Re: [Samba] Samba Windows 7 and logon scripts
I had the same problem. I fixed it with the following in smb.conf: ... preexec = /usr/local/bin/netlogon %U logon drive = X: logon script = %U.bat ; logon path = \\%L\profiles\%U ; logon home = \\%N\%U ... [netlogon] comment = The domain logon service path = /home/netlogon ; read only = yes public = no writeable = no browsable = no Regards, Dario. -- View this message in context: http://samba.2283325.n4.nabble.com/Samba-Windows-7-and-logon-scripts-tp2532596p3396892.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] ACL not working
Using Samba+winbind 3.3.8 as a fileserver on a Win2008 domain. getent and wbinfo is reporting correct informations about users. However, my groups directories are allowing people who shouldn't .. From the shell everything is working as expected, but not from samba.. What did I miss !? Exported share: /export/users drwxr-x---+ 7 root root 4096 Mar 18 14:57 group# (teams directories) \ tech \--- prod - Working from shell # su prod-user $ ls tech/ ls: tech/: Permission denied - Not working from smbclient # smbclient -U prod-user //fileserver/share Domain=[FOO] OS=[Unix] Server=[Samba 3.3.8-0.52.el5_5.2] smb: \> cd group/tech/ smb: \group\tech\> -- Group -- # getent group | grep prod-user prod:*:10004:prod-user,(...) -- Acls -- # file: group # owner: root # group: root user::rwx group::r-x group:domain\040users:r-x mask::r-x other::--- # file: group/tech # owner: root # group: root user::--- group::--- group:tech:rwx mask::rwx other::--- default:user::--- default:group::--- default:group:tech:rwx default:mask::rwx default:other::--- -- Build options -- # smbd -b | grep -i acl HAVE_SYS_ACL_H HAVE_ACL_LIBACL_H HAVE_POSIX_ACLS vfs_acl_tdb_init vfs_acl_xattr_init pdb_ldap pdb_smbpasswd pdb_tdbsam rpc_lsarpc rpc_winreg rpc_initshutdown rpc_dssetup rpc_wkssvc rpc_svcctl2 rpc_ntsvcs2 rpc_netlogon rpc_netdfs rpc_srvsvc rpc_spoolss rpc_eventlog2 rpc_samr idmap_ldap idmap_tdb idmap_passdb idmap_nss nss_info_template auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin vfs_default vfs_posixacl -- smb.conf -- [global] workgroup = FOO realm = FOO.BAR local master = no domain master = no preferred master = no server string = SOVO File Server security = ads encrypt passwords = yes password server = dc1.foo.bar, dc2.foo.bar log level = 3 log file = /var/log/samba/%m max log size = 50 load printers = no printcap name = /dev/null disable spoolss = yes show add printer wizard = no client ntlmv2 auth = yes winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind nested groups = Yes winbind refresh tickets = yes winbind reconnect delay = 15 winbind separator = + winbind cache time = 120 winbind nss info = rfc2307 winbind offline logon = true passdb backend = tdbsam idmap negative cache time = 120 idmap cache time = 900 idmap config FOO : backend = ad idmap config FOO : readonly = yes idmap config FOO : schema_mode = rfc2307 idmap config FOO : range = 1-40 idmap uid = 1-2 idmap gid = 1-2 nt acl support = no acl check permissions = true acl compatibility = auto acl group control = no acl map full control = false [share] path = /export/users writable = yes browseable = yes hide unreadable = yes hide dot files=yes hide files=/lost+found/ valid users = @tech @man @prod -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Upgrade from Samba 3.0.33 to 3.5.8 woes
Did you update the schema on the ldap? Maybe you should. Im right know doing it. I don't know how many changes are in the schema between 3.0.33 and 3.5.x. Im migrating from 3.0.24 to 3.2.X and if I don't upgrade the schema the "password must change time" dosen't work. What do you mean about the dc has a new time? I was referring to the domain sid. > The new DC has a new time. We do use LDAP. Which SID are you > referring to? The local SID is new on the new DC, but the domain sids > are the same. > > On Tue, Mar 22, 2011 at 10:23 PM, wrote: >> The same happend to me. >> But I didn't have the time to analize the problem. I solve it by >> changing >> the name of the server. Same ip, but new name and everything works now. >> >> It would be great to know if there is another workaround. >> >> Did you keep the sid of the pdc after the change? >> Did you use ldap? >> >> Bye. >> >>> Greetings, >>> >>> I just did a major upgrade to our Samba infrastructure. >>> >>> I previously had a domain controller and share running 3.0.33 (on one >>> box, one samba instance) >>> >>> I set up a new domain controller running 3.5.8, made that the PDC for >>> our domain, and changed the (now former) domain controller running >>> 3.0.33 to just be a member. Additionally, we moved the IP from the >>> old DC to the new DC (and subsequently gave the former DC, now just a >>> member and file share a new IP) >>> >>> Now I am having some strange issues. >>> >>> Windows machines in our London office (which is connected via a tunnel >>> between some Cisco ASA's from