Debian Samba - Mixture of protected and public folders - Win 7 Client - windows

I have a Debian box running samba on a small home network.
The smb.conf is as follows:
[global]
workgroup = workgroup
netbios name = loftserver
security = user
map to guest = bad user
guest account = smbguest
[share]
path = /storage/share
writeable = yes
guest ok = yes
public = yes
browseable = yes
[prot]
path = /storage/prot
read only = no
browseable = yes
guest ok = no
create mask = 0666
directory mask = 0777
valid users = pwuser
all works perfectly well for linux clients. The share folder is public - no issues. The prot (protected) folder works as it should, users are prompted for the username and password of pwuser.
I set these using:
smbpasswd -a pwuser
then changed ownership of the folder with:
chown -R pwuser:pwuser /storage/prot
As said all works fine with Linux clients.
The problem occurs on a Windows 7 client.
They can browse to \\loftserver\share without a problem. Browsing to \\loftserver\prot gives them the password prompt. They enter in the correct details -- yet get an authentication error (access denied).
/var/log/samba/log.smbd gives the following error:
[2012/02/20 23:47:33.023285, 1] smbd/service.c:678(make_connection_snum)
create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
Any suggestions? I'm sure its something simple I have overlooked.

Problem solved.
I removed the line
valid users = pwuser
From the config.
The folder remains protected by pwuser and password authentication, but works fine for win7 and XP clients.
A strange one, that I do not understand!

Related

Windows doesn't automatically find local devices

I have a local network with a printer, laptop, desktop and a Raspberry Pi that acts as SMB NAS + Kodi + Pi-Hole + a whole lot more.
For a very long time my PC (Win10-latest) would not automatically find some other local network attached devices. The only ones that it would find would be Printer, Router and Kodi (streaming + library).
If I tried mapping a network drive manually or tried to access the local IP of device manually, it would work and then the device would appear under network. (workaround but still annoying)
I have tried all the solutions I could find online to enable automatic discovery with no luck:
Set WiFi to be private
Enable sharing + discovery
Make sure workgroup is WORKGROUP
Manually enable UpNP, SSDP + 2x Function Discovery services
Check firewall settings and allow File and Printer Sharing (LLMNR-UDP-In) for Domain
Weird thing is, my Android phone with SolidExplored had no problem finding other local devices including the SMB.
Eventually I tried the net view command and it came up with:
net view
System error 384 has occurred.
You can't connect to the file share because it's not secure. This share requires the obsolete SMB1 protocol, which is unsafe and could expose your system to attack.
So I checked smbstatus on my Raspberry and it said it is connected with SMB3_11. I then manually modified my smb.conf file on the Raspberry to be server min protocol = SMB2 but the System error 384 continued.
I then enabled SMB 1.0/CIFS File Sharing Support from Turn Windows Features on or off restarted my PC and all my local network devices appear!
I would like to know if anyone else experienced the same issues? I don't even understand what I have misconfigured.
# Global parameters
[global]
log file = /var/log/samba/log.%m
logging = file
map to guest = Bad User
max log size = 1000
obey pam restrictions = Yes
pam password change = Yes
panic action = /usr/share/samba/panic-action %d
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
passwd program = /usr/bin/passwd %u
server min protocol = SMB2
server role = standalone server
unix password sync = Yes
usershare allow guests = Yes
idmap config * : backend = tdb
guest ok = Yes
[homes]
comment = Home Directories
create mask = 0775
directory mask = 0775
read only = No
valid users = %S
[printers]
browseable = No
comment = All Printers
create mask = 0700
guest ok = No
path = /var/spool/samba
printable = Yes
[print$]
comment = Printer Drivers
guest ok = No
path = /var/lib/samba/printers
[R]
comment = 8Tb HD Raspberry Downloads
create mask = 0775
directory mask = 0775
force group = pi
force user = pi
path = /media/pi/Raspberry/Downloads/
read only = No
wide links = Yes
[Private]
comment = 8Tb HD Raspberry Private
create mask = 0775
directory mask = 0775
force group = pi
force user = pi
guest ok = No
path = /media/pi/Raspberry/Private/
read only = No
wide links = Yes
The issue was missing wsdd. Installed it, setup a systemd service with a few changes and all works perfect now.

