Issue with Samba Dperson config?

killmasta93 · May 30, 2022, 3:00am

HI
Currently need to configure a docker samba for a printer which only has smbv1 to scan

i was reading the wiki but could not figure out how to configure it,
as the printer needs one user called scanner with full access and other user to only read that folder I was thinking maybe like this?

but cant seem to create the docker compose file correctly this is what i have so far

version: '3.4'

services:
  samba:
    image: dperson/samba
    networks:
      - default
    ports:
      - "137:137/udp"
      - "138:138/udp"
      - "139:139/tcp"
      - "445:445/tcp"
    read_only: true
    tmpfs:
      - /tmp
    restart: unless-stopped
    stdin_open: true
    tty: true
    volumes:
      - /folder/mnt2:/mnt2:z
    command: '-S "-s "scan;/mnt2;yes;no;no;scaner" -u "scaner;mypassword" -p'
    command: '-S "-s "scan;/mnt2;yes;yes;no;user" -u "user;mypassword" -p'
networks:

matthiasradde · May 31, 2022, 6:01am

Hello,
two command:-lines within the docker-compose.yml are not good. Put all needed options into one line.

Instead of using one share-name with different permissions for different users I would opt for two shares (pointing to the same linux-directory) each with its own user and permissions.

So the one long command:-line would read:

command: '-S -s "scan;/mnt2;yes;no;no;scaner" -s "scan_ro;/mnt2;yes;yes;no;user" -u "scaner;mypassword" -u "user;mypassword" -p -n'

Another idea work according to the documentation

...
    -s \"<name;/path>[;browse;readonly;guest;users;admins;writelist;comment]\"
                Configure a share
                required arg: \"<name>;</path>\"
                <name> is how it's called for clients
                <path> path to share
                NOTE: for the default value, just leave blank
                [browsable] default:'yes' or 'no'
                [readonly] default:'yes' or 'no'
                [guest] allowed default:'yes' or 'no'
                NOTE: for user lists below, usernames are separated by ','
                [users] allowed default:'all' or list of allowed users
                [admins] allowed default:'none' or list of admin users
                [writelist] list of users that can write to a RO share
                [comment] description of share
...

would be

command: '-S -s "scan;/mnt2;yes;yes;no;user,scaner;none;scaner;Scanner-Share" -u "scaner;mypassword" -u "user;mypassword" -p -n'

which is a read-only-share for user user but should be writeable by user scaner. The user scaner is mentioned in the list of users and as writeable-user!

killmasta93 · May 31, 2022, 6:43pm

Thank you so much for the reply, currently when i try to raise the docker compose im getting this error

root@hera:~# docker-compose up
Creating network "root_default" with the default driver
Creating root_samba_1 ...

ERROR: for root_samba_1  No closing quotation

ERROR: for samba  No closing quotation
Traceback (most recent call last):
  File "docker-compose", line 3, in <module>
  File "compose/cli/main.py", line 81, in main
  File "compose/cli/main.py", line 203, in perform_command
  File "compose/metrics/decorator.py", line 18, in wrapper
  File "compose/cli/main.py", line 1186, in up
  File "compose/cli/main.py", line 1182, in up
  File "compose/project.py", line 702, in up
  File "compose/parallel.py", line 108, in parallel_execute
  File "compose/parallel.py", line 206, in producer
  File "compose/project.py", line 688, in do
  File "compose/service.py", line 564, in execute_convergence_plan
  File "compose/service.py", line 480, in _execute_convergence_create
  File "compose/parallel.py", line 108, in parallel_execute
  File "compose/parallel.py", line 206, in producer
  File "compose/service.py", line 478, in <lambda>
  File "compose/service.py", line 457, in create_and_start
  File "compose/service.py", line 341, in create_container
  File "compose/container.py", line 48, in create
  File "docker/api/container.py", line 428, in create_container
  File "docker/api/container.py", line 433, in create_container_config
  File "docker/types/containers.py", line 703, in __init__
  File "docker/utils/utils.py", line 464, in split_command
  File "shlex.py", line 310, in split
  File "shlex.py", line 299, in __next__
  File "shlex.py", line 109, in get_token
  File "shlex.py", line 191, in read_token
ValueError: No closing quotation
[10101] Failed to execute script docker-compose

this is the docker compose file

root@hera:~# cat docker-compose.yml
version: '3.4'

services:
  samba:
    image: dperson/samba
    networks:
      - default
    ports:
      - "137:137/udp"
      - "138:138/udp"
      - "139:139/tcp"
      - "445:445/tcp"
    read_only: true
    tmpfs:
      - /tmp
    restart: unless-stopped
    stdin_open: true
    tty: true
    volumes:
      - /folder/mnt2:/mnt2:z
    command: '-S -s "scan;/mnt2;yes;yes;no;user;none;scaner;Scanner-Share" -u "scaner;12345" -u "user;54321 -p -n'
networks:
      default:

then it seemed that i had to add a " end of the “user;mypassword”

then it was able to go up the container
But whats odd is that i try to access the share i put in the username and password of the scaner it keeps asking it
as if its incorrect which is very odd

Thank you

matthiasradde · June 1, 2022, 4:31am

Sorry for the typo (the missing " after the second password) in my original post - it is corrected now.

I have tested my original version (a little extended)

command: '-w PRIVAT -s "scaner_ro;/mnt2;yes;yes;no;alice,bob;none;none;Scaner Volume RO" -s "scaner_rw;/mnt2;yes;no;no;alice;none;none;Scaner Volume RW" -u "alice;pwa" -u "bob;pwb" -n -p'

which was working as expected - alice and bob are able to read from share scaner_ro but not write to it + alice was able to write to share scaner_rw but bob was not able to access this share.

But using the second idea I had the same problem as you - the writeable-user was not able to login . So I added it to the list of (ro-)users and now it was working as expected (alice and bob can read but only alice can write to the share)

command: '-w PRIVAT -s "scaner;/mnt2;yes;yes;no;alice,bob;none;alice;Scaner Volume" -u "alice;pwa" -u "bob;pwb" -n -p'

I have updated my answer above to have the correct syntax.

killmasta93 · June 2, 2022, 4:11am

Thank you so much for the reply that worked wonderful what i did was added the -S because the scanner only works with smbv1

command: '-w PRIVAT -S -s "scaner;/mnt2;yes;yes;no;alice,bob;none;alice;Scaner Volume" -u "alice;pwa" -u "bob;pwb" -n -p'

Thank you

killmasta93 · June 9, 2022, 3:01am

hi @matthiasradde quick question currently its working for the computers but on our scanner machine because it uses smbv1 does not seem to work, i put another VM install samba without docker using this global config and it worked not sure how i can replicate on docker?

[global]

## Browsing/Identification ###
ntlm auth = ntlmv1-permitted
client min protocol = NT1
min protocol = NT1

matthiasradde · June 28, 2022, 8:12pm

hello @killmasta93
sorry for the delay - was on holiday without access to my test-environment.
Have checked the file /usr/bin/samba.sh which is the entrypoint of the container:
There is a parameter ‘-g’ which adds/replaces a line to/within smb.conf’s global-section.
So (according to this file) if should be sufficient to add this as additional parameters to your command-line:
-g "ntlm auth = ntlmv1-permitted" -g "client min protocol = NT1" -g "min protocol = NT1"

killmasta93 · June 30, 2022, 5:18am

Thank you so much, that did the trick