HQ to London) can no longer see the >>> domain (which is at HQ) UNLESS we disable the Windows firewall on the >>> workstations OR add exceptions to the firewall for the PDC. Machines >>> at HQ see the domain fine. Now, the PDC has the SAME IP as the old >>> domain. So it's not like the rules would need to be any different >>> anyway. Frankly, I don't quite understand how this worked before - >>> but it did! Did something change between 3.0.x and 3.5.x which would >>> cause this behavior and is there a fix? I am hoping to not have to >>> run through and change all of the firewalls on all of our workstations >>> (especially since we can't do so via netlogon scripts etc as they >>> won't see the domain!) Worth noting, our machines all have an lmhosts >>> file which tells them where to go for the domain, hence why we moved >>> the IP from the old dc to the new dc. >>> >>> Second problem.. users can't access our file share (which was formerly >>> the domain controller, now just a member) when connected via our VPN >>> (a juniper ssl vpn). The VPN drops them into the same network as if >>> they are in the office -- and it works fine if you are in the office. >>> Yet, if you come in via VPN you received "no logon servers available" >>> errors. Mac users connecting to the file share via SMB have no >>> problem. The following error is logged in smbd.log (redacted my >>> specific names): >>> >>> domain_client_validate: unable to validate password for user >>> $username in domain $mydomain to Domain controller $mypdc. Error was >>> NT_STATUS_UNSUCCESSFUL. >>> >>> >>> >>> Happy to provide any additional info.. I'm baffled! All of this >>> worked before without problems. >>> >>> Thanks, >>> Ryan >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions: https://lists.samba.org/mailman/options/samba >>> >> >> >> > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Upgrade from Samba 3.0.33 to 3.5.8 woes
The new DC has a new time. We do use LDAP. Which SID are you referring to? The local SID is new on the new DC, but the domain sids are the same. On Tue, Mar 22, 2011 at 10:23 PM, wrote: > The same happend to me. > But I didn't have the time to analize the problem. I solve it by changing > the name of the server. Same ip, but new name and everything works now. > > It would be great to know if there is another workaround. > > Did you keep the sid of the pdc after the change? > Did you use ldap? > > Bye. > >> Greetings, >> >> I just did a major upgrade to our Samba infrastructure. >> >> I previously had a domain controller and share running 3.0.33 (on one >> box, one samba instance) >> >> I set up a new domain controller running 3.5.8, made that the PDC for >> our domain, and changed the (now former) domain controller running >> 3.0.33 to just be a member. Additionally, we moved the IP from the >> old DC to the new DC (and subsequently gave the former DC, now just a >> member and file share a new IP) >> >> Now I am having some strange issues. >> >> Windows machines in our London office (which is connected via a tunnel >> between some Cisco ASA's from HQ to London) can no longer see the >> domain (which is at HQ) UNLESS we disable the Windows firewall on the >> workstations OR add exceptions to the firewall for the PDC. Machines >> at HQ see the domain fine. Now, the PDC has the SAME IP as the old >> domain. So it's not like the rules would need to be any different >> anyway. Frankly, I don't quite understand how this worked before - >> but it did! Did something change between 3.0.x and 3.5.x which would >> cause this behavior and is there a fix? I am hoping to not have to >> run through and change all of the firewalls on all of our workstations >> (especially since we can't do so via netlogon scripts etc as they >> won't see the domain!) Worth noting, our machines all have an lmhosts >> file which tells them where to go for the domain, hence why we moved >> the IP from the old dc to the new dc. >> >> Second problem.. users can't access our file share (which was formerly >> the domain controller, now just a member) when connected via our VPN >> (a juniper ssl vpn). The VPN drops them into the same network as if >> they are in the office -- and it works fine if you are in the office. >> Yet, if you come in via VPN you received "no logon servers available" >> errors. Mac users connecting to the file share via SMB have no >> problem. The following error is logged in smbd.log (redacted my >> specific names): >> >> domain_client_validate: unable to validate password for user >> $username in domain $mydomain to Domain controller $mypdc. Error was >> NT_STATUS_UNSUCCESSFUL. >> >> >> >> Happy to provide any additional info.. I'm baffled! All of this >> worked before without problems. >> >> Thanks, >> Ryan >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Upgrade from Samba 3.0.33 to 3.5.8 woes
