Re: [Samba] Access denied on shares, why?
On 10/06/2011 09:37 PM, Markku Tavasti wrote: > Hi! > > I've strange access problem. I'm migrating samba server from Suse to > Ubuntu, and seems like it won't work like expected. All the time > problem is that normal users without admin rights can't access shares. > They can access their own home directories, but not common shares which > are limited to some groups. After bit more investigating, looks like group staff is not working. And in logfile I found this: [2011/10/06 15:05:30.246626, 3] lib/util_sid.c:228(string_to_sid) string_to_sid: Sid @staff does not start with 'S-'. Apparently this @staff comes from valid users or write list on smb.conf, but why on earth samba expects to see SID there? -- M. Tavasti / tava...@tavasti.fi / +358-40-5078254 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SMB Signing issues... smbclient works, mount does not...
On 7/10/2011 1:18 PM, Shirish Pargaonkar wrote: > On Thu, Oct 6, 2011 at 10:10 PM, Vini wrote: >> Hi All, >> >> I seem to have exactly the same problem which was described in this thread a >> while ago. I have gone through every piece of information I was able to find >> on mailing list archives but all I found was people reporting similar >> problems and not a solution to it. >> >> As in the original discussion if I use smbclient it works fine but if I use >> mount.cifs it does not work at all. To make smbclient work I have had to add >> "client ntlmv2 auth = yes" to the sbm.conf file. >> >> The server I am connecting to is a Windows 2008 R2 and the security policy >> only allows NTLMv2. >> >> I am trying to connect from a Centos 5.5 >> >> 2.6.18-274.3.1.el5 #1 SMP Tue Sep 6 20:14:03 EDT 2011 i686 i686 i386 >> GNU/Linux >> >> libsmbclient-3.5.4-68.2 >> samba-3.5.4-68.2 >> samba-common-3.5.4-68.2 >> samba-client-3.5.4-68.2 >> samba-winbind-clients-3.5.4-68.2 >> cifs-utils-4.4-5.2 >> >> ls /proc/fs/cifs/ >> cifsFYI >> DebugData >> Experimental >> LinuxExtensionsEnabled >> LookupCacheEnabled >> MultiuserMount >> OplockEnabled >> SecurityFlags >> Stats >> traceSMB >> >> modinfo cifs >> filename: /lib/modules/2.6.18-274.3.1.el5/kernel/fs/cifs/cifs.ko >> version:1.60RH >> description:VFS to access servers complying with the SNIA CIFS >> Specification e.g. Samba and Windows >> license:GPL >> author: Steve French >> srcversion: 4A9C63C35E60B4C015318F5 >> depends: >> vermagic: 2.6.18-274.3.1.el5 SMP mod_unload 686 REGPARM 4KSTACKS >> gcc-4.1 >> parm: CIFSMaxBufSize:Network buffer size (not including header). >> Default: 16384 Range: 8192 to 130048 (int) >> parm: cifs_min_rcv:Network buffers in pool. Default: 4 Range: 1 to >> 64 (int) >> parm: cifs_min_small:Small network buffers in pool. Default: 30 >> Range: 2 to 256 (int) >> parm: cifs_max_pending:Simultaneous requests to server. Default: >> 50 Range: 2 to 256 (int) >> module_sig: >> 883f3504e66bf24104f42edc2b0f945112c79009d1e1918c363e6545d5644af26235486a0faee309e3e516f3731905cd551976d305e8c32b5f117ae9b >> >> >> This works without issues: >> >> smbclient -U username //192.168.20.129/share >> >> But this does not work at all: >> >> mount.cifs //192.168.20.129/share /mnt/ -o >> user=username,password=XXX,sec=ntlmv2 >> >> For the record I have tried sec=ntlmv2i, ntlmssp, krb5i, krb5. >> >> Here is what I get when I try: >> >> >> >> With sec=ntlmv2i >> >> mount error(22): Invalid argument >> Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) >> >> and dmesg gives: >> >> CIFS VFS: Unexpected SMB signature >> Status code returned 0xc00d NT_STATUS_INVALID_PARAMETER >> CIFS VFS: Send error in SessSetup = -22 >> CIFS VFS: cifs_mount failed w/return code = -22 >> >> >> >> With sec=ntlmv2 >> >> mount error(95): Operation not supported >> Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) >> >> and dmesg gives: >> >> CIFS VFS: Server requires packet signing to be enabled in >> /proc/fs/cifs/SecurityFlags. >> CIFS VFS: cifs_mount failed w/return code = -95 >> >> >> >> With sec=ntlmssp >> >> mount error(95): Operation not supported >> Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) >> >> and dmesg gives: >> >> CIFS VFS: Server requires packet signing to be enabled in >> /proc/fs/cifs/SecurityFlags. >> CIFS VFS: cifs_mount failed w/return code = -95 >> >> >> I have tried changing the values /proc/fs/cifs/SecurityFlags but no >> difference at all. >> >> may use packet signing 0x1 >> must use packet signing 0x01001 >> may use NTLM (most common password hash)0x2 >> must use NTLM 0x02002 >> may use NTLMv2 0x4 >> must use NTLMv2 0x04004 >> may use Kerberos security 0x8 >> must use Kerberos 0x08008 >> may use lanman (weak) password hash 0x00010 >> must use lanman password hash 0x10010 >> may use plaintext passwords 0x00020 >> must use plaintext passwords0x20020 >> >> Reference on line 588 >> http://www.disy.cse.unsw.edu.au/lxr/source/fs/cifs/?v=linux-2.6.32 >> >> One funny thing is that there should be a pseudo-file called >> /proc/fs/cifs/PacketSigningEnabled but it does not exist, even on much newer >> kernels it does not exist. >> >> >> Has anyone been able to overcome this problem? >> >> Thanks >> Vini >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > > You probably need this patch installed on the Windows 2008 server > http://support.microsoft.com/kb/957441/en-us I have tried this and it did not work either, once I apply it the login fails with "NT_STATUS_LOGON_
[Samba] Upgrade Samba 3.0.28 to 3.6.0 problems
Hello, having a problem upgrading a samba installation version 3.0.28 on a FreeBSD 7.x server. I use samba as a PDC with roaming profiles and user shares. I have to upgrade it to allow Windows 7 Pro workstations to join the domain. I was able to build the binaries sucessfully and install them, everything ran OK, but I noticed that my smbpasswd file had I guess been relocated and I had to readd the PC's and users to the smbpasswd file (smbpasswd -a username, smbpassword -ma machinename), etc. I noticed that I had to have the PC's un-join and re-join the domain in order for them to work. I noticed that none of the local profiles loaded, instead creating a new roaming profile username.V2 in the profiles directory. (windows XP workstation continued to complain about using a local profile as the server copy was unavailable) In addition to this on the Windows 7 workstation I could not access the user share that I was logged into. So I undid my changes and went back to Samba 3.0.28 until I can figure these problems out.I have to figure out how not to have to re-add all of my users and PC's into smbpasswd, why roaming profiles wont work and what the access denined problem was about. My smb.conf file did seem to translate OK because all of my shares were available. What am I missing, did the smbpasswd directory change? is the old smbpasswd file from 3.0.28 not compatible with 3.6.0? what can I do? I dont want everyone to have to recreate their roaming profiles... there are about 50 users... permissions problem? build/source/binary location problem? any suggestions welcome. help please, Thanks -- Louis Kabo lo...@kaboserv.com http://www.kaboserv.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SMB Signing issues... smbclient works, mount does not...
