On Sat, 2006-03-25 at 21:39 -0700, Craig White wrote: > On Sat, 2006-03-25 at 18:14 -0800, Knute Johnson wrote: > > I've been trying to get Samba to work for a long time and I think I'm > > close now. I can see my network from Linux with only one small > > issue. Sometimes the first time I try to open a share with Nautilus > > (is is still Nautilus in FC5?) it give me an error message that I > > might not have permission. The next time I try it it opens just > > fine. It isn't all shares, just some that do that. They are all > > Windows shares though. > > > > My real problem is seeing my Linux shares on the Windows box. They > > show up in the My Network Places but when I try to open them I get > > KJLAPTOP\share is not accessible ... Access Denied. This problem was > > with directories I created. If I share /usr/share for example I can > > see it just fine. I've played with setting the SELinux context with > > chcon but I got nowhere. What is different about a directory I > > create and one that is already there? > > > > I have my Samba server settings configured for Authentication Mode = > > Share, Encrypt Passwords = Yes, Guest Account = No Guest Account, and > > the only Samba user is nobody. That doesn't seem to matter anyway. > > The Share is configured as Writable, Visible and Allow Access to > > everyone. The ports are open. > > > > It works when I use a directory that was already there but not with a > > directory I create. I want to create a directory in /var. Anybody > > got any ideas? > > > > My system is recent FC5 upgrade from FC4. No other problems seen. > ---- > I typically only use samba as a domain controller or member server - > which means that I never use 'security = share' which is somewhat of a > legacy mode Windows file share - meant to mimic the sharing methodology > employed by Windows 95/98 where there isn't really a user involved. > > You are creating issues with SELinux running and I can't help with FC-5 > since I haven't gone there but on FC-4, I probably could have helped. > Obviously, you are going to see avc denied messages pertaining to samba > trying to share directories that don't have the proper context. > > My thoughts are that you shouldn't share /usr/share directory via samba > - I can't think of a single logical reason to do that. I have shared > things out of /var like /var/www/html via samba and that is workable and > obviously, you can create your own directories in /var tree and only > need to fix the selinux contexts again to permit it. I would suggest > that you post your selinux errors - here or on the fedora-selinux list > (better) because here, the only likely help you will get is Paul Horwath > at this point. > > Anyway, I typically have all my samba shares in the /home tree, for > example: > > /home/filessystems > /home/filessystems/samba > /home/filessystems/samba/netlogon > /home/filessystems/samba/shared_files > /home/filessystems/samba/profiles > /home/filessystems/samba/homes > > and I can pretty much avoid the selinux issues. First step in diagnosing whether or not a problem is SELinux is to try: # setenforce 0 If the problem goes away then it's SELinux. If not, look elsewhere for the problem. Paul.