The same happend to me. But I didn't have the time to analize the problem. I solve it by changing the name of the server. Same ip, but new name and everything works now. It would be great to know if there is another workaround. Did you keep the sid of the pdc after the change? Did you use ldap? Bye. > Greetings, > > I just did a major upgrade to our Samba infrastructure. > > I previously had a domain controller and share running 3.0.33 (on one > box, one samba instance) > > I set up a new domain controller running 3.5.8, made that the PDC for > our domain, and changed the (now former) domain controller running > 3.0.33 to just be a member. Additionally, we moved the IP from the > old DC to the new DC (and subsequently gave the former DC, now just a > member and file share a new IP) > > Now I am having some strange issues. > > Windows machines in our London office (which is connected via a tunnel > between some Cisco ASA's from HQ to London) can no longer see the > domain (which is at HQ) UNLESS we disable the Windows firewall on the > workstations OR add exceptions to the firewall for the PDC. Machines > at HQ see the domain fine. Now, the PDC has the SAME IP as the old > domain. So it's not like the rules would need to be any different > anyway. Frankly, I don't quite understand how this worked before - > but it did! Did something change between 3.0.x and 3.5.x which would > cause this behavior and is there a fix? I am hoping to not have to > run through and change all of the firewalls on all of our workstations > (especially since we can't do so via netlogon scripts etc as they > won't see the domain!) Worth noting, our machines all have an lmhosts > file which tells them where to go for the domain, hence why we moved > the IP from the old dc to the new dc. > > Second problem.. users can't access our file share (which was formerly > the domain controller, now just a member) when connected via our VPN > (a juniper ssl vpn). The VPN drops them into the same network as if > they are in the office -- and it works fine if you are in the office. > Yet, if you come in via VPN you received "no logon servers available" > errors. Mac users connecting to the file share via SMB have no > problem. The following error is logged in smbd.log (redacted my > specific names): > > domain_client_validate: unable to validate password for user > $username in domain $mydomain to Domain controller $mypdc. Error was > NT_STATUS_UNSUCCESSFUL. > > > > Happy to provide any additional info.. I'm baffled! All of this > worked before without problems. > > Thanks, > Ryan > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] strange anomaly/bug with cupsaddsmb and 64bit drivers
This is probably a CUPS bug but maybe not, I'll mention it here just in case. When using cupsaddsmb to install 64bit drivers the drivers must be in the (maybe distro/configure dependent): /usr/share/cups/drivers/x64 to be sure that's "x64" with a lower case "x". The cupsaddsmb app ignores the drivers if the subdirectory is named with an uppercase "X" (X64). Now if Samba's printers (/var/lib/samba/printers in my case) directory already contains an X64 (uppercase X) directory cupsaddsmb will work all the way up to the setdriver stage and then fail with: result was WERR_INVALID_PARAM A workaround is to delete the "X64" directory (unless it is being used otherwise, then I presume that renaming it with a lower case "x" will work) and cupsaddsmb will create an "x64" directory, and with a lowercase "x" the setdriver stage completes with no issues. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Upgrade from Samba 3.0.33 to 3.5.8 woes
Greetings, I just did a major upgrade to our Samba infrastructure. I previously had a domain controller and share running 3.0.33 (on one box, one samba instance) I set up a new domain controller running 3.5.8, made that the PDC for our domain, and changed the (now former) domain controller running 3.0.33 to just be a member. Additionally, we moved the IP from the old DC to the new DC (and subsequently gave the former DC, now just a member and file share a new IP) Now I am having some strange issues. Windows machines in our London office (which is connected via a tunnel between some Cisco ASA's from HQ to London) can no longer see the domain (which is at HQ) UNLESS we disable the Windows firewall on the workstations OR add exceptions to the firewall for the PDC. Machines at HQ see the domain fine. Now, the PDC has the SAME IP as the old domain. So it's not like the rules would need to be any different anyway. Frankly, I don't quite understand how this worked before - but it did! Did something change between 3.0.x and 3.5.x which would cause this behavior and is there a fix? I am hoping to not have to run through and change all of the firewalls on all of our workstations (especially since we can't do so via netlogon scripts etc as they won't see the domain!) Worth noting, our machines all have an lmhosts file which tells them where to go for