Ubuntu-fr

malbo

[Résolu] Trusty merdouille avec Samba

Il y a un bug de Samba qui affecte aussi bien le partage de dossier personnel (usershares) que le partage de dossier du système de fichiers (shares). Les symptômes sont variés : soit on ne peut carrément pas créer un partage de dossier personnel, soit on ne peut pas accéder à la liste des partages depuis un autre ordi, soit on est refusé quand on rentre son mot de passe depuis l'ordi distant. Cela donne pas mal de rapports de bugs puisque les symptômes sont différents mais chez moi, il n'y a qu'un seul remède qui soit nécessaire et suffisant et je l'ai trouvé dans ce commentaire #12 du rapport de Bug #1261873 
Il faut modifier le fichier /etc/samba/smb.conf pour ajouter le caractère ";" (le point-virgule) en tête de la ligne "valid users = %S"

Avant modif :

#======================= Share Definitions =======================

# Un-comment the following (and tweak the other settings below to suit)
# to enable the default home directory shares. This will share each
# user's home directory as \\server\username
;[homes]
;   comment = Home Directories
;   browseable = no

# By default, the home directories are exported read-only. Change the
# next parameter to 'no' if you want to be able to write to them.
   read only = yes

# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
   create mask = 0700

# Directory creation mask is set to 0700 for security reasons. If you want to
# create dirs. with group=rw permissions, set next parameter to 0775.
   directory mask = 0700

# By default, \\server\username shares can be connected to by anyone
# with access to the samba server.
# The following parameter makes sure that only "username" can connect
# to \\server\username
# This might need tweaking when using external authentication schemes
   valid users = %S

Après modif (c'est la dernière ligne - "valid users = %S" - qui est modifiée par ajout du point-virgule en tête) :

#======================= Share Definitions =======================

# Un-comment the following (and tweak the other settings below to suit)
# to enable the default home directory shares. This will share each
# user's home directory as \\server\username
;[homes]
;   comment = Home Directories
;   browseable = no

# By default, the home directories are exported read-only. Change the
# next parameter to 'no' if you want to be able to write to them.
   read only = yes

# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
   create mask = 0700

# Directory creation mask is set to 0700 for security reasons. If you want to
# create dirs. with group=rw permissions, set next parameter to 0775.
   directory mask = 0700

# By default, \\server\username shares can be connected to by anyone
# with access to the samba server.
# The following parameter makes sure that only "username" can connect
# to \\server\username
# This might need tweaking when using external authentication schemes
;  valid users = %S

Le commentaire #12 du rapport de Bug #1261873 indique qu'il faudrait même modifier les autres lignes "read only = yes", "create mask = 0700" et "directory mask = 0700" pour leur faire le même traitement (mettre le point-virgule en tête de ligne) mais moi je me contente de modifier seulement la ligne "valid users = %S" comme j'ai indiqué.
Il faut redémarrer l'ordi après modif du fichier smb.conf pour que la modif soit prise en compte par Samba.

Dernière modification par malbo (Le 04/04/2014, à 09:13)

malbo

Re : [Résolu] Trusty merdouille avec Samba

Je viens de faire des essais de mise à niveau 12.04 vers 14.04 et je confirme ce foutu bug de samba.
Avant de lancer la mise à niveau, je vérifie bien qu'il y a le point-virgule en tête des 4 lignes :
read only = yes
create mask = 0700
directory mask = 0700
valid users = %S
Et à l'issue de la mise à niveau, je constate que Samba ne fonctionne pas (j'ai pas accès aux partages depuis une autre machine). Je constate également que le point-virgule a disparu en tête des 4 lignes précitées.

Je me contente d'appliquer la modif décrite dans le post #1 (ajout du point-virgule en tête de la ligne "valid users = %S") et de redémarrer l'ordi et après cela Samba fonctionne et j'accède aux partages depuis l'autre machine.