Connect to Oracle database using ROracle with tnsnames.ora on Mac OS 10.10

Followup to Installation of RODBC/ROracle packages on OS X Mavericks...
First of all, I have installed ROracle on Mac OS 10.10.3 (Yosemite) using the answer provided by #joran. Additionally, using the start-up plist file to set DYLD_LIBRARY_PATH, I can run library(ROracle), and it loads just fine. However, I am unable to connect to my database with a tnsnames.ora file. I have added the TNS_ADMIN variable to the .Renviron file, which RStudio seems to pick up:
> Sys.getenv("TNS_ADMIN")
[1] "opt/oracle/instantclient_11_2/network/admin"
When I run the following, for example
con <- dbConnect(drv = dbDriver("Oracle"), dbname = "db", username = "user", password = "pw")
, I get the error
Error in .oci.Connect(.oci.drv(), username = username, password = password, :
ORA-12154: TNS:could not resolve the connect identifier specified
In addition, I have also added the TNS_ADMIN environment variables to .bash_profile, but that didn't help.
NOTE 1: I have already used the tnsnames.ora file to connect to the database with SQL Developer, so I'm fairly confident the issue is something external to the content of the file.
NOTE 2: I can in fact connect using ROracle with something like:
# see example at http://www.oralytics.com/2015/05/loading-json-data-into-oracle-using.html
host <- "localhost"
port <- 1521
service <- "pdb12c"
drv <- dbDriver("Oracle")
connect.string <- paste(
"(DESCRIPTION=",
"(ADDRESS=(PROTOCOL=tcp)(HOST=", host, ")(PORT=", port, "))",
"(CONNECT_DATA=(SERVICE_NAME=", service, ")))", sep = "")
con <- dbConnect(drv, username = "dmuser", password = "dmuser", dbname = connect.string)
I double checked my tnsnames.ora file and it's in the exact same format as connect.string, so I'm thinking it's just not actually being seen by RStudio, even though Sys.getenv("TNS_ADMIN") gives me the correct path. Alternatively, it could be that the name required by the dbname argument on Mac is different than Windows.
Any help would be greatly appreciated! Thanks!
I've seen many recommendations online for adding environment variables on Yosemite to be accessed by RStudio. The only one that has fully worked for me, at least so far, is to add all environment variables to the plist file. You can add as many variables as you want, which is described by #MortimorGoro in Setting environment variables via launchd.conf no longer works in OS X Yosemite/El Capitan/macOS Sierra?.
So my solution here was to just add TNS_ADMIN to plist!
For those of you that got here but are on Windows 7, on my workstation I have to use a TNSnames.ora file (also utilizing TNS_ADMIN environment variable)(Located in: C:\app - see 2nd screenshot), I got the following to work:
library(RODBC)
channel <- odbcConnect("PERMIT_DEV_odbc",
uid = "POWDERED_TOAST_MAN",
pwd = "dev_NONE_OF_YOUR_BEEZNEEZ",
believeNRows = FALSE)
testsql <- "select sysdate from dual;"
query <- sqlQuery(channel = channel,
query = testsql)
1 Click on the Start button (in windows 7)
2 Start typing, "odbc" and look for "set up data sources (ODBC)" or something like that.
3 Add your connection based off your TNS file.
4 there's also a "test connection" button you should use to verify connectivity!
Hope this helps!

One Windows 2008 R2 server can't connect to samba share, others can

Hi I have the following Samba configuration
[root#PCP66STORAGE04 log]# testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
WARNING: The "null passwords" option is deprecated
Processing section "[public]"
Processing section "[data]"
Processing section "[recstore66]"
WARNING: The security=share option is deprecated
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
[global]
server string = Data Centre Server Version %v
security = SHARE
null passwords = Yes
log file = /var/log/samba/log.%m
max log size = 50
preferred master = Yes
default service = global
winbind use default domain = Yes
idmap config * : backend = tdb
path = /var/local/public
read only = No
guest ok = Yes
cups options = raw
[public]
comment = Public Stuff
create mask = 0755
[data]
path = /var/local/data
[recstore66]
comment = recstore66
path = /var/local/samba/recstore66
[root#PCP66STORAGE04 log]#
One of my windows 2008 servers can not browse the Samba recstore66 share, but others can do this just fine. The server that can not connect is on the same subnet, has same gateway etc. They can ping each other.
Not sure what's going on here, can you please point me in the right direction?
Thanks.
My Windows server was using SMB2.
running
To disable SMBv2 and SMBv3 on the SMB client, run the following commands:
sc.exe config lanmanworkstation depend= bowser/mrxsmb10/nsi
sc.exe config mrxsmb20 start= disabled
fixed it :D

Java 7 WatchService does not generate events when registered directory is on a network drive

I know this was asked elsewhere a year ago but I'm looking for any updates please.
I have a program in Java 7 that uses WatchService to monitor a directory for new files being created there. If I register a directory on my local machine (e.g. c:\NewFiles) then all is fine. However when I try to get it to listen to a folder on a network drive it compiles and runs but exits straight away because it doesn't seem to get notified of any events.. here is just a fragment of my code...
private final WatchService watcher;
private final Map<WatchKey, Path> keys;
this.watcher = FileSystems.getDefault().newWatchService();
this.keys = new HashMap<>();
I register the directory...
String srcDirPath = "G:\\NewFiles";
Path dir = Paths.get(srcDirPath);
WatchKey key = dir.register(watcher, ENTRY_CREATE, ENTRY_DELETE, ENTRY_MODIFY);
keys.put(key, dir);
then at the end of the loop that checks for events...
if (keys.isEmpty()) {
System.out.println("Drive is inaccessible");
break;
}
Here I always get the "Drive is inaccessible" warning. I tried copying my Java files to this network directory and running them from there but I get the same problem.
Is it possible to run Watchservice like this from a local machine to listen to changes to a directory on a network drive? Am I getting a permission or firewall problem here? I am using Windows 7 and most likely the network drive is also on a Windows 7 machine.

BITS credential problem

I have a service to download file using credential domain\user but get this error :
ErrorCode [-2147023582] 80070522
Description [A required privilege is not held by the client.]
ErrorContext [RemoteFileError]
at Windows Server 2003 64 bits
I'm setting credential so :
bc.AuthenticationScheme = AuthenticationScheme.Negotiate;
bc.AuthenticationTarget = AuthenticationTarget.Server;
The user has full access rights on source and destination folders.
Using SharpBits library.
It seems to be missing some right of access yet. Any suggestions?
[EDIT]
It seems that there is some failure in resource access provided by the BITS service.
Still investigating.
[EDIT]
Investigating the rights to use BITS.
-with the command "sc sdshow bits" I get this output on the environment where it works :
D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)
(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)
(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)
S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
-where the copy does not work :
D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)
(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)
(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)
(A;;CR;;;AU)
(A;;CCLCSWRPWPDTLOCRRC;;;PU)
S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
The solution : added the user "NT AUTHORITY\NETWORK" permissions to read at folders in all remote hosts.
That's it.

Resources