On Thu, Oct 6, 2011 at 10:10 PM, Vini wrote: > Hi All, > > I seem to have exactly the same problem which was described in this thread a > while ago. I have gone through every piece of information I was able to find > on mailing list archives but all I found was people reporting similar > problems and not a solution to it. > > As in the original discussion if I use smbclient it works fine but if I use > mount.cifs it does not work at all. To make smbclient work I have had to add > "client ntlmv2 auth = yes" to the sbm.conf file. > > The server I am connecting to is a Windows 2008 R2 and the security policy > only allows NTLMv2. > > I am trying to connect from a Centos 5.5 > > 2.6.18-274.3.1.el5 #1 SMP Tue Sep 6 20:14:03 EDT 2011 i686 i686 i386 > GNU/Linux > > libsmbclient-3.5.4-68.2 > samba-3.5.4-68.2 > samba-common-3.5.4-68.2 > samba-client-3.5.4-68.2 > samba-winbind-clients-3.5.4-68.2 > cifs-utils-4.4-5.2 > > ls /proc/fs/cifs/ > cifsFYI > DebugData > Experimental > LinuxExtensionsEnabled > LookupCacheEnabled > MultiuserMount > OplockEnabled > SecurityFlags > Stats > traceSMB > > modinfo cifs > filename: /lib/modules/2.6.18-274.3.1.el5/kernel/fs/cifs/cifs.ko > version: 1.60RH > description: VFS to access servers complying with the SNIA CIFS > Specification e.g. Samba and Windows > license: GPL > author: Steve French > srcversion: 4A9C63C35E60B4C015318F5 > depends: > vermagic: 2.6.18-274.3.1.el5 SMP mod_unload 686 REGPARM 4KSTACKS > gcc-4.1 > parm: CIFSMaxBufSize:Network buffer size (not including header). > Default: 16384 Range: 8192 to 130048 (int) > parm: cifs_min_rcv:Network buffers in pool. Default: 4 Range: 1 to > 64 (int) > parm: cifs_min_small:Small network buffers in pool. Default: 30 > Range: 2 to 256 (int) > parm: cifs_max_pending:Simultaneous requests to server. Default: > 50 Range: 2 to 256 (int) > module_sig: > 883f3504e66bf24104f42edc2b0f945112c79009d1e1918c363e6545d5644af26235486a0faee309e3e516f3731905cd551976d305e8c32b5f117ae9b > > > This works without issues: > > smbclient -U username //192.168.20.129/share > > But this does not work at all: > > mount.cifs //192.168.20.129/share /mnt/ -o > user=username,password=XXX,sec=ntlmv2 > > For the record I have tried sec=ntlmv2i, ntlmssp, krb5i, krb5. > > Here is what I get when I try: > > > > With sec=ntlmv2i > > mount error(22): Invalid argument > Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) > > and dmesg gives: > > CIFS VFS: Unexpected SMB signature > Status code returned 0xc00d NT_STATUS_INVALID_PARAMETER > CIFS VFS: Send error in SessSetup = -22 > CIFS VFS: cifs_mount failed w/return code = -22 > > > > With sec=ntlmv2 > > mount error(95): Operation not supported > Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) > > and dmesg gives: > > CIFS VFS: Server requires packet signing to be enabled in > /proc/fs/cifs/SecurityFlags. > CIFS VFS: cifs_mount failed w/return code = -95 > > > > With sec=ntlmssp > > mount error(95): Operation not supported > Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) > > and dmesg gives: > > CIFS VFS: Server requires packet signing to be enabled in > /proc/fs/cifs/SecurityFlags. > CIFS VFS: cifs_mount failed w/return code = -95 > > > I have tried changing the values /proc/fs/cifs/SecurityFlags but no > difference at all. > > may use packet signing 0x1 > must use packet signing 0x01001 > may use NTLM (most common password hash) 0x2 > must use NTLM 0x02002 > may use NTLMv2 0x4 > must use NTLMv2 0x04004 > may use Kerberos security 0x8 > must use Kerberos 0x08008 > may use lanman (weak) password hash 0x00010 > must use lanman password hash 0x10010 > may use plaintext passwords 0x00020 > must use plaintext passwords 0x20020 > > Reference on line 588 > http://www.disy.cse.unsw.edu.au/lxr/source/fs/cifs/?v=linux-2.6.32 > > One funny thing is that there should be a pseudo-file called > /proc/fs/cifs/PacketSigningEnabled but it does not exist, even on much newer > kernels it does not exist. > > > Has anyone been able to overcome this problem? > > Thanks > Vini > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > You probably need this patch installed on the Windows 2008 server http://support.microsoft.com/kb/957441/en-us -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SMB Signing issues... smbclient works, mount does not...
