Everyone:
After several days of fruitless effort I have to bring this to the community. Since I upgraded to F27, I have never been able to sustain any viable network connection to other computers on my network that run Windows 10. Which means if I ever have to transfer files between or among them, I have to use USB flash drives or even USB-connectable moveable HDD's.
Now I suppose I could buy a spare Western Digital Passport for this application. But I would like to know what I'm missing.
For the record:
The computer I'm typing this on, that runs F27, presently has a wireless connection to the network. I hope, within the next two months, to move to an environment where I can connect this computer to the network using a MoCA adapter, a switch in the room, and a coaxial connector in the wall to connect this computer, a printer, and maybe a laptop if I bring it into the same room. That never used to make any difference, but yes, I'm going to try to "remedy" that "fault" (if anyone here chooses to find fault with using a wireless connection).
The Samba workgroup is named Home. That's case-sensitive.
I have User authentication on the Samba server.
I created Samba user accounts for every Fedora user account on this machine--all three of them.
With F26, I could always look up Home under Samba Shares and find it. But now--nothing. And even specifying Home gets a not-found-here kind of message.
The Services application shows that both smb and nmb are running.
So what's wrong, where might the fault lie, and how do I correct it?
Temlakos
On 11/28/2017 03:51 PM, Temlakos wrote:
Everyone:
After several days of fruitless effort I have to bring this to the community. Since I upgraded to F27, I have never been able to sustain any viable network connection to other computers on my network that run Windows 10. Which means if I ever have to transfer files between or among them, I have to use USB flash drives or even USB-connectable moveable HDD's.
Now I suppose I could buy a spare Western Digital Passport for this application. But I would like to know what I'm missing.
For the record:
The computer I'm typing this on, that runs F27, presently has a wireless connection to the network. I hope, within the next two months, to move to an environment where I can connect this computer to the network using a MoCA adapter, a switch in the room, and a coaxial connector in the wall to connect this computer, a printer, and maybe a laptop if I bring it into the same room. That never used to make any difference, but yes, I'm going to try to "remedy" that "fault" (if anyone here chooses to find fault with using a wireless connection).
The Samba workgroup is named Home. That's case-sensitive.
I have User authentication on the Samba server.
I created Samba user accounts for every Fedora user account on this machine--all three of them.
With F26, I could always look up Home under Samba Shares and find it. But now--nothing. And even specifying Home gets a not-found-here kind of message.
The Services application shows that both smb and nmb are running.
So what's wrong, where might the fault lie, and how do I correct it?
By default, F27 now uses SMB 3.0x. If your server is SMB 1.0, try specifying "vers=1.0" in the mount command, e.g.:
mount -t cifs -o username=$user,password=$password,vers=1.0 //winsrvr/share /mnt
Not sure if they autonegotiate well or not. M$ has always hidden that stuff fairly well and Samba is a reverse-engineered solution. ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, AllDigital ricks@alldigital.com - - AIM/Skype: therps2 ICQ: 226437340 Yahoo: origrps2 - - - - Have you noticed that "human readable" configuration file - - directives are beginning to resemble COBOL code? - ----------------------------------------------------------------------
Il giorno mar, 28/11/2017 alle 18.51 -0500, Temlakos ha scritto:
Everyone:
So what's wrong, where might the fault lie, and how do I correct it?
NOTE: If you share with us the output of "testparm -s" we can better help you
Some test, send us the output
On Fedora 27, hostname=fedora-name
$ testparm -s
$ smbclient -L fedora-name -U valid-fedora-user
$ smbclient //fedora-name/share1 -U valid-fedora-user
$ ping ip.of.win.10
$ ping win10-name
$ smbclient -L win10-name -U valid-win10-user
$ smbclient //win10-name/share1 -U valid-win10-user
On Win10, open file manager then go to on fedora-name type:
\fedora-name\
or
\ip.of.win.10\
Let us know
NOTE: last week i have setup on Fedora 27 server + samba 4.7 + bind + dhcp an Active directory Domain Controller without problem[1] with some Win10 + Win7 + Centos7 Member server
[1] with this work around: https://bugzilla.redhat.com/show_bug.cgi?id=1496307
On 11/29/2017 03:47 AM, Dario Lesca wrote:
Il giorno mar, 28/11/2017 alle 18.51 -0500, Temlakos ha scritto:
Everyone:
So what's wrong, where might the fault lie, and how do I correct it?