the domain, hence why we moved the IP from the old dc to the new dc. Second problem.. users can't access our file share (which was formerly the domain controller, now just a member) when connected via our VPN (a juniper ssl vpn). The VPN drops them into the same network as if they are in the office -- and it works fine if you are in the office. Yet, if you come in via VPN you received "no logon servers available" errors. Mac users connecting to the file share via SMB have no problem. The following error is logged in smbd.log (redacted my specific names): domain_client_validate: unable to validate password for user $username in domain $mydomain to Domain controller $mypdc. Error was NT_STATUS_UNSUCCESSFUL. Happy to provide any additional info.. I'm baffled! All of this worked before without problems. Thanks, Ryan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Mac OS X user having problems connecting to samba running on Ubuntu Server
Hi all, Doing a bit of research on samba and hostname lead me to find the actual cause of the problem. If you don't specify the "netbios name = " directive in the samba configuration(smb.conf) file, samba uses hostname as the netbios name (ref: http://www.justlinux.com/forum/archive/index.php/t-126124.html read cowanrl's comment) and the maximum length of a netbios name is 16 characters. However, Microsoft limits the netbios name to 15 characters (ref: http://support.microsoft.com/kb/163409). In my case i had not specified the "netbios name = " directive in smb.conf file and the hostname was more than 16 characters. Adding "netbios name = " to something less than 15 characters did the trick. My hostname is more than 16 characters. Hope this helps some of you out there. Thanks, Amit More On Mon, 2011-03-21 at 18:16 -0700, Amit More wrote: > Hello all, > > After spending some time looking into the problem, I have found out that > changing the hostname of the machine on which samba was running to be 16(or > less) characters long did the trick. With "internalfileserver"(which is 18 > characters long) as hostname Mac users were not able to connect to the share > via "connect to server"(apple + k) application but could connect via the > command line. Changing the hostname to "fileserver"(which is 10 characters > long) allowed Mac users to connect to the share via "connect to server" > application as well as via the command line. > > I am not able to figure this out. I will share it with samba users once i > find something useful. > > Thanks, > Amit More > > > On Thu, 2011-03-17 at 18:51 -0700, Amit More wrote: > > Hello all, > > > > > > I have installed samba version 3.3.2 on Ubuntu 9.04 server 32-bit > > following the documentation > > https://help.ubuntu.com/9.10/serverguide/C/samba-fileserver.html > > > > > > Windows and Ubuntu users can see and mount the shares with no problem at > > all. > > > > Mac OS 10.6.x users can connect to samba from terminal using smbclient, > > but they are refused connection when they try to connect via finder (ie > > using apple + k). The error Mac users get is “wrong username or > > password”. However, they can connect via finder only when they prefix > > the username with any domain name. They can pass any arbitrary domain > > name before the username to connect to the samba share. > > > > > > To be more clear here is an example > > > > smb://server.domain.com/File_share > > username: arbitrary-domain-name\username > > > > > > Also, Mac OS X users having problem connecting to samba running on > > Ubuntu server are able to mount the shares from Windows Server 2003 via > > finder. > > > > > > I have set the following parameters in my /etc/samba/smb.conf file > > > > workgroup = WORKGROUP > > > > server string = %h server (Samba, Ubuntu) > > > > dns proxy = no > > > > security = user > > > > encrypt passwords = true > > > > passdb backend = tdbsam > > > > obey pam restrictions = yes > > > > passwd program = /usr/bin/passwd %u > > > > passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s* > > \spassword:* %n\n *password\supdated\ssuccessfully* . > > > > map to guest = bad user > > > > usershare allow guests = yes > > > > [share] > > > > comment = Ubuntu File Server Share > > > > path = /srv/samba/share > > > > browsable = yes > > > > guest ok = no > > > > read only = no > > > > create mask = 0755 > > > > > > > > Things that I have tried: > > > > 1. Adding public = yes in share > > > > 2. Setting encryption = false > > > > > > I am new to samba and have been doing research for a long time to get > > this working. Is there any workaround for the problem that I am facing. > > I would appreciate all your help. > > > > > > Thanks in advance, > > > > Amit More > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Upgrading system on file server