Hi All, I seem to have exactly the same problem which was described in this thread a while ago. I have gone through every piece of information I was able to find on mailing list archives but all I found was people reporting similar problems and not a solution to it. As in the original discussion if I use smbclient it works fine but if I use mount.cifs it does not work at all. To make smbclient work I have had to add "client ntlmv2 auth = yes" to the sbm.conf file. The server I am connecting to is a Windows 2008 R2 and the security policy only allows NTLMv2. I am trying to connect from a Centos 5.5 2.6.18-274.3.1.el5 #1 SMP Tue Sep 6 20:14:03 EDT 2011 i686 i686 i386 GNU/Linux libsmbclient-3.5.4-68.2 samba-3.5.4-68.2 samba-common-3.5.4-68.2 samba-client-3.5.4-68.2 samba-winbind-clients-3.5.4-68.2 cifs-utils-4.4-5.2 ls /proc/fs/cifs/ cifsFYI DebugData Experimental LinuxExtensionsEnabled LookupCacheEnabled MultiuserMount OplockEnabled SecurityFlags Stats traceSMB modinfo cifs filename: /lib/modules/2.6.18-274.3.1.el5/kernel/fs/cifs/cifs.ko version:1.60RH description:VFS to access servers complying with the SNIA CIFS Specification e.g. Samba and Windows license:GPL author: Steve French srcversion: 4A9C63C35E60B4C015318F5 depends: vermagic: 2.6.18-274.3.1.el5 SMP mod_unload 686 REGPARM 4KSTACKS gcc-4.1 parm: CIFSMaxBufSize:Network buffer size (not including header). Default: 16384 Range: 8192 to 130048 (int) parm: cifs_min_rcv:Network buffers in pool. Default: 4 Range: 1 to 64 (int) parm: cifs_min_small:Small network buffers in pool. Default: 30 Range: 2 to 256 (int) parm: cifs_max_pending:Simultaneous requests to server. Default: 50 Range: 2 to 256 (int) module_sig: 883f3504e66bf24104f42edc2b0f945112c79009d1e1918c363e6545d5644af26235486a0faee309e3e516f3731905cd551976d305e8c32b5f117ae9b This works without issues: smbclient -U username //192.168.20.129/share But this does not work at all: mount.cifs //192.168.20.129/share /mnt/ -o user=username,password=XXX,sec=ntlmv2 For the record I have tried sec=ntlmv2i, ntlmssp, krb5i, krb5. Here is what I get when I try: With sec=ntlmv2i mount error(22): Invalid argument Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and dmesg gives: CIFS VFS: Unexpected SMB signature Status code returned 0xc00d NT_STATUS_INVALID_PARAMETER CIFS VFS: Send error in SessSetup = -22 CIFS VFS: cifs_mount failed w/return code = -22 With sec=ntlmv2 mount error(95): Operation not supported Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and dmesg gives: CIFS VFS: Server requires packet signing to be enabled in /proc/fs/cifs/SecurityFlags. CIFS VFS: cifs_mount failed w/return code = -95 With sec=ntlmssp mount error(95): Operation not supported Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and dmesg gives: CIFS VFS: Server requires packet signing to be enabled in /proc/fs/cifs/SecurityFlags. CIFS VFS: cifs_mount failed w/return code = -95 I have tried changing the values /proc/fs/cifs/SecurityFlags but no difference at all. may use packet signing 0x1 must use packet signing 0x01001 may use NTLM (most common password hash)0x2 must use NTLM 0x02002 may use NTLMv2 0x4 must use NTLMv2 0x04004 may use Kerberos security 0x8 must use Kerberos 0x08008 may use lanman (weak) password hash 0x00010 must use lanman password hash 0x10010 may use plaintext passwords 0x00020 must use plaintext passwords0x20020 Reference on line 588 http://www.disy.cse.unsw.edu.au/lxr/source/fs/cifs/?v=linux-2.6.32 One funny thing is that there should be a pseudo-file called /proc/fs/cifs/PacketSigningEnabled but it does not exist, even on much newer kernels it does not exist. Has anyone been able to overcome this problem? Thanks Vini -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Porting samba setup to backup server
Fixed - shutdown smb, nmb and winbind; then removed erroneous secrets.tdb as well as the passdb.tdb in privates; restarted smb which re-created secrets.tdb, then shutdown smb, ran tdbbackup -v to restore the passdb.tdb and restarted smb, nmb and winbind. All good with slightly re-configured smb.conf to avoid name confusion. From: samba-requ...@lists.samba.org Sent: Thursday, October 06, 2011 11:00 AM To: samba@lists.samba.org Subject: samba Digest, Vol 106, Issue 6 Send samba mailing list submissions to samba@lists.samba.org To subscribe or unsubscribe via the World Wide Web, visit https://lists.samba.org/mailman/listinfo/samba or, via email, send a message with subject or body 'help' to samba-requ...@lists.samba.org You can reach the person managing the list at samba-ow...@lists.samba.org When replying, please edit your Subject line so it is more specific than "Re: Contents of samba digest..." Today's Topics: 1. [Re: Samba4 and sysvol share] (fe...@epepm.cupet.cu) 2. Access registry on remote Windows machine? (Ken D'Ambrosio) 3. Re: smbd: PANIC (pid x): internal error -- ? causes? (Linda W) 4. Re: Fwd: Win 7 Pro (Oto BREZINA) 5. Re: issue with tesparam (Moray Henderson) 6. Re: issue with tesparam (Harry Jede) 7. [mount.cifs] Mapping Windows ACLs SIDs to POSIX ACL ? (Xavier Roche) 8. access denied problem (Damian Rodriguez Sanchez) 9. Re: [mount.cifs] Mapping Windows ACLs SIDs to POSIX ACL ? (Shirish Pargaonkar) 10. Subversion working copy via Samba (Dalibor Karlovi?) 11. Force group syntax for multiple groups (Le, Anh) 12. Re: Force group syntax for multiple groups (Chris Weiss) 13. Porting samba setup to backup server (Ken Findlay) ___ samba mailing list samba@lists.samba.org https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.7 with LDAP authentication
