Re: [Samba] VFS objects - how to migrate/move file_ntacls.tdb
Hi! Many thanks for help. Regarding to how many ACLs can be stored in acl_tdb and acl_xattr, I can save on XFS only 22 entries plus CREATOR GROUP, CREATOR OWNER and EVERYONE. Seems it is about 25 entries for one directory/file. Is it correct or I missed something? Cheers! /Adrian Berlin Dnia 16 listopada 2011 0:08 Jonathan Buzzard napisał(a): > Jeremy Allison wrote: > > On Mon, Nov 14, 2011 at 02:12:35PM +0100, adrian.berlin wrote: > >> Hi! > >> Does anyone know how to move/migrate ACLs from file_ntacls.tdb to another > >> machine? > >> I tried manually copy file_ntacls.tdb and restart samba but it doesn't > >> work. > >> Also I tried to dump and restore tdb file using tdbdump and tdbrestore > >> without success. > > > > That's not going to work as the ACL data is indexed by dev/ino pairs > > in the tdb, and on the new machine they will be different. > > > > You'll need to use a backup tool that copies the ACLs as you > > copy the data. > > Once you are into using ACL' best method to transfer the files from one > server to another is to take a Windows machine map the drive on both > servers and use robocopy or similar tool that will preserve permissions > while doing a file synchronization. > > Robocopy from Vista or Win7 is better as you can use > > ROBOCOPY /MIR /SEC /SECFIX > > The last option fixes the security on existing files in the target, and > appeared in Vista. > > I would note that files_ntacls.tdb is not really suitable for a > production file server, unless you are going to back it up from a client > machine that is. The reason being a restore is going to leave you > without your ACL's and no way to ever recover it because the inodes of > the files will almost certainly be different. Much more sensible to > store it in xattr's if you ask me, at least that way you have a fighting > chance of getting the ACL's back. You can also fiddle with the files > server side without messing up your file_ntacls.tdb database. > > Better yet use a file system that does NFSv4 ACL's and a suitable VFS > module :-) > > > JAB. > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] I can browse but can't modify or create files
From: "Steve Swanekamp" Date: Tue, 15 Nov 2011 14:11:51 -0500 > Hello, > I am having trouble getting my samba share to work properly. We are running > CentOS and the samba version is > > samba.x86_643.0.33-3.29.el5_7.4 > > The problem that I am having is that I can see all the shares and > browse the directories but I can not create or modify files. (snip) > valid users = @"PPOWER/domain users" > read list = @"PPOWER/domain users" > write list = @"PPOWER/domain users" "read list" means "read only users' list". "write list" means "read and write users' list". To remove "read list" line would solve your problem... --- TAKAHASHI Motonobu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] VFS objects - how to migrate/move file_ntacls.tdb
Jeremy Allison wrote: On Mon, Nov 14, 2011 at 02:12:35PM +0100, adrian.berlin wrote: Hi! Does anyone know how to move/migrate ACLs from file_ntacls.tdb to another machine? I tried manually copy file_ntacls.tdb and restart samba but it doesn't work. Also I tried to dump and restore tdb file using tdbdump and tdbrestore without success. That's not going to work as the ACL data is indexed by dev/ino pairs in the tdb, and on the new machine they will be different. You'll need to use a backup tool that copies the ACLs as you copy the data. Once you are into using ACL' best method to transfer the files from one server to another is to take a Windows machine map the drive on both servers and use robocopy or similar tool that will preserve permissions while doing a file synchronization. Robocopy from Vista or Win7 is better as you can use ROBOCOPY /MIR /SEC /SECFIX The last option fixes the security on existing files in the target, and appeared in Vista. I would note that files_ntacls.tdb is not really suitable for a production file server, unless you are going to back it up from a client machine that is. The reason being a restore is going to leave you without your ACL's and no way to ever recover it because the inodes of the files will almost certainly be different. Much more sensible to store it in xattr's if you ask me, at least that way you have a fighting chance of getting the ACL's back. You can also fiddle with the files server side without messing up your file_ntacls.tdb database. Better yet use a file system that does NFSv4 ACL's and a suitable VFS module :-) JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with kerberos method attribut