EDIT1 : je revérifie à cette occasion ce que j'ai signalé tout au début du post #1 à savoir que le bug concerne aussi bien usershares que shares

EDIT2 : on dirait que ça s'agite quand même dans les derniers commentaires du rapport de Bug #1261873 : https://bugs.launchpad.net/ubuntu/+sour … ug/1261873

Dernière modification par malbo (Le 01/04/2014, à 12:57)

malbo

Re : [Résolu] Trusty merdouille avec Samba

Effectivement, il y a eu une mise à jour de Samba (passage à la version 2:4.1.3+dfsg-2ubuntu5) que j'ai faite aujourd'hui. j'ai accepté le version du responsable du paquet (justement pour pouvoir apprécier les modifs qui seraient faites dans le fichier smb.conf). Dans ce qui suit, je n'ai gardé que la partie impactée par les modifs (j'ai viré le début et la fin : j'ai viré ce qui était ma partie privée du fichier) :
Avant mise à jour (Extrait du smb.conf) :

# If you are using encrypted passwords, Samba will need to know what
# password database type you are using.  
;	passdb backend = tdbsam

	obey pam restrictions = yes

# This boolean parameter controls whether Samba attempts to sync the Unix
# password with the SMB password when the encrypted SMB password in the
# passdb is changed.
	unix password sync = yes

# For Unix password sync to work on a Debian GNU/Linux system, the following
# parameters must be set (thanks to Ian Kahan <<kahan@informatik.tu-muenchen.de> for
# sending the correct chat script for the passwd program in Debian Sarge).
	passwd program = /usr/bin/passwd %u
	passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .

# This boolean controls whether PAM will be used for password changes
# when requested by an SMB client instead of the program listed in
# 'passwd program'. The default is 'no'.
	pam password change = yes

# This option controls how unsuccessful authentication attempts are mapped
# to anonymous connections
	map to guest = bad user

########## Domains ###########

#
# The following settings only takes effect if 'server role = primary
# classic domain controller', 'server role = backup domain controller'
# or 'domain logons' is set 
#

# It specifies the location of the user's
# profile directory from the client point of view) The following
# required a [profiles] share to be setup on the samba server (see
# below)
;   logon path = \\%N\profiles\%U
# Another common choice is storing the profile in the user's home directory
# (this is Samba's default)
#   logon path = \\%N\%U\profile

# The following setting only takes effect if 'domain logons' is set
# It specifies the location of a user's home directory (from the client
# point of view)
;   logon drive = H:
#   logon home = \\%N\%U

# The following setting only takes effect if 'domain logons' is set
# It specifies the script to run during logon. The script must be stored
# in the [netlogon] share
# NOTE: Must be store in 'DOS' file format convention
;   logon script = logon.cmd

# This allows Unix users to be created on the domain controller via the SAMR
# RPC pipe.  The example command creates a user account with a disabled Unix
# password; please adapt to your needs
; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u

# This allows machine accounts to be created on the domain controller via the 
# SAMR RPC pipe.  
# The following assumes a "machines" group exists on the system
; add machine script  = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u

# This allows Unix groups to be created on the domain controller via the SAMR
# RPC pipe.  
; add group script = /usr/sbin/addgroup --force-badname %g

############ Misc ############

# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
;   include = /home/samba/etc/smb.conf.%m

# Some defaults for winbind (make sure you're not using the ranges
# for something else.)
;   idmap uid = 10000-20000
;   idmap gid = 10000-20000
;   template shell = /bin/bash

# Setup usershare options to enable non-root users to share folders
# with the net usershare command.

# Maximum number of usershare. 0 (default) means that usershare is disabled.
;	usershare max shares = 100

# Allow users who've been granted usershare privileges to create
# public shares, not just authenticated ones
	usershare allow guests = yes

#======================= Share Definitions =======================

# Un-comment the following (and tweak the other settings below to suit)
# to enable the default home directory shares. This will share each
# user's home directory as \\server\username
;[homes]
;   comment = Home Directories
;   browseable = no

# By default, the home directories are exported read-only. Change the
# next parameter to 'no' if you want to be able to write to them.
;	read only = yes

# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
	create mask = 0700

# Directory creation mask is set to 0700 for security reasons. If you want to
# create dirs. with group=rw permissions, set next parameter to 0775.
	directory mask = 0700

# By default, \\server\username shares can be connected to by anyone
# with access to the samba server.
# The following parameter makes sure that only "username" can connect
# to \\server\username
# This might need tweaking when using external authentication schemes
	valid users = %S
	username map = /etc/samba/smbusers
	security = user
;	encrypt passwords = yes
;	guest ok = no
;	guest account = nobody

# Un-comment the following and create the netlogon directory for Domain Logons
# (you need to configure Samba to act as a domain controller too.)
;[netlogon]
;   comment = Network Logon Service
;   path = /home/samba/netlogon
;   guest ok = yes
;   read only = yes