the output of `pdbedit -L` is doing parameter security = user doing parameter encrypt passwords = true doing parameter passdb backend = ldapsam:ldap://ldap1.xetus.com/ doing parameter ldap admin dn = cn=root,dc=xetus,dc=com doing parameter ldap user suffix = ou=people doing parameter ldap group suffix = ou=groups doing parameter ldap machine suffix = ou=people doing parameter ldap suffix = dc=xetus,dc=com doing parameter ldap ssl = no doing parameter obey pam restrictions = yes doing parameter unix password sync = yes doing parameter passwd program = /usr/bin/passwd %u doing parameter passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . doing parameter pam password change = yes doing parameter map to guest = bad user doing parameter usershare allow guests = yes pm_process() returned Yes smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=FILESERVER))] smbldap_open_connection: connection opened ldap_connect_system: successful connection to the LDAP server The LDAP server is successfully connected smbldap_search_paged: base => [dc=xetus,dc=com], filter => [(&(uid=*)(objectclass=sambaSamAccount))],scope => [2], pagesize => [1024] smbldap_search_paged: search was successful User Search failed! On Oct 6, 2011, at 2:38 PM, Miguel Medalha wrote: > >> [2011/10/06 13:48:38, 4] passdb/pdb_ldap.c:1600(ldapsam_getsampwnam) >> ldapsam_getsampwnam: Unable to locate user [amore] count=0 >> [2011/10/06 13:48:38, 3] auth/auth_sam.c:282(check_sam_security) >> check_sam_security: Couldn't find user 'amore' in passdb. >> [2011/10/06 13:48:38, 2] auth/auth.c:320(check_ntlm_password) >> check_ntlm_password: Authentication for user [amore] -> [amore] FAILED >> with error NT_STATUS_NO_SUCH_USER >> [2011/10/06 13:48:38, 3] smbd/sesssetup.c:42(do_map_to_guest) >> No such user amore [FILESERVER] - using guest account >> [2011/10/06 13:48:38, 4] passdb/pdb_ldap.c:2550(ldapsam_getgroup) >> ldapsam_getgroup: Did not find group, filter was >> (&(objectClass=sambaGroupMapping)(gidNumber=65534)) > > Are you sure that the LDAP database is correct? Are the user and group names > in the correct places? > > What is the output of "pdbedit -L" ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.7 with LDAP authentication
[2011/10/06 13:48:38, 4] passdb/pdb_ldap.c:1600(ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [amore] count=0 [2011/10/06 13:48:38, 3] auth/auth_sam.c:282(check_sam_security) check_sam_security: Couldn't find user 'amore' in passdb. [2011/10/06 13:48:38, 2] auth/auth.c:320(check_ntlm_password) check_ntlm_password: Authentication for user [amore] -> [amore] FAILED with error NT_STATUS_NO_SUCH_USER [2011/10/06 13:48:38, 3] smbd/sesssetup.c:42(do_map_to_guest) No such user amore [FILESERVER] - using guest account [2011/10/06 13:48:38, 4] passdb/pdb_ldap.c:2550(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(gidNumber=65534)) Are you sure that the LDAP database is correct? Are the user and group names in the correct places? What is the output of "pdbedit -L" ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.7 with LDAP authentication
Thank you for your response. I appreciate it. I changed the following directives, passdb backend = ldapsam:ldap://ldap1.example.com/ ldap user suffix = ou=people ldap group suffix = ou=groups Added the following, ldap admin dn = cn=root,dc=example,dc=com ldap machine suffix = ou=people LDAP users are still not able to authenticate to the samba share. The error is the same. Heres an extract from the log file (/var/log/samba/user.log) [2011/10/06 13:48:38, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [FILESERVER]\[amore]@[MACBOOKPRO-1B99] with the new password interface [2011/10/06 13:48:38, 3] auth/auth.c:225(check_ntlm_password) check_ntlm_password: mapped user is: [FILESERVER]\[amore]@[MACBOOKPRO-1B99] [2011/10/06 13:48:38, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2011/10/06 13:48:38, 3] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2011/10/06 13:48:38, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/10/06 13:48:38, 2] lib/smbldap.c:890(smbldap_open_connection) smbldap_open_connection: connection opened [2011/10/06 13:48:38, 3] lib/smbldap.c:1101(smbldap_connect_system) ldap_connect_system: successful connection to the LDAP server [2011/10/06 13:48:38, 4] lib/smbldap.c:1177(smbldap_open) The LDAP server is successfully connected [2011/10/06 13:48:38, 4] passdb/pdb_ldap.c:1600(ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [amore] count=0 [2011/10/06 13:48:38, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/10/06 13:48:38, 3] auth/auth_sam.c:282(check_sam_security) check_sam_security: Couldn't find user 'amore' in passdb. [2011/10/06 13:48:38, 2] auth/auth.c:320(check_ntlm_password) check_ntlm_password: Authentication for user [amore] -> [amore] FAILED with error NT_STATUS_NO_SUCH_USER [2011/10/06 13:48:38, 3] smbd/sesssetup.c:42(do_map_to_guest) No such user amore [FILESERVER] - using guest account [2011/10/06 13:48:38, 4] passdb/pdb_ldap.c:2550(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(gidNumber=65534)) [2011/10/06 13:48:38, 3] smbd/sec_ctx.c:210(push_sec_ctx) Thanks, Amit On Oct 6, 2011, at 1:27 PM, Miguel Medalha wrote: > >> ldap user suffix = ou=people,dc=example,dc=com >> ldap group suffix = ou=groups,dc=example,dc=com >> ldap suffix = dc=example,dc=com > > Since your suffix is already in "ldap suffix", the other entries should be: > > ldap user suffix = ou=people > ldap group suffix = ou=groups > > Don't you need the entry "ldap machine suffix"? > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.7 with LDAP authentication
ldap user suffix = ou=people,dc=example,dc=com ldap group suffix = ou=groups,dc=example,dc=com ldap suffix = dc=example,dc=com Since your suffix is already in "ldap suffix", the other entries should be: ldap user suffix = ou=people ldap group suffix = ou=groups Don't you need the entry "ldap machine suffix"? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.7 with LDAP authentication
