Fedora Core 6 Problems


Recommended Posts

OK kids this just keeps getting better and better. I have Fedora Core 6 up and running and everything is fine up until the point that I have Samba running. I have the folder I want networked and mapped in windows but when I go to copy or put new on the drive, it says read ristriced. So I went into putty and chmoded everything to 777 but still not letting me in. Is SELinux the problem? I am going to shut it off and try. I went in and changed it to allow SMB connections.

Link to post
Share on other sites

I am no samba expert, but I do this with my computer. I am not totally sure this is nessesary, but it works for me. Make sure you set a samba password for one of the users on your linux computer

smbpasswd -a user

then it will prompt you to set a password, I usually leave mine blank.

Then when I log into it from windows, it will prompt me for the username and password.

Link to post
Share on other sites

OK I did that when I setup my account. I will go back and redo it and see what happens but again that should not be a problem.

I am no samba expert, but I do this with my computer. I am not totally sure this is nessesary, but it works for me. Make sure you set a samba password for one of the users on your linux computer

smbpasswd -a user

then it will prompt you to set a password, I usually leave mine blank.

Then when I log into it from windows, it will prompt me for the username and password.

Link to post
Share on other sites

In the past I was having a problem and it turned out that I did not have the correct path set(typo) in my smb.conf. Double check the paths you have. If it helps take a look at my config file. I like to see how other people do things

[global]
server string = Samba Server %v
map to guest = Bad User
log file = /var/log/samba3/log.%m
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
hosts allow = 192.168.1.

[movies]
path = /mnt/media/movies/
writable = yes


[avi]
path = /mnt/media/avi
writable = yes


[music]
path = /mnt/media/music
writeable = yes


[share]
path = /mnt/media/share
writable = yes

[brighteyed]
path = /mnt/media/brighteyed
writable = yes

Edited by shanenin
Link to post
Share on other sites

Here is mine.

; /etc/samba/smb.conf

[global]
workgroup = goemann
netbios name = 100GBfileserver
server string = 100GBfileserver

security = user
encrypt passwords = yes

local master = yes
domain master = yes
preferred master = yes
null passwords = no
hide unreadable = no
hide dot files = yes
wins support = no

# [printers]
# browseable = yes
# guest ok = yes
# printable = yes
# public = yes

[Shared]
browseable = yes
read only = no
path = /shared
available = yes
public = yes
writable = yes

I just copy over everything from server to server. I mean it is all the same as far as I know.

Edited by Buddy Holly
Link to post
Share on other sites

SELINUX is most likely the problem

setsebool -P smbd_disable_trans 1

this will diable SELinux on SAMBA when it runes

see http://www.mjmwired.net/resources/mjm-fedora-fc6.html

Firewall and SELinux Users

Run system-config-securitylevel

Firewall Options:

To allow Samba access to work through your firewall you must set 'Samba' as a 'Trusted service'.

SELinux:

Modify SELinux Policy > Samba Disable SELinux protection for smbd daemon

On the command line you can run:

[root@charon ~]# setsebool -P smbd_disable_trans 1

Run man samba_selinux for more help.

For any changes made above to the SELinux settings or smb.conf, it is recommended to restart Samba.

Link to post
Share on other sites

Ok I ran what you said to turn SELinux off. here is the thing I got from putty.

[root@localhost ~]# setsebool -P smbd_disable_trans

Usage: setsebool [ -P ] boolean value | bool1=val1 bool2=val2...

is that correct or what is wrong?

Also, it did not help in the problem. I am not sure what the deal is but I can not write to the shared folder.

Link to post
Share on other sites

OK I changed the name from Shared to Storage and to a different folder and all is well. I also think turning off SELInux helped.

OK I put in the correct line this time and got back to the command prompt.

Now I have also restarted samba. and still not working yet. I mean what is the deal?

you did not give a value

setsebool -P smbd_disable_trans 1

setsebool -P smbd_disable_trans

Link to post
Share on other sites

its built in the Kernel, and you don't what to delete it, but learn how to use it. setbool is a Red Hat tool that sets the value of a setting in RC.d so it should be that way from now on.

this may help

http://fedora.redhat.com/docs/selinux-faq-....html#id2825207

Link to post
Share on other sites

OK I will look into it but most times then not, I shut it off. I mean I have it shut off on my two other CentOS boxes.

its built in the Kernel, and you don't what to delete it, but learn how to use it. setbool is a Red Hat tool that sets the value of a setting in RC.d so it should be that way from now on.

this may help

http://fedora.redhat.com/docs/selinux-faq-....html#id2825207

Link to post
Share on other sites

if they are not production boxes, you can turn it off using the system-config-securitylevel to turn it all off.