# Un-comment the following and create the profiles directory to store
# users profiles (see the "logon path" option above)
# (you need to configure Samba to act as a domain controller too.)
# The path below should be writable by all users so that their
# profile directory may be created the first time they log on
;[profiles]
;   comment = Users profiles
;   path = /home/samba/profiles
;   guest ok = no
;   browseable = no
;   create mask = 0600
;   directory mask = 0700

[printers]
	comment = All Printers
	browseable = no
	path = /var/spool/samba
	printable = yes
;	guest ok = no
;	read only = yes
	create mask = 0700

# Windows clients look for this share name as a source of downloadable
# printer drivers
[print$]
	comment = Printer Drivers
	path = /var/lib/samba/printers
;	browseable = yes
;	read only = yes
;	guest ok = no
# Uncomment to allow remote administration of Windows print drivers.
# You may need to replace 'lpadmin' with the name of the group your
# admin users are members of.
# Please note that you also need to set appropriate Unix permissions
# to the drivers directory for these users to have write rights in it
;   write list = root, @lpadmin

Après mise à jour (extrait correspondant du smb.conf) :

# If you are using encrypted passwords, Samba will need to know what
# password database type you are using.  
   passdb backend = tdbsam

   obey pam restrictions = yes

# This boolean parameter controls whether Samba attempts to sync the Unix
# password with the SMB password when the encrypted SMB password in the
# passdb is changed.
   unix password sync = yes

# For Unix password sync to work on a Debian GNU/Linux system, the following
# parameters must be set (thanks to Ian Kahan <<kahan@informatik.tu-muenchen.de> for
# sending the correct chat script for the passwd program in Debian Sarge).
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .

# This boolean controls whether PAM will be used for password changes
# when requested by an SMB client instead of the program listed in
# 'passwd program'. The default is 'no'.
   pam password change = yes

# This option controls how unsuccessful authentication attempts are mapped
# to anonymous connections
   map to guest = bad user

########## Domains ###########

#
# The following settings only takes effect if 'server role = primary
# classic domain controller', 'server role = backup domain controller'
# or 'domain logons' is set 
#

# It specifies the location of the user's
# profile directory from the client point of view) The following
# required a [profiles] share to be setup on the samba server (see
# below)
;   logon path = \\%N\profiles\%U
# Another common choice is storing the profile in the user's home directory
# (this is Samba's default)
#   logon path = \\%N\%U\profile

# The following setting only takes effect if 'domain logons' is set
# It specifies the location of a user's home directory (from the client
# point of view)
;   logon drive = H:
#   logon home = \\%N\%U

# The following setting only takes effect if 'domain logons' is set
# It specifies the script to run during logon. The script must be stored
# in the [netlogon] share
# NOTE: Must be store in 'DOS' file format convention
;   logon script = logon.cmd

# This allows Unix users to be created on the domain controller via the SAMR
# RPC pipe.  The example command creates a user account with a disabled Unix
# password; please adapt to your needs
; add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u

# This allows machine accounts to be created on the domain controller via the 
# SAMR RPC pipe.  
# The following assumes a "machines" group exists on the system
; add machine script  = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u

# This allows Unix groups to be created on the domain controller via the SAMR
# RPC pipe.  
; add group script = /usr/sbin/addgroup --force-badname %g

############ Misc ############

# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
;   include = /home/samba/etc/smb.conf.%m

# Some defaults for winbind (make sure you're not using the ranges
# for something else.)
;   idmap uid = 10000-20000
;   idmap gid = 10000-20000
;   template shell = /bin/bash

# Setup usershare options to enable non-root users to share folders
# with the net usershare command.

# Maximum number of usershare. 0 (default) means that usershare is disabled.
;   usershare max shares = 100

# Allow users who've been granted usershare privileges to create
# public shares, not just authenticated ones
   usershare allow guests = yes

#======================= Share Definitions =======================

# Un-comment the following (and tweak the other settings below to suit)
# to enable the default home directory shares. This will share each
# user's home directory as \\server\username
;[homes]
;   comment = Home Directories
;   browseable = no

# By default, the home directories are exported read-only. Change the
# next parameter to 'no' if you want to be able to write to them.
;   read only = yes

# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
;   create mask = 0700

# Directory creation mask is set to 0700 for security reasons. If you want to
# create dirs. with group=rw permissions, set next parameter to 0775.
;   directory mask = 0700

# By default, \\server\username shares can be connected to by anyone
# with access to the samba server.
# Un-comment the following parameter makes sure that only "username"
# can connect to \\server\username
# This might need tweaking when using external authentication schemes
;   valid users = %S