passdb backend = ldapsam:ldaps://ldap1.example.com/ ldap ssl = no You have "ldap ssl = no" and yet you are trying to connect to ldaps? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba 3.4.7 with LDAP authentication
Hello All, I have samba (Version 3.4.7) installed on a Ubuntu Server 10.04 (64-bit) using apt. I'm attempting to authenticate users connecting to the samba share over LDAP following the documentation https://help.ubuntu.com/10.04/serverguide/C/samba-ldap.html, but the authentication over LDAP fails. The OpenLDAP server was already configured to include the samba.schema, so i have skipped all the steps that fall under the "OpenLDAP Configuration" section of the manual referenced earlier. I have set the following directives in /etc/samba/smb.cnf file ### Authentication ### security = user encrypt passwords = true passdb backend = ldapsam:ldaps://ldap1.example.com/ ldap ssl = no ldap admin dn = cn=root,dc=example,dc=com ldap user suffix = ou=people,dc=example,dc=com ldap group suffix = ou=groups,dc=example,dc=com ldap suffix = dc=example,dc=com obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes map to guest = bad user === Share Definitions === [Documents] comment = Ubuntu File Server Share path = /data/Documents browsable = yes guest ok = no read only = no create mask = 0755 When a user tries to connect to the samba share the /var/log/samba/log.user file is populated with the following messages, [2011/10/06 10:15:53, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [FILESERVER]\[amore]@[MACBOOKPRO-1B99] with the new password interface [2011/10/06 10:15:53, 3] auth/auth.c:225(check_ntlm_password) check_ntlm_password: mapped user is: [FILESERVER]\[amore]@[MACBOOKPRO-1B99] [2011/10/06 10:15:53, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2011/10/06 10:15:53, 3] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2011/10/06 10:15:53, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/10/06 10:15:53, 2] lib/smbldap.c:890(smbldap_open_connection) smbldap_open_connection: connection opened [2011/10/06 10:15:53, 3] lib/smbldap.c:1101(smbldap_connect_system) ldap_connect_system: successful connection to the LDAP server [2011/10/06 10:15:53, 4] lib/smbldap.c:1177(smbldap_open) The LDAP server is successfully connected [2011/10/06 10:15:53, 4] passdb/pdb_ldap.c:1600(ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [amore] count=0 [2011/10/06 10:15:53, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/10/06 10:15:53, 3] auth/auth_sam.c:282(check_sam_security) check_sam_security: Couldn't find user 'amore' in passdb. [2011/10/06 10:15:53, 2] auth/auth.c:320(check_ntlm_password) check_ntlm_password: Authentication for user [amore] -> [amore] FAILED with error NT_STATUS_NO_SUCH_USER [2011/10/06 10:15:53, 3] smbd/sesssetup.c:42(do_map_to_guest) No such user amore [FILESERVER] - using guest account [2011/10/06 10:15:53, 4] passdb/pdb_ldap.c:2550(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(gidNumber=65534)) The messages in the /var/log/syslog file on the LDAP server are as follows, Oct 6 10:03:06 ldap1 slapd[450]: <= bdb_equality_candidates: (host) not indexed Oct 6 10:03:32 ldap1 slapd[450]: <= bdb_equality_candidates: (sambaSID) not indexed Oct 6 10:04:32 ldap1 slapd[450]: <= bdb_equality_candidates: (sambaSID) not indexed Oct 6 10:05:18 ldap1 slapd[450]: <= bdb_equality_candidates: (cn) not indexed Oct 6 10:05:18 ldap1 slapd[450]: <= bdb_substring_candidates: (sudoUser) not indexed Oct 6 10:05:58 ldap1 slapd[450]: <= bdb_equality_candidates: (cn) not indexed Oct 6 10:05:58 ldap1 slapd[450]: <= bdb_substring_candidates: (sudoUser) not indexed Oct 6 10:05:58 ldap1 slapd[450]: <= bdb_equality_candidates: (sambaDomainName) not indexed Oct 6 10:05:58 ldap1 slapd[450]: <= bdb_equality_candidates: (sambaGroupType) not indexed Oct 6 10:05:58 ldap1 slapd[450]: <= bdb_equality_candidates: (sambaSIDList) not indexed Oct 6 10:05:58 ldap1 slapd[450]: last message repeated 4 times Oct 6 10:05:58 ldap1 slapd[450]: <= bdb_equality_candidates: (sambaGroupType) not indexed Oct 6 10:05:58 ldap1 slapd[450]: <= bdb_equality_candidates: (sambaSIDList) not indexed Oct 6 10:06:13 ldap1 slapd[450]: last message repeated 4 times Oct 6 10:06:13 ldap1 slapd[450]: <= bdb_equality_candidates: (sambaSID) not indexed Oct 6 10:07:22 ldap1 slapd[450]: <= bdb_equality_candidates: (sambaSID) not indexed Oct 6 10:08:33 ldap1 slapd[450]: last message repeated 3 times Here are some details of the packages installed, slapd: version 2.4.21-0ubuntu5.4 l
Re: [Samba] samba always expanding nested groups
Sorry when samba was recompiled with the panic statement commented out everything worked fine. Until I run into the issue where a group is ignored. -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Peacock,Josh Sent: Thursday, October 06, 2011 2:05 PM To: samba@lists.samba.org Subject: Re: [Samba] samba always expanding nested groups I am having a problem with Samba still core dumping on AIX 6.1 when my AD user has 13 groups I am a member of. I have the following directives set winbind nested groups = no winbind expand groups = 0 With this configuration I thought that Samba wouldn't try to find all the groups that my original 13 groups are also members of, however samba continues to core dump on sys_setgroups. Am I missing something in the configuration or my understanding of the directives listed above? On AIX 7.1 changing the new tunable has shown to work flawlessly but IBM has said there is no plans to back port this tunable into AIX 6.1. I applied the following patch are recompiled with no help. >From 1958f6034916746363fcbfa504c84dc6a13be495 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 23 Feb 2011 17:09:58 +0100 Subject: [PATCH] s3: Respect "winbind nested