On 03/17/2011 01:45 PM, Bayardo Rivas - Open Soluciones wrote: Hi, I have an old version of Suse runing a Samba. I will upgrade this box from Suse 9.3 -> Suse 11.3. I know that there are a lot of risk but my top fear is about Samba. This is a production server and network users authenticate with this server. We do not have roaming profile, but I know that if I install from scratch I lose my domain, SID number changes and I have to reconfigure all the clients and this is not an option. So, I will try to upgrade the box with the installation disks, but if I get problems and I am forced to install from scratch, what do I have to do to keep my domain working and don't lose the conection between the domain and clients and keep it transparent for clients?/ Any suggestions are welcome. Bayardo Ok, finally on the weekend I upgraded the system without big issues. When the system was upgraded it was serving all services, including Samba and authentication. First of all... everything was backed up... twice, diferent medias. Two situations after upgrade: 1. Every user had to reset password in first login authentication to domain. 2. Once the password was reset, unexpected, the system notified users that password had expired. With the command # pdbedit -P "maximum password age" I saw that it had the "180" value (seconds), so I had to change this policy with the command: # pdbedit -P "maximum password age" -C -1 Wich means, never expire the password. I need this policy this way. Well.. good luck to any body who need to work with this. Thank you for your advices. Bayardo. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Logon scripts not executed when NT4 trusted domain users log in a S3-controlled domain
Quoting Christian PERRIER (bubu...@debian.org): > - I get a notice that the domain paassword is expired. I can either > change it or ignore the warning, but: This was bug #7066. Fixed in 3.5.8. > - the DomB user logon script is not executed This seems to be bug #6356 though my client is a Windows XP machine (not Win7). This is really a showstopper for me. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Debugging a groups permission problem
On Tue, Mar 22, 2011 at 08:27:05AM -0400, John Mulligan wrote: > Hello samba list, > > [Apologies if you've seen this message before. I'm not sure if the original > got eaten by a filter somewhere along the line.] > > I've run into a rather strange problem at one of our deployments, and > after trying a few ideas myself are turning to you to see if you have > any suggestions for my next step. > > The problem: We're currently running samba 3.5.6 as a file server joined > to an active directory. We set up acls that say group "foo" has r/w access > to a directory. A user "userA" attempts to access that folder and fails > even though the active directory server shows he is in that group. > I've gone through the samba system checking the output of wbinfo > and the getent, groups and id command; they all show that "userA" is > in the supplementary "foo" group. I also turned up the logging and > verified that the results of the "supplementary groups" in the log > show the GID of the "foo" group when "userA" connects. > > Can you suggest to me what else I should be looking at? We've re-run this > test by stripping out all acls (nt and posix) and just using permissions. > Unless this particular user is the owner or the primary group the > user can not access this directory. > It feels as if the supplementary group is being "ignored" for this case, > but I don't know why and I have run out of ideas. Searching google does not > seem to turn up anything relevant at this point, either. I would greatly > appreciate any help investigating what is going on with this system. Set debug level 10 using smbcontrol for the smbd connected to the specific client - then search the log for ACCESS_DENIED messages. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Sporadic Logon Issues from Windows 2003
I have a Samba server (3.0.37) acting as a domain controller for several computers running Linux, Windows XP, Windows 7, and just recently a Windows 2003 server that replaced a Windows NT server. A couple times a day, the Windows 2003 server generates an error like the one below for everyone that attempts to connect to it. Throughout the rest of the day, there is no issue at all, but several times it will just refuse connections. -- Event Type: Failure Audit Event Source: Security Event Category: Logon/Logoff Event ID: 537 Date: 3/22/2011 Time: 2:01:54 PM User: NT AUTHORITY\SYSTEM Computer: FLEX1 Description: Logon Failure: Reason: An error occurred during logon User Name: John.Smith Domain: FLEXSERVICES Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Workstation Name: CWS133 Status code:0xC05E Substatus code: 0x0 Caller User Name: - Caller Domain: - Caller Logon ID:- Caller Process ID: - Transited Services: - Source Network Address: 192.168.1.133 Source Port:2621 For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. -- I have checked my Samba logs for the same time period and I don't see any kind of error entries and googling the status code and event ID together hasn't produced anything useful so far. Can anyone give me an idea of how I would go about debugging this situation? -- View this message in context: http://samba.2283325.n4.nabble.com/Sporadic-Logon-Issues-from-Windows-2003-tp3397295p3397295.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem loggin in
