Samba
Samba server comes from Debian software repositories. The openmediavault project does not maintain this package, all bugs, hotfixes and features come from Debian.
General
The server configures Samba as standalone mode. The default global section
[global]
workgroup = HOME
server string = %h server
dns proxy = no
log level = 0
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
syslog only = yes
panic action = /usr/share/samba/panic-action %d
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = no
unix password sync = no
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
socket options = TCP_NODELAY IPTOS_LOWDELAY
guest account = nobody
load printers = no
disable spoolss = yes
printing = bsd
printcap name = /dev/null
unix extensions = yes
wide links = no
create mask = 0777
directory mask = 0777
use sendfile = yes
aio read size = 16384
aio write size = 16384
null passwords = no
local master = yes
time server = no
wins support = no
A default share example:
[MyDocuments]
path = /media//dev/disk/by-label/VOLUME1/Documents/
guest ok = no
read only = no
browseable = yes
inherit acls = yes
inherit permissions = no
ea support = no
store dos attributes = no
printable = no
create mask = 0755
force create mode = 0644
directory mask = 0755
force directory mode = 0755
hide dot files = yes
valid users = "john"
invalid users =
read list =
write list = "john"
openmediavault automatically configures shadow copies if the shared folder is on a BTRFS file system and if there are snapshots available. These are exposed as Previous Versions to Windows clients.
It is possible to add extra options in the general and share configuration page. Options that are managed by openmediavault can be customized via environmental variables.
Permissions
The login access in Samba is configured using permissions. This means they will not act in the file system layer, they will run in the Samba authentication layer. From there the access can be controlled to be read only or read/write access and guest account access. This is done with the Permissions
button in the shared folder section, not the ACL.
Permissions only gets login access and from there determines if user can read or write. If write access is enabled but files/folders have restricted permissions then write access is not possible using Samba.
Important
Samba does not use PAM for login, it has a different password database. When the admin changes a username password (or the user changes their own) using the web interface what openmediavault does is that it changes both the linux login password and the Samba internal database. If a username changes their password using shell, this will not be reflected in Samba log in.
Questions
- How do I enter credentials in a semi-public share?
In most cases the user will always be logged as guest. Use Windows map network drive feature to provide other login credentials different from guest. In Mac OS X use CMD+K (if using Finder)
- Why the login keeps saying access denied?
- This is more likely caused by two things:
Permission issue (ACL or non default POSIX permission mode/ownership). Fix the permissions in the shared folder. Samba runs as privileged (root) user, even so if parts of path don’t have adecuate permissions, it will still respond access denied.
Out of sync password in between linux and Samba. This is very rare but it has happened. Test in ssh the following [tt]smbpasswd username[/tt] enter password and try and login again.
- Why I can’t edit files that other users have created?
The default umask in Samba is
644
for files. To enable flexible sharing check Enable permission inheritance in the Samba share settings, this will force664
creation mode. Files created previously need to change their permission mode. Check also that you don’t have read only enabled. This option overrides privileges and POSIX.