groups" in wb_gettoken_gotgroups --- source3/winbindd/wb_gettoken.c |5 + 1 files changed, 5 insertions(+), 0 deletions(-) diff --git a/source3/winbindd/wb_gettoken.c b/source3/winbindd/wb_gettoken.c index f2fbe4c..27d8c9a 100644 --- a/source3/winbindd/wb_gettoken.c +++ b/source3/winbindd/wb_gettoken.c @@ -103,6 +103,11 @@ static void wb_gettoken_gotgroups(struct tevent_req *subreq) state->num_sids += 1; state->sids = sids; + if (!lp_winbind_nested_groups()) { + tevent_req_done(req); + return; + } + /* * Expand our domain's aliases */ -- 1.7.0.4 I also recompiled commenting out the panic when the number of groups exceeds NGROUPS_MAX (which is hard coded to 128 in AIX 6.1). Thanks -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Peacock,Josh Sent: Monday, October 03, 2011 11:55 AM To: samba@lists.samba.org Subject: [Samba] samba always expanding nested groups Volker was working with someone back in Feb on this issue and sent a patch to him but was wondering if that worked and if there was an official fix in the works. What is happening is even after setting "winbind expand groups = 0" the 13 groups currently assigned to my user are expanding into 220 groups. This also breaks smbd by causing a panic and throwing the sys_set_groups error. Running on AIX 6.1 TL 6 SP 5. I have tried this on 3.5.8 and 3.6.0. Also AIX has made maximum number of groups per user a system parameter tunable between 128 and 2048 in AIX 7.1. If samba could find a way to accommodate this new parameter it would be great. Thanks, Josh Josh Peacock UNIX Administrator --- Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain privileged and confidential information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the
Re: [Samba] samba always expanding nested groups
I am having a problem with Samba still core dumping on AIX 6.1 when my AD user has 13 groups I am a member of. I have the following directives set winbind nested groups = no winbind expand groups = 0 With this configuration I thought that Samba wouldn't try to find all the groups that my original 13 groups are also members of, however samba continues to core dump on sys_setgroups. Am I missing something in the configuration or my understanding of the directives listed above? On AIX 7.1 changing the new tunable has shown to work flawlessly but IBM has said there is no plans to back port this tunable into AIX 6.1. I applied the following patch are recompiled with no help. >From 1958f6034916746363fcbfa504c84dc6a13be495 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 23 Feb 2011 17:09:58 +0100 Subject: [PATCH] s3: Respect "winbind nested groups" in wb_gettoken_gotgroups --- source3/winbindd/wb_gettoken.c |5 + 1 files changed, 5 insertions(+), 0 deletions(-) diff --git a/source3/winbindd/wb_gettoken.c b/source3/winbindd/wb_gettoken.c index f2fbe4c..27d8c9a 100644 --- a/source3/winbindd/wb_gettoken.c +++ b/source3/winbindd/wb_gettoken.c @@ -103,6 +103,11 @@ static void wb_gettoken_gotgroups(struct tevent_req *subreq) state->num_sids += 1; state->sids = sids; + if (!lp_winbind_nested_groups()) { + tevent_req_done(req); + return; + } + /* * Expand our domain's aliases */ -- 1.7.0.4 I also recompiled commenting out the panic when the number of groups exceeds NGROUPS_MAX (which is hard coded to 128 in AIX 6.1). Thanks -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Peacock,Josh Sent: Monday, October 03, 2011 11:55 AM To: samba@lists.samba.org Subject: [Samba] samba always expanding nested groups Volker was working with someone back in Feb on this issue and sent a patch to him but was wondering if that worked and if there was an official fix in the works. What is happening is even after setting "winbind expand groups = 0" the 13 groups currently assigned to my user are expanding into 220 groups. This also breaks smbd by causing a panic and throwing the sys_set_groups error. Running on AIX 6.1 TL 6 SP 5. I have tried this on 3.5.8 and 3.6.0. Also AIX has made maximum number of groups per user a system parameter tunable between 128 and 2048 in AIX 7.1. If samba could find a way to accommodate this new parameter it would be great. Thanks, Josh Josh Peacock UNIX Administrator --- Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain privileged and confidential information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba --- Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain privileged and confidential information. Any una
Re: [Samba] access denied problem
On Thu, Oct 06, 2011 at 09:34:09AM -0300, Damian Rodriguez Sanchez wrote: > > > I need to make available to everybody a samba share called > temp with total read and write permission. > > I have tried lots of different options, but my last > smb.conf file looks like this: > > [temp] > path = /mnt/fc9/temp > security = share > guest ok = yes > public = yes > writable = yes > force user = damian > > The global section only says: > > [global] > workgroups = grupo > > > I restart Samba and when I access temp from a Windows machine, > I can view its contents, create new files on it and modify > them. However, I cannot read or modify any of the files > already created there (directly on the Linux file server), by > any user. > > Directory temp belongs to root. I've changed its access > permissions up to 777 and still no way of opening or > modifying any of its contents that were created on Linux > (access denied), even if those files themselves have their > permissions changed to 777. > > Any hints? You'll need to post a log showing the ACCESS_DENIED errors you're getting. FYI. "security = share" is deprecated, please don't use it. There's nothing that it does that can't be done with normal user-level security. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Access denied on shares, why?