Hi, I just installed a samba server versión 3.5.6, in a Linux debían 2.6.26-2-amd64, the clients have Windows 7. I have probed with some users and they could log in, but I have many users that can´t log in. When they type their password the computer tell the next message: Intervalo fuera de rango (out of range interval) Do you have any idea? Thanks in advance It is the smb.conf file: [global] workgroup = ALUMNO server string = %h server (Samba %v) passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . log file = /var/log/samba/log.%m printcap name = cups logon script = startup.bat logon path = logon home = domain logons = Yes os level = 65 preferred master = Yes domain master = Yes panic action = /usr/share/samba/panic-action %d #invalid users = root admin users = root,juan, kino, jestrada printing = cups print command = lpq command = %p lprm command = client ntlmv2 auth = yes [homes] writable = yes browsable = no create mode = 0700 [netlogon] path = /var/lib/samba/netlogon read only = yes [printers] comment = All Printers printable = yes path = /var/spool/samba browseable = yes guest ok = yes public = yes read only = no writable = yes create mode = 0700 [comunprepa] path = /home/comunprepa writeable = yes [comunsec] path = /home/comunsec writeable = yes create mode = 750 [typingmaster] path = /home/typingmaster writeable = yes [wallpaper] path = /home/wallpaper writeable = no [wallpaperprim] path = /home/wallpaperprim writeable = no -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Debugging a groups permission problem
Hello samba list, [Apologies if you've seen this message before. I'm not sure if the original got eaten by a filter somewhere along the line.] I've run into a rather strange problem at one of our deployments, and after trying a few ideas myself are turning to you to see if you have any suggestions for my next step. The problem: We're currently running samba 3.5.6 as a file server joined to an active directory. We set up acls that say group "foo" has r/w access to a directory. A user "userA" attempts to access that folder and fails even though the active directory server shows he is in that group. I've gone through the samba system checking the output of wbinfo and the getent, groups and id command; they all show that "userA" is in the supplementary "foo" group. I also turned up the logging and verified that the results of the "supplementary groups" in the log show the GID of the "foo" group when "userA" connects. Can you suggest to me what else I should be looking at? We've re-run this test by stripping out all acls (nt and posix) and just using permissions. Unless this particular user is the owner or the primary group the user can not access this directory. It feels as if the supplementary group is being "ignored" for this case, but I don't know why and I have run out of ideas. Searching google does not seem to turn up anything relevant at this point, either. I would greatly appreciate any help investigating what is going on with this system. Thank you all for your assistance. --John M. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] cant use Samba window sprinter drivers on Windows XP32
hi everybody, sorry, currently there seems to ab problem, with my alias with sending eMails. i hope i fixed this now. after some trouble i was now able to upload and set printerdrivers via cupsaddsmb and windows apw. but there are two errors. - i cant use the driver on a windows xp 32, if does not get installed as root previously. - i have a Oki Execution series 7411 and used the PS Driver. when printing to that printer i get in smb.log Unable to print file to es7411 - client-error-not-authorized in cups error.log i get [21/Mar/2011:10:43:19 +0100] Returning IPP client-error-not-authorized for Print-Job (ipp://localhost/printers/es7411) from localhost but i can print (if connected as root) to other printers on the same machine? where could be the error? best regards thomas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Printer drivers installation: files are not deleted
Le 21.03.2011 16:55, Thomas Stegbauer a écrit : hi laurent, i found the error. with all the tests there was set: use client driver = yes :( now i can upload drivers and register drivers by apw and cupsaddsmb best regards thank you very for your assistance Heh, you're welcome, but I didn't do much, I didn't think about that at all. So thanks for the feedback, that piece of info can be useful in the future! Laurent -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
