users or groups.
Here is an example of a share in my current smb.conf which is a per-share authentication basis:
[Storage]
read list = nobody,jamie,@samba_admin,@samba_readonly
admin users = @samba_admin, jamie
write list = jamie
force directory mode = 0775
force group = samba_admin
create mask = 0775
public = yes
user = nobody,jamie,@samba_admin,@samba_readonly
path = /storage1/files
read list = nobody,jamie,@samba_admin,@samba_readonly
admin users = @samba_admin, jamie
write list = jamie
force directory mode = 0775
force group = samba_admin
create mask = 0775
public = yes
user = nobody,jamie,@samba_admin,@samba_readonly
path = /storage1/files
force create mode = 0775
force user = root
comment = ...
directory mask = 0775
valid users = jamie,@samba_admin,@samba_readonly
guest only = yes
Myself (jamie) as well as anyone in the "samba_admin" group can write to this share. Anybody authenticated as guest (nobody) or in the "samba_readonly" group will only have read only privileges. The permissions are setup as the owner is me (jamie), group is samba_admin, and permissions are 755 for both files and directories. The samba server itself is setup for share level authentication (for what its worth).
I hope this helps.
J.I.
Posted on 06-20-2012 05:44 AM
I set up a server here with Centos 6.2, and I actually found it much easier to get AFP up & running (never could get SMB to work right...).
Great information here:
http://www003.upp.so-net.ne.jp/hat/netatalk/rpm.html
And look here for configuration info:
http://netatalk.sourceforge.net/2.0/htmldocs/AppleVolumes.default.5.html
Posted on 06-20-2012 05:49 AM
check out what jamie suggested. also, you might want to change the group from root to something else with write privs on the share.
i'm setting up something similar but will probably use netatalk. in the past, netatalk has been a little easier to configure, at least.
Posted on 06-20-2012 05:59 AM
I currently use Netatalk for my Mac's TimeMachine backup to my server, which is rather convenient. It was a little cumbersome to get working initially, but in time and tweaking the AppleVolume.defaults yielded a worthwhile endeavor.
My /usr/local/etc/netatalk.conf:
ATALK_UNIX_CHARSET='LOCALE'
ATALK_MAC_CHARSET='MAC_ROMAN'
export ATALK_UNIX_CHARSET
export ATALK_MAC_CHARSET
My /usr/local/etc/AppleVolumes.default:
:DEFAULT: options:upriv,usedots
/storage1/backup/jamie "Time Machine" options:tm,usedots,upriv,perm,cnidserver:localhost:4700 ea:auto allow:jamie rwlist:jamie
I don't find that Samba is too difficult to setup but that's an unfair opinion considering I have considerably more experience with it. I know that Samba has more options when it comes to authentication, security, permissions, and network tuning. That is especially so when it comes with integration with a Windows environment. You always have the option of Webmin, but that has been known to produce config files that may work but fails the Samba "sanity" check. Samba does have the "Swat" web interface as well, but that isn't as well organized as the Webmin interface. Both may be good places to start. I rather like the options that Samba has for security/permissions with SMB/CIFS shares though.
Unfortunately, NFS doesn't come bundled with a wealth of security options natively. There are a number of configurations options that can be done to allow specific hosts, and user/group permissions. http://tldp.org/HOWTO/NFS-HOWTO/security.html
If NFS is the route you want to go for Linux/UNIX compatibility, don't let your Windows clients hold you back. Install Windows Services for UNIX to get NFS support in Windows. http://www.microsoft.com/en-us/download/details.aspx?id=274
If security is a must, tunneling through SSH or VPN (I'm a fan of OpenVPN myself and use Tunnelbrick on my Mac; you can also setup SSH tunnels with authentication or keys). You can tunnel Samba, Netatalk, NFS, etc.
J.I.
Posted on 06-22-2012 06:47 AM
Well it turns out the problem was caused by SELinux. Disabling it fixed the problem... that's not ideal, but it'll work until I can figure out how to configure it properly.
Thanks for the tips... I may try configuring AFP as well.
Posted on 06-22-2012 08:23 AM
I found this very useful when doing the same thing - http://wiki.centos.org/HowTos/SetUpSamba