Hi! I've strange access problem. I'm migrating samba server from Suse to Ubuntu, and seems like it won't work like expected. All the time problem is that normal users without admin rights can't access shares. They can access their own home directories, but not common shares which are limited to some groups. Running samba 3.5.11. Below is output from few commands, config file and 2 snippets of logs as links (too big to include to this email). Logs are quite long, but with log level 2 there was nothing relevant, and loglevel 3 prints out a lots of log :-( If I have forgot to give some relevant information, don't hesitate to ask. All hints are welcome, I'me getting desperate with this. tavasti@mydomain:~$ smbclient //mydomainserver/asiakkaat -USome-User%passwd Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 3.5.11] tree connect failed: NT_STATUS_ACCESS_DENIED tavasti@mydomain:~$ id Some-User uid=1017(Some-User) gid=1001(staff) groups=1001(staff),1004(some),05(other) Log from this: http://tavasti.fi/~tavasti/misc/samba_2011-10-06_1.log pdbedit -Lv shows: --- Unix username:Some-User NT username: Account Flags:[U ] User SID: S-1-5-21-332992484-2805335912-4147396850-3034 Primary Group SID:S-1-5-21-332992484-2805335912-4147396850-513 Full Name:Some-User Surname Home Directory: HomeDir Drive: Logon Script: logon.bat Profile Path: Domain: MYDOMAIN Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Wed, 06 Feb 2036 17:06:39 EET Kickoff time: Wed, 06 Feb 2036 17:06:39 EET Password last set:Wed, 05 Oct 2011 16:13:14 EEST Password can change: Wed, 05 Oct 2011 16:13:14 EEST Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF --- root@mydomain:~# net -l groupmap list Domain Users SID : S-1-5-21-332992484-2805335912-4147396850-513 Unix gid : 50 Unix group: staff Group type: Domain Group Comment : Domain Unix group Domain Admins SID : S-1-5-21-332992484-2805335912-4147396850-3001 Unix gid : 1000 Unix group: ntadmins Group type: Domain Group Comment : Domain Unix group Tried to add user to group manually: root@mydomain:/var/log/samba_local# net rpc group addmem "Domain Users" Some-User Enter root's password: Could not add Some-User to Domain Users: NT_STATUS_ACCESS_DENIED Log from this: http://tavasti.fi/~tavasti/misc/samba_2011-10-06_2.log Config: -- [global] log level = 3 passwd chat = *New*password* %n\n *Retype*new*password* %n\n \ obey pam restrictions = yes socket options = TCP_NODELAY domain master = Yes time server = yes encrypt passwords = yes #passdb backend = smbpasswd passdb backend = tdbsam:/etc/samba_local/passdb.tdb logon home = passwd program = /usr/bin/passwd %u wins support = Yes unix extensions = no dns proxy = Yes oplocks = yes netbios name = mydomainserver cups options = raw server string = MYDOMAIN logon script = logon.bat ldap suffix = unix password sync = yes local master = Yes workgroup = MYDOMAIN logon path = os level = 65 security = user preferred master = Yes add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %u pam password change = yes domain logons = Yes admin users = root Mika tavasti [homes] browseable = No comment = Kotihakemistot writeable = yes valid users = %S,@staff,@root inherit acls = Yes create mode = 0660 directory mode = 0770 [profiles] browseable = No comment = Network Profiles Service path = %H read only = No create mask = 0600 directory mask = 0700 store dos attributes = Yes [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon browseable = no writable = no #share modes = no [yleiset] writeable = yes write list = @ntadmins,@staff path = /shares/Yleiset force directory mode = 2770 force group = staff force create mode = 0770 valid users = @ntadmins,@staff create mode = 0770 directory mode = 2770 -- -- M. Tavasti / tava...@tavasti.fi / +358-40-5078254 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Porting samba setup to backup server
I must set up a backup server for failover and have used tdbbackup to create backup files from the functioning primary server. I then copied the files to the backup server and used tdbbackup to restore all the databases, along with copying the smb.conf and other text files from /etc/samba. This does not seem to work and I was hoping someone could assist. Primary server is RHEL 5.4 with Samba 3.3.8-0.52.el5_5.2, and the backup server is also RHEL 5.4 but has Samba 3.5.4-0.83.el5_7.2 (different version as used yum install samba3x months apart and different versions were installed from the RedHat repository). Thanks for any help. Ken -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Force group syntax for multiple groups
On Thu, Oct 6, 2011 at 11:13 AM, Le, Anh wrote: > Hi All, > > What is the syntax of option "force group" for multiple groups? Is there any > one can help me on this? I really appreciate it. I want to give the > permission the shared directory to multiple groups but I don't know what is > its syntax. > > I already tried "force group = group1, group2, group3" but it did not work. > this isn't for user group coaxing, it's for plain old POSIX primary permissions. there can only be one primary group. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Force group syntax for multiple groups
Hi All, What is the syntax of option "force group" for multiple groups? Is there any one can help me on this? I really appreciate it. I want to give the permission the shared directory to multiple groups but I don't know what is its syntax. I already tried "force group = group1, group2, group3" but it did not work. Thanks Anh. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Subversion working copy via Samba
Hello, I don't know is this a Samba or Subversion (or my faulty config) related issue so I'll start here. I'd like to clarify that the need to have just one working copy (and not one per user on his/her local disk) is vital here. My situation: - CentOS6, - Active Directory-enabled environment - Server is connected to AD, users are synced up - All users are in AD group "Production" which is available as a local group on the server via Winbind - There's a /data/html on an ACL-enabled EXT3 volume, ACL entry: # file: data/html # owner: root # group: production # flags: -s- user::rwx group::rwx other::r-x default:user::rwx default:group::rwx default:other::r-x Samba: [html] # stop SVN working copies from going belly-up delete readonly = yes path = /data/html read only = No browseable = Yes force group = production valid users = @production force create mode = 0664 force directory mode = 0775 inherit acls = Yes Target: - check out a working copy to this directory - allow only members of @Production to access it - allow various Subversion clients to be used via Samba on the working copy - allow for using SVN directly on the server (not via Samba, MUCH faster for large operations like checkout) without the need to fix permissions afterward (seamlessly) Now, I get most of it done: - I login via SSH and do a checkout - access the share via Samba (Linux, Fedora 14), it works - can commit/update/delete on either side, no issues But, as soon as my co-worker on Win7/TortoiseSVN deleted a file (via Samba), he gets (Q:\ points to this share): Commit succeeded, but other errors follow: Error bumping revisions post-commit (details follow): In directory 'Q:\webs\\trunk\images' Error processing command 'committed' in 'Q:\webs\\trunk\images' Can't set file 'Q:\webs\\trunk\images\.svn\prop-base\avatar_small.png.svn-base' read-write: Access is denied. and from then on, the working copy is so badly damaged (locked, missing files/directories), etc. that I haven't found a way to fix it. Examining the permissions on the file in question, it seems Subversion sets the access mode to r--r--r-- as to avoid tampering (?) and the Windows client isn't able to change it. The other reason might be that one user is changing the file another user owns, but they're in the same group. So, my question is: is there anybody out there who has a similar setup which in fact runs OK? Also, am I missing something obvious here (except for the weird SVN usage pattern)? Thanks, -- Dado -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [mount.cifs] Mapping Windows ACLs SIDs to POSIX ACL ?