# Un-comment the following and create the netlogon directory for Domain Logons
# (you need to configure Samba to act as a domain controller too.)
;[netlogon]
;   comment = Network Logon Service
;   path = /home/samba/netlogon
;   guest ok = yes
;   read only = yes

# Un-comment the following and create the profiles directory to store
# users profiles (see the "logon path" option above)
# (you need to configure Samba to act as a domain controller too.)
# The path below should be writable by all users so that their
# profile directory may be created the first time they log on
;[profiles]
;   comment = Users profiles
;   path = /home/samba/profiles
;   guest ok = no
;   browseable = no
;   create mask = 0600
;   directory mask = 0700

[printers]
   comment = All Printers
   browseable = no
   path = /var/spool/samba
   printable = yes
   guest ok = no
   read only = yes
   create mask = 0700

# Windows clients look for this share name as a source of downloadable
# printer drivers
[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no
# Uncomment to allow remote administration of Windows print drivers.
# You may need to replace 'lpadmin' with the name of the group your
# admin users are members of.
# Please note that you also need to set appropriate Unix permissions
# to the drivers directory for these users to have write rights in it
;   write list = root, @lpadmin

Fichier différence des deux fichiers précédents :

$ diff smb.conf_avant_maj_20140402 smb.conf_apres_maj_20140402
3c3
< ;	passdb backend = tdbsam
---
>    passdb backend = tdbsam



108c108
< 	create mask = 0700
---
> ;   create mask = 0700


112c112
< 	directory mask = 0700
---
> ;   directory mask = 0700


119,124c119
< 	valid users = %S
< 	username map = /etc/samba/smbusers
< 	security = user
< ;	encrypt passwords = yes
< ;	guest ok = no
< ;	guest account = nobody
---
> ;   valid users = %S


148,154c143,149
< ;	guest ok = no
< ;	read only = yes
---
>    guest ok = no
>    read only = yes


159,163c154,158
< ;	browseable = yes
< ;	read only = yes
< ;	guest ok = no
---
>    browseable = yes
>    read only = yes
>    guest ok = no

Commentaire : les 4 lignes dont il est question dans mes posts précédents ont bien été corrigées. Par contre, on voit qu'il y a d'autres modifs (voir EDIT) dont je ne sais pas si elles sont nocives ou pas : on verra à l'usage. Pour l'heure, je constate que la connerie principale qui concernait la ligne "valid users = %S" a été rectifiée.

EDIT le 4 avril 2014 : en fait, en comparant avec un smb.conf d'une installation de Ubuntu 12.04 qui fonctionne bien, je crois que ces "autres modifs" sont dues au fait que mon fichier "Avant mise à jour (Extrait du smb.conf)" n'était pas correct pour une raison indéterminée : est-ce que c'est la version précédente de samba qui m'avais créé ces anomalies ou est-ce moi qui ai pourri ce fichier, je ne sais pas. Toujours est-il que l'état du smb.conf après mise à jour - tel qu'on peut le voir ci-dessus dans le fichier "Après mise à jour (extrait correspondant du smb.conf)" - est correct et je passe le titre de cette discussion en "Résolu"

Dernière modification par malbo (Le 04/04/2014, à 09:13)

Quaza

Re : [Résolu] Trusty merdouille avec Samba

Il te suffit d'installer ---> sudo apt-get install system-config-samba
Puis tu va te créer un utilisateur. N'oublie pas de mettre WORKGROUP dans nom Windows au dessus ton nom.
Pour finir un mot de passe. Tout fonctionnera parfaitement.

N'oublie pas de désactiver les partages en place de dossier s'il y en a déjà avant d'en ajouter sur system-config-samba.

---

http://www.kerneldesign.net

malbo

Re : [Résolu] Trusty merdouille avec Samba

Quaza,
Merci. J'utilise déjà system-config-samba dans Trusty. Mais ce n'est pas le sujet de la présente discussion qui porte sur des bogues de la version en développement de Ubuntu (Trusty = future Ubuntu 14.04). Les anomalies que j'avais rencontrées sont résolues, c'est pourquoi j'ai modifié le titre de ce fil pour mentionner "Résolu". Ce qui ne signifie pas - loin de là - que tous les bogues de Samba dans Trusty soient résolus.

Dernière modification par malbo (Le 05/04/2014, à 09:09)