NOTE: If you share with us the output of "testparm -s" we can better help you
Some test, send us the output
On Fedora 27, hostname=fedora-name
$ testparm -s
$ smbclient -L fedora-name -U valid-fedora-user
$ smbclient //fedora-name/share1 -U valid-fedora-user
$ ping ip.of.win.10
$ ping win10-name
$ smbclient -L win10-name -U valid-win10-user
$ smbclient //win10-name/share1 -U valid-win10-user
On Win10, open file manager then go to on fedora-name type:
\fedora-name\
or
\ip.of.win.10\
Let us know
NOTE: last week i have setup on Fedora 27 server + samba 4.7 + bind + dhcp an Active directory Domain Controller without problem[1] with some Win10 + Win7 + Centos7 Member server
[1] with this work around: https://bugzilla.redhat.com/show_bug.cgi?id=1496307
$ testparm -s
Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[homes]" Processing section "[printers]" Processing section "[Temlakos]" Processing section "[workshop]" Processing section "[gamester]" Loaded services file OK. Server role: ROLE_STANDALONE
# Global parameters [global] interfaces = lo p37p1 wlp3s0 192.168.1.0/24 log file = /var/log/samba/log.%m max log size = 50 security = USER server string = Samba Server Version %v workgroup = HOME idmap config * : backend = tdb cups options = raw hosts allow = 127. 192.168.
[homes] browseable = No comment = Home Directories read only = No
[printers] browseable = No comment = All Printers path = /var/spool/samba printable = Yes
[Temlakos] comment = Temlakos home guest ok = Yes path = /home/Temlakos read only = No
[workshop] comment = Public files from the workshop guest ok = Yes path = /home/workshop/Public read only = No
[gamester] comment = Gamester account path = /home/gamester read only = No valid users = gamester
$smbclient -L temlakos -U Temlakos Enter HOME\Temlakos's password:
Sharename Type Comment --------- ---- ------- Temlakos Disk Temlakos home workshop Disk Public files from the workshop gamester Disk Gamester account IPC$ IPC IPC Service (Samba Server Version 4.7.3) EPSON-XP-860-Series Printer EPSON XP-860 Small-in-one Reconnecting with SMB1 for workgroup listing.
Server Comment --------- -------
Workgroup Master --------- ------- HOME CLOUDONE
Now on the Win10 machine, this host doesn't even show up.
CLOUDONE, by the way, is a 24-TB NAS.
Temlakos
Il giorno mer, 29/11/2017 alle 06.49 -0500, Temlakos ha scritto:
[gamestergamester] comment = Gamester account path = /home/gamester read only = No valid users = gamester
$smbclient -L temlakos -U Temlakos
If you do this command:
$ smbclient //temlakos/gamester -U Temlakos
you should connect to your folder
and if you do "ls" see the contents of the folder.
and if you do "mkdir test" create a new folder
Is this OK?
From Windows You can connect to Fedora type "\temlakos" into file manager
Is this OK?
Is SElinux disabled or enable? if enabled, is configured like /etc/samba/smb.conf.example show?
Let us know
On 11/29/2017 07:39 AM, Dario Lesca wrote:
Il giorno mer, 29/11/2017 alle 06.49 -0500, Temlakos ha scritto:
[gamestergamester] comment = Gamester account path = /home/gamester read only = No valid users = gamester
$smbclient -L temlakos -U Temlakos
If you do this command:
$ smbclient //temlakos/gamester -U Temlakos
you should connect to your folder
and if you do "ls" see the contents of the folder.
and if you do "mkdir test" create a new folder
Is this OK?
Negative. Here is the output:
smbclient //temlakos/gamester -U Temlakos
tree connect failed: NT_STATUS_ACCESS_DENIED
From Windows You can connect to Fedora type "\temlakos" into file manager
Is this OK?
Now /that/ works. I can't understand why the file manager won't list it normally as a browseable system. But when I specify it, I can get it.
Now: once I have it, I can only connect to one particular account. Happily, the account I'm connecting to, is the account having the largest amount of data. This is crucial, because I face an imminent HDD failure. (The outputs of satactl and fsck include some dire warnings, and attempt to clone the HDD using Acronis True Image /failed/, and the bearings have been balefully noisy of late.) So I need to back up my data *now* while preparing to:
1. Install two SSD, one 120 GB and one 1 TB.
2. Install F27 "clean" on those two drives, with the 120 GB SSD mounting as "/" (root) and the 1 TB SSD mouting as /home.
More on that in another thread. But the bottom line is: I need to re-establish some kind of network connectivity so I can rescue my data.
Is SElinux disabled or enable?
Enabled.
if enabled, is configured like /etc/samba/smb.conf.example show?
I wouldn't know how to test that.