On Thu, Oct 6, 2011 at 4:40 AM, Xavier Roche wrote: > Hi folks, > > This may sound like a really stupid question, but I could not find any way > to somehow map remote Windows ACLs into POSIX ACLs (mapping users and group > SIDs to Unix mapped ids) when mounting a remote share (mount.cifs) on a > Linux box. > > Is is something not currently implemented ? The smbcacls tool can show the > actual ACLs remotely, but this information is not exposed to the mounted > filesystem apparently. The acl feature of the client seem to be an extension > to CIFS allowing to handle POSIX ACLs, not something allowing a mapping. > > Any insightful remark or documentation would be welcome! > > [ Note: the only potential issue when mapping would be related to deny ACLs > (AceType == ACCESS_DENIED_ACE_TYPE) ; something which is not mappable to > POSIX ACL. ] > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > , Currently cifs client maps DACL to Linux permission model but not to POSIX ACL model. You will need a kernel built with cifs_cifsacl config option (because it is still maexperimental) and current cifs-utils package. The manpages in that cifs-utils package will have info on how to use mount option cifsacl and how to setup id mapping (using winbind). The current cifs-utils package has two binaries, getcifsacl and setcifsacl, modeled after smbcacls. Hope that helps. You may direct any further questions/concerns to linux-c...@vger.kernel.org mailing list. Regards, Shirish -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] access denied problem
I need to make available to everybody a samba share called temp with total read and write permission. I have tried lots of different options, but my last smb.conf file looks like this: [temp] path = /mnt/fc9/temp security = share guest ok = yes public = yes writable = yes force user = damian The global section only says: [global] workgroups = grupo I restart Samba and when I access temp from a Windows machine, I can view its contents, create new files on it and modify them. However, I cannot read or modify any of the files already created there (directly on the Linux file server), by any user. Directory temp belongs to root. I've changed its access permissions up to 777 and still no way of opening or modifying any of its contents that were created on Linux (access denied), even if those files themselves have their permissions changed to 777. Any hints? Damián. - Visite nosso site: www.itautec.com Siga nosso perfil: www.twitter.com/itautec Curta nossa página: www.facebook.com/itautec Curta nosso canal: www.youtube.com/itautec - 0 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [mount.cifs] Mapping Windows ACLs SIDs to POSIX ACL ?
Hi folks, This may sound like a really stupid question, but I could not find any way to somehow map remote Windows ACLs into POSIX ACLs (mapping users and group SIDs to Unix mapped ids) when mounting a remote share (mount.cifs) on a Linux box. Is is something not currently implemented ? The smbcacls tool can show the actual ACLs remotely, but this information is not exposed to the mounted filesystem apparently. The acl feature of the client seem to be an extension to CIFS allowing to handle POSIX ACLs, not something allowing a mapping. Any insightful remark or documentation would be welcome! [ Note: the only potential issue when mapping would be related to deny ACLs (AceType == ACCESS_DENIED_ACE_TYPE) ; something which is not mappable to POSIX ACL. ] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] issue with tesparam
On 10:57:22 wrote Moray Henderson: > The example testparm command you give works for me on CentOS 5.2 with > samba3-3.4.9-42.el5 and on CentOS 5.6 with samba3-3.5.11-44.el5. > Build the command up slowly and try to identify where it is failing: > > # testparm -s # Do you get any output? > # testparm --section-name=global -s # Do you get the right > section? Yes > # testparm --section-name=global -s | grep ALIX # Does grep work? Yes I have some other bugs/issues found with the Debian Samba packages :-( . In backports is a 3.5.11 package. So I will try this. If it has the same problems I compile my own one and go with upstream in the future. > Moray. > "To err is human; to purr, feline." -- Regars Harry Jede -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] issue with tesparam
> From: Harry Jede [mailto:walk2...@arcor.de] > Sent: 04 October 2011 23:06 > > OS: Debian squeeze > Samba: 3.5.6 > > # testparm --section-name=global -s 2>&1|grep ALIX > returns nothing > > # grep ALIX /etc/samba/smb.conf > netbios name = ALIX > works The example testparm command you give works for me on CentOS 5.2 with samba3-3.4.9-42.el5 and on CentOS 5.6 with samba3-3.5.11-44.el5. Build the command up slowly and try to identify where it is failing: # testparm -s # Do you get any output? # testparm --section-name=global -s # Do you get the right section? # testparm --section-name=global -s | grep ALIX # Does grep work? Moray. "To err is human; to purr, feline." -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba