SWAT killed my share, access impossible - Suse

This is a discussion on SWAT killed my share, access impossible - Suse ; In my attempts to get to grips with Samba on OpenSUSE 10.2, I got as far as trying to use SWAT. I'm following the Samba guide on the OpenSUSE website. In this guide it says, beside enabling SWAT in xinetd ...

+ Reply to Thread
Results 1 to 8 of 8

Thread: SWAT killed my share, access impossible

  1. SWAT killed my share, access impossible

    In my attempts to get to grips with Samba on OpenSUSE 10.2, I got as far
    as trying to use SWAT. I'm following the Samba guide on the OpenSUSE
    website.

    In this guide it says, beside enabling SWAT in xinetd I need to enable
    smbfs, nfsboot, nfs, xinetd, smb and nmb in the System Services.

    Smbfs and nfs would not enable, I got an error saying they were not
    configured. This isn't covered in the manual, so I'm hunting round the
    web to find more info on this. But in the mean time, SWAT seemed to work
    anyway, so I started exploring.

    This lengthy introduction is because it may have something to do with
    what follows next.

    When you select a share to managa in SWAT, there's a few buttons to
    select the share, to select basic or advanced view, and a button 'delete
    share'

    I accidentally hit this button, and my test share was gone. A pity no
    confirmation is asked with such an important button, but there you have
    it. It isn't a big problem, or so I thought, I'll just remake the share.

    I used the control panel in YaST to make the share anew, with the same
    settings. All according to the Samba guide, so I had the exact same
    settings, with a valid user named 'test'.

    No problems during the configuration, and the share appears again on
    windows clients. But when I tried to enter the share I got the message I
    have no access rights. I double checked I entered the right username and
    password, and it didn't work. And the proper usernames/passwords no
    longer worked on other test shares I had running either.

    I rebooted server and clients and tried again. Now the other shares work
    again but not the deleted and remade one. I checked the smbpassword file,
    and the user 'test' is still there. All seems the same as before the
    deletion by SWAT.

    I'll be trying to add more shares tomorrow and investigate further. I'm
    guessing I'll probably have no issues except with this one share and just
    killing it would solve the issue. But I'd rather understand what went
    wrong, so I learn something from it.

    Any tips on where I need to look, known issues with SWAT,... would be
    very much appreciated.

    Thanks!
    Neko

  2. Re: SWAT killed my share, access impossible

    Hi Neko

    I note that nobody replied!

    As I said I don't use SWAT myself. I tend to follow the old method
    though of modifying smb.conf then stopping smbd, then nmbd then starting
    nmbd then smbd. I am pretty sure though that later versions keep an eye
    on smb.conf changes. The first thing you should have done after
    recreating the share in yast (and seeing the fault) was to stop/start
    these services.

    Are you using XP for access? Note there are a few gotchas that require
    XP policy changes to make things work well. I have a document here
    titled "Windows XP oddities" that you should be able to websearch on.

    If you are using the samba server as a DC or a Windows server as one
    there are a few other issues to check on.

    re the "required" services. nfs shouldn't really be needed unless your
    samba config needs to access data on another unix server. smbfs allows
    you to Windows shares on the Linux filesystem, likewise an optional
    feature. xinetd is the time server daemon. Since W32 clients can get the
    time from a Windows server this is handy (but not essential) service.
    Most older Windows domain login scripts use to have a "net time
    /set /yes" command but current Windows clients are also happy with
    direct ntp.

    Cheers Bob

    KuroNeko wrote:
    ....

    > Any tips on where I need to look, known issues with SWAT,... would be
    > very much appreciated.


  3. Re: SWAT killed my share, access impossible

    Bob Bob wrote in
    news:4e9ak4-f2a.ln1@p400bob.personal.cox.net:

    > As I said I don't use SWAT myself. I tend to follow the old method
    > though of modifying smb.conf then stopping smbd, then nmbd then
    > starting nmbd then smbd. I am pretty sure though that later versions
    > keep an eye on smb.conf changes. The first thing you should have done
    > after recreating the share in yast (and seeing the fault) was to
    > stop/start these services.


    That's how I learned the basics in a crash course Debian Linux. However,
    my boss wants stuff to be managed by GUI, like Windows, with a minimum
    of command line stuff. One must admit that the presentation of settings
    is much clearer in a GUI mode.

    > Are you using XP for access? Note there are a few gotchas that require
    > XP policy changes to make things work well. I have a document here
    > titled "Windows XP oddities" that you should be able to websearch on.


    I'll hunt for it. But my problem (this one at least) is solved. When
    SWAT deleted the share, all users linked to the share (valid users) got
    disabled. How and why, I don't know. I tried to reproduce the problem a
    dozen times, without results. No-one has access to this machine so I'm
    assuming some glitch caused this to happen, it's definitely not a prank
    by a colleague (not that there's anyone near that knows Linux).

    By simply enabling the users, all's well again. At least for this
    particular issue. I'll be sure to keep an eye on user's status whenever
    I work via SWAT.

    > re the "required" services. nfs shouldn't really be needed unless your
    > samba config needs to access data on another unix server. smbfs allows
    > you to Windows shares on the Linux filesystem, likewise an optional
    > feature. xinetd is the time server daemon. Since W32 clients can get


    Do you think the smbfs issue could be the cause of ACL inheritance not
    working?

    I'm still curious why both services aren't starting as suggested by the
    guide. From what I gather, they're suppsoed to start without problems.
    Are they supposed to come configured and is this changed in 10.2?

    Thanks for you help sofar!

    Neko


  4. Re: SWAT killed my share, access impossible

    Hi Neko

    Without delving into the actual smbfs package I don't know exactly what
    it does. Indeed I don't know if a package of that name even exists.
    Mounting smb shares has been within the normal kernel capability for
    some years. ie you use the normal mount command using (I think) cifs as
    the filesystem type. Back in SuSE 6 days there use to be an "smbclient"
    command that did roughly the same thing as well as something like a CLI
    ftp interface for copying files to/from Linux and Windows boxes. I
    understand that with later W32 server versions and
    authentication/certificate issues this older method no longer works.

    http://tldp.org/HOWTO/SMB-HOWTO-8.html looks like the smbfs package of
    old...

    I doubt the above has anything to do with ACL's. I had a brief look and
    note there is a lot on ACL's info online, not to mention the standard
    man page. The usual trap exists by the way that access to a linux samba
    server needs a specific username. If you login anonymously and/or are
    remapped to a guest user account, any access you have is through that
    mapped username. I would guess that ACL's work in that way too. There
    are some far reach "gotchas" if remapping occurs (because of
    misconfiguration) without your knowledge.

    Keep in mind that Linux is not as tightly integrated package and program
    wise as it could be. Many dependencies are of course covered by the rpm
    system but there is always the chance things could be left out. For
    example samba can quite happily talk to an ldap server and the default
    package probably has the support included, but you don't need to install
    ldap to get samba going if it isn't configured to use it. The services
    in a sense are optional depending on what your end use will be. The
    general rule with linux server setups (in my experience) is that you
    must spend some time understanding them and configuring properly rather
    than assuming they will "just work".

    Off to work!

    Cheers Bob

    KuroNeko wrote:
    >
    > Do you think the smbfs issue could be the cause of ACL inheritance not
    > working?
    >
    > I'm still curious why both services aren't starting as suggested by the
    > guide. From what I gather, they're suppsoed to start without problems.
    > Are they supposed to come configured and is this changed in 10.2?


  5. Re: SWAT killed my share, access impossible

    Bob Bob wrote in news:4fqkk4-35o.ln1
    @p400bob.personal.cox.net:

    > some years. ie you use the normal mount command using (I think) cifs as
    > the filesystem type. Back in SuSE 6 days there use to be an "smbclient"


    From what I learned until now is that smbfs is obsolete. It's been replaced
    by CIFS which has limited support for smb. Why it's therefor considered
    necessary for SWAT by the OpenSUSE guide I don't understand.

    > I doubt the above has anything to do with ACL's. I had a brief look and
    > note there is a lot on ACL's info online, not to mention the standard
    > man page. The usual trap exists by the way that access to a linux samba
    > server needs a specific username. If you login anonymously and/or are
    > remapped to a guest user account, any access you have is through that
    > mapped username. I would guess that ACL's work in that way too. There
    > are some far reach "gotchas" if remapping occurs (because of
    > misconfiguration) without your knowledge.


    I'll read up on that, although I am pretty sure no remapping occurs on
    users, as I log in directly on the server using the linux username and
    passwords.

    > general rule with linux server setups (in my experience) is that you
    > must spend some time understanding them and configuring properly rather
    > than assuming they will "just work".


    That I am learning. Not to the entire pelasure of my boss, who is a bit
    disappointed in the much touted Linux.

    Thanks for all your help!

    Neko

  6. Re: SWAT killed my share, access impossible

    Okay last bash Neko!

    I would make the assertion that open source coding has often started as
    someones "functional" project. For this reason help and setup interfaces
    tend to be later add-ons and if done by another party may not address
    all of the configuration issues. I heard it once said that 10% of code
    is functional and 90% of it is to stop the operator making mistakes and
    generally making it look pretty! I don't know SWAT's background but I
    would assume it has to be able to work for various samba versions and
    with or without special functions built into it. My view was is was
    interesting to discover all of the config fields that could be modified
    but after that I went straight back to the smb.conf and vi!

    Early on in your project various people suggest using the command line
    interface. I also made the comment about understanding the service you
    are trying to setup. The information is most often easily available but
    the operator has to supply some thinking rather than the software
    prompting you to with yes's and no's! I think that Linux has certainly
    reached the easy desktop setup stage but many server services have not
    been so lucky. I think the assumption too is that people setting up
    services don't need a fancy/simple interface but newbie desktop users do
    because they aren't likely to understand all of the ins and outs. Lets
    face it, some services have a huge number of config parameters and any
    easy configuration program is going to be huge!

    It does of course also depend on the distro. I would assume for example
    that the SuSE server $ offerings would be better in that regard. I
    remember working on a RH system that came bundled with a HP server some
    years ago. Their server setup interface was quite good. I also worked on
    a SCO Unix server some time back that although having a nice GUI
    configuration screen, popped up a text editor to change the config files
    in! The only think you didnt have to do is search for that file.

    Keep in mind also that any serious setup of Windows server systems also
    requires operating knowledge and often has stuff written at the command
    line and/or in cmd and script files. You could argue that regedit has
    the same/similar complexity to playing with conf files in a Linux /etc
    directory.

    I hope your boss is seeing this as a positive move! I assume some
    thinking is going on to move a corporate MIS to a Linux server base?

    Cheers Bob

    KuroNeko wrote:

    > That I am learning. Not to the entire pelasure of my boss, who is a bit
    > disappointed in the much touted Linux.
    >
    > Thanks for all your help!
    >
    > Neko


  7. Re: SWAT killed my share, access impossible

    SWAT has been around for several years now. There is no requirement
    for SWAT to be able to handle several versions of Samba because SWAT
    is released *with* Samba so your SWAT level will always match your
    Samba level.

    Having said that, SWAT manipulates smb.conf and this is a fairly
    static target. New parameters come along (mostly with sensible
    defaults) and old parameters fall into disuse but at a low level. A
    better place to have raised this would have been at
    news:comp.protocols.smb or news:linux.samba
    linux.samba is better in principle - the developers hang out there -
    but I don't seem to be able to post there with Google.

    To smbfs and cifs fs (and smbclient), smbfs is - I think - no longer
    supported so everyone should move to cifs, but both of them are pretty
    much Linux only. Anyone using Solaris or whatever is pretty much
    stuck with smbclient. There may be exceptions somewhere but not that
    I know of.

    Back to the original problem, they don't tell you to take backups for
    nothing. The last time I used SWAT it reformatted my smb.conf,
    chopping all comments. Backups are g-o-o-d, and I should take
    more ;-)

    A few years back, you used to be able to update smb.conf and changes
    would manifest themselves immediately. I noticed recently (my Samba
    setup is stable so I hardly ever change it) that this is no longer the
    case.


  8. Re: SWAT killed my share, access impossible

    Bob Bob wrote in news:ha3qk4-qn7.ln1
    @p400bob.personal.cox.net:

    Hi Bob

    > I hope your boss is seeing this as a positive move! I assume some
    > thinking is going on to move a corporate MIS to a Linux server base?


    I assume they're thinking about it. Currently running Winserver 2000 and a
    single Winserver 2003, I think they're strapped for financial resources and
    hope to move some of that stuff to Linux. If they have to go out and buy an
    expensive support service, the main reason for switching is gone.

    This whole experience was for me a very interesting one. Personally, I
    think Linux can be a high value platform for servers, if one has a lot of
    time to study the ins and outs of the OS and the various opensource
    applications.

    But I have to admit I don't see myself switching my personal Windows
    machine for OpenSUSE or any other distro. My experiences with the included
    apps was that many of them didn't have a proper basic help file, and a
    quite a few were downright unstable beta software (Krita is a real POS, I
    used it to save screenshots and even for that simple task it chrashed 1 out
    of 2 times. Such unstable software should never have been included in the
    basic package). Nevertheless I will be keeping an eye on the development of
    Linux for the desktop. It's not there yet, not on the userfriendliness
    part, but it has potential and I like many am not happy about Vista, so it
    would be nice to be able to go Linux once XP runs out of updates. There's
    quite an opportunityb there for Linux, hopefully it will be seized.

    Thanks for all your help! I have one more week to go and am now trying to
    install a LAMP server. The Novell guide for that was old, but I've already
    thanks to much help here been able to learn enough to overcome a few
    glitches that happened during the installation.

    Neko

+ Reply to Thread