If this is production, I would encourage you to learn it, as it is the correct way to secure a server from malicious attack. Its like a firewall where you can set permissions on individual files.

We use it in a MLS configuration so I must use it.

here is a better site

http://www.mjmwired.net/resources/mjm-fedora-fc6.html

http://fedora.redhat.com/docs/selinux-faq-fc5/#id2922533

Edited by iccaros
Link to post
Share on other sites

How do you determine production boxes? These are simple file servers that just sit there and provide file storage.

if they are not production boxes, you can turn it off using the system-config-securitylevel to turn it all off.

If this is production, I would encourage you to learn it, as it is the correct way to secure a server from malicious attack. Its like a firewall where you can set permissions on individual files.

We use it in a MLS configuration so I must use it.

here is a better site

http://www.mjmwired.net/resources/mjm-fedora-fc6.html

http://fedora.redhat.com/docs/selinux-faq-fc5/#id2922533

Link to post
Share on other sites
How do you determine production boxes? These are simple file servers that just sit there and provide file storage.
if they are not production boxes, you can turn it off using the system-config-securitylevel to turn it all off.

If this is production, I would encourage you to learn it, as it is the correct way to secure a server from malicious attack. Its like a firewall where you can set permissions on individual files.

We use it in a MLS configuration so I must use it.

here is a better site

http://www.mjmwired.net/resources/mjm-fedora-fc6.html

http://fedora.redhat.com/docs/selinux-faq-fc5/#id2922533

I think that iccaros is talking about servers that are mission critical in a business environment, servers that are critical to the survival of a business.

Link to post
Share on other sites

My thought is I feel pretty safe behind my router. I even mentioned using empty passwords. I would not think twice about turning it off. Think of all the computers that have windows file sharing set. The only requirements to have access are to have the same workgroup name.

Edited by shanenin
Link to post
Share on other sites
My thought is I feel pretty safe behind my router.

Yep, me too, a router works well, does the job:-)

iccaros may disagree with us on this. I mentioned in the past that I just used a nat router as a firewall, and he said it does not offer much protection.

Link to post
Share on other sites

By Production I mean that they are used for Bussiness and are facing outside a firewall. These are servers that do production work that people on the web access. With these I lock way down.

If its just a home server, or small business that these are behind a firewall I see no reason not to turn it off,

but I would suggest learning SELinux. For Government work and Banks this kind of protection is becoming important and Pays better than not knowing it. I also use it for VM servers that server web pages in place OS where it was standard to use Jar's or Chroot partitions.

an yes I do not agree that a NAT router is Good enough, expecialy if you have a Redmond build OS running as it does not stop from hacking it (just lessens the scanning)

but running Linux (or other *nix) that is properly configured (root can't log in remote and you must SU or SUDO after logging in) is probaly safe behind just a NAT

Link to post
Share on other sites
My thought is I feel pretty safe behind my router.

Yep, me too, a router works well, does the job:-)

Same here. When I was running Debian I worked out an elaborate iptables script that served me well. When I switched to Ubuntu I didn't bother bringing it over. Didn't seem worth the trouble.

Link to post
Share on other sites

I understand the main security of a nat router is just invisibility. If they don't know you are there, they won't waste any time. I do have a couple of forwarded ports in the 20000 range, but they are closed. Worst case senario, lets say somebody scanned the higher ports, and found me at a certain address, is it still a challenge to pass through the nat router? Will 99% of hackers just move on, or do you think they would try and get through the router?

Link to post
Share on other sites

I have a nat router, Linksys. I think I am pretty safe but if you guys think that SELinux is ok just with the default config of it, as in installed, I will leave it. I mean for the most part these are simple home file servers and maybe one day way down the road, might be web server again, maybe, then again, maybe not.

I understand the main security of a nat router is just invisibility. If they don't know you are there, they won't waste any time. I do have a couple of forwarded ports in the 20000 range, but they are closed. Worst case senario, lets say somebody scanned the higher ports, and found me at a certain address, is it still a challenge to pass through the nat router? Will 99% of hackers just move on, or do you think they would try and get through the router?
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...