Let us know
Feel free to ignore this BUT, I'm confused where Windows 10 is fitting into this. I see an smb.conf that looks like it's setup for a server with a bunch of shares. And I also see the use of smbclient for testing. So I think it needs to be more clear what is the server, and what is the client.
Also, if you're using Samba server, it matters if you're using avahi-daemon for local dns resolution, or NetBIOS, or Active Directory. SMB is pretty dense, it all has to be configured correctly. And then there's which services are running on Samba server, for the NetBIOS stuff you need 'systemctl start nmb smb' but quite honestly I've found connecting from a Windows 10 client to Samba to always be flakey. The most reliable has been manually inputing \f27s into the search field in a Windows Explorer window and I always connect successfully. Browing, rarely does F27S appear.
From Fedora 27 Workstation (GNOME), I have a similar problem browsing with the Windows Network icon because gvfs smb is not capable of initiating with SMB3 unless Kerberos is setup, and I haven't gone down that rabbit hole.
So what I'm doing on Fedora Server (running samba server) in /etc/samba/smb.conf is
[global] server min protocol = SMB2
Because I really don't want SMB1 enabled anymore. But as a consequence, my understanding is that disables browsing support unless you have one of he more sophisticated browsing methods enabled (which is quickly where I get into the weeds, but NetBIOS and nmb is one method, and the preferred new method is with SMB3 and AD and Kerberos for authentication). But because I've basically hobbled all the legacy and new method ways of browsing, I have to manually input the server. BUT I can do it with an mdns hostname rather than setting up a static address.
So for me, in GNOME, I use connect to server, and enter smb://f27s.local/scratch/, and then click Connect and I get an authentication dialog, the share mounts and everything is fine, and it's actually an SMB3.11 connection. So it's encrypted and it's fast. And this also works with newer MacOS's as well.
*sigh*
One thing I had to do for some reason I don't understand is 'dnf install nss' in order to get Avahi to actually discover and translate f27s.local into an IP. I don't know why nss is needed to make Avahi really work rather than just sort of work. And why it's not installed by default. I haven't tested that out yet. Next I modified /etc/nsswitch.conf such that the hosts line reads like this:
hosts: files mdns_minimal [NOTFOUND=return] dns myhostname
The default is to use mdns4_minimal, which causes it to resolve the mdns host name into an IPv4 rather than IPv6. So now when I do smb, ssh, or scp connections by f27s.local, this gets resolved into an IPv6. That is almost certainly superfluous information you probably want to just get it working with IPv4 for now.
Negative. Here is the output:
smbclient //temlakos/gamester -U Temlakos
tree connect failed: NT_STATUS_ACCESS_DENIED
This sounds to me like it wants to do a Kerberos authenticated connection... I have this same error message when I try to print to a printer that does not have guest ok = yes.
From Windows You can connect to Fedora type "\temlakos" into file manager
Is this OK?
Now that works. I can't understand why the file manager won't list it normally as a browseable system. But when I specify it, I can get it.
Right that's this ancient SMB1 stuff that's slowly being deprecated both on the Windows and Samba side. And then the lack of configuration for NetBIOS as the old new way which is now the new legacy. And also not having Kerberosized AD authentication setup.
And my terminology here is probably shit. I have the baseball in the ball field, but it may be a foul ball.
if enabled, is configured like /etc/samba/smb.conf.example show?
I wouldn't know how to test that.
I don't see anything in my /etc/samba/smb.conf related to selinux. What does matter is the root mount point must have the proper selinux label.
For example I have these connections from client to server: smb://f27s.local/scratch/ smb://f27s.local/most/ smb://f27s.local/tm/
And those translate into directories /srv/most, /srv/scratch, /srv/tm, and those have these permissions:
[chris@f27s ~]$ ls -lZ /srv total 0 drwxr-x---. 1 chris smbusers system_u:object_r:samba_share_t:s0 218 Nov 6 20:22 most drwxr-x---. 1 chris smbusers system_u:object_r:samba_share_t:s0 534 Dec 16 15:43 scratch drwxr-x---. 3 chris smbusers system_u:object_r:samba_share_t:s0 74 Aug 21 22:42 tm [chris@f27s ~]$
But the proper label is not news, it's been this way for a long time, it's not a new thing in Fedora 27. Now that I think about it, these permissions seem a little specious. I'd kinda expect the owner to be root to prevent any normal user from having rwx access. And then smbusers should be rwx to grant smbd alone the permission to rmx. And then it's up to smbd to manage authentication and user permissions inside this directory.
HUH. Anyway. It works and I'm not changing this today.
-
Chris Murphy -
Dario Lesca -
Rick Stevens -
Temlakos