If you must stick with using Samba 3.0.x, try "use kerberos keytab = yes" in your smb.conf file. Also make sure that you define the location of your Kerberos keytab in your krb5.conf file as "default_keytab_name = /etc/krb5.keytab". Andrew -Original Message- From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of djamel boussebha Sent: Tuesday, November 15, 2011 4:54 AM To: samba@lists.samba.org; foedi...@eva.mpg.de Subject: Re: [Samba] Problem with kerberos method attribut Hi; I works with a big campagny and I cannot update the samba version on linux Suse : its very complex and require to respect a qualification process. It exists another means to resolve this problem ? --- En date de : Sam 12.11.11, TAKAHASHI Motonobu a écrit : De: TAKAHASHI Motonobu Objet: Re: [Samba] Problem with kerberos method attribut À: dbousse...@yahoo.fr Cc: samba@lists.samba.org Date: Samedi 12 novembre 2011, 8h09 From: djamel boussebha Date: Thu, 10 Nov 2011 15:25:38 + (GMT) > I would like to use a samba configuration with : > > dedicated keytab file = /etc/krb5.keytab kerberos method = system > keytab security = ADS > > But when I test the configuration (testparm) I have the following error msg : > > Load smb config files from /etc/samba/smb.conf Unknown parameter > encountered: "dedicated keytab file" > Ignoring unknown parameter "dedicated keytab file" > Unknown parameter encountered: "kerberos method" > Ignoring unknown parameter "kerberos method" > > I works on OpenSuse Linux version 10 and a samba version 3.0.36-0.5.5. > Q : how resolve this problem ? Both "kerberos method" and "dedicated keytab file" are introduced at Samba 3.4.0. You use too old version. --- TAKAHASHI Motonobu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba errors
On Tue, Nov 15, 2011 at 10:42:50AM -0500, keith.stev...@fms.treas.gov wrote: > > Hello, > > > I saw that as well and no that isn't the real address. Everything is correct > except the last octet. I was wondering why it is doing that. Well Samba is auto-detecting the address based on API calls into AIX. So you need to discover why they are returning incorrect values, or force it using the "interfaces =" smb.conf parameter. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] I can browse but can't modify or create files
Hello, I am having trouble getting my samba share to work properly. We are running CentOS and the samba version is samba.x86_643.0.33-3.29.el5_7.4 The problem that I am having is that I can see all the shares and browse the directories but I can not create or modify files. Whenever I try to create or modify a file I get an "Access Denied" pop-up window. This is true wether I start from the Windows or Linux boxes. Below you will find the global section from my smb.conf. Steve smb.conf [global] #--authconfig--start-line-- # Generated by authconfig on 2011/10/20 11:11:09 # DO NOT EDIT THIS SECTION (delimited by --start-line--/--end-line--) # Any modification may be deleted or altered by authconfig in future workgroup = ppower password server = 132.250.142.156 realm = PPOWER.NRL.NAVY.MIL security = ads idmap uid = 1000-6 idmap gid = 1000-6 winbind separator = / template homedir = /export/home/%U template shell = /bin/bash winbind use default domain = Yes ; winbind offline logon = no #--authconfig--end-line-- #computer ; netbios name = ppdcollective server string = "The Collective" #main settings ; idmap domains = PPOWER ; idmap config PPOWER:backend = rid ; idmap config PPOWER:base_rid = 0 ; idmap config PPOWER:range= 2 - 4 idmap config PPOWER:backend = rid idmap config PPOWER:range = 1-6 idmap config BUILTIN:backend = rid idmap config BUILTIN:range = 1000- #templates #winbind winbind enum users = yes winbind enum groups = yes ; wins support = no #logons ; client use spnego = yes ; encrypt passwords = yes ; guest account = nobody ; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24 hosts allow = 132.250.0.0/255.0.0.0 127.0.0.1 hosts deny = 0.0.0.0/0.0.0.0 obey pam restrictions = yes pam password change = yes #misc ; username map = /etc/samba/smbusers ; socket options = TCP_noDELAY SO_RCVBUF = 8192 SO_SNDBUF=8192 #domain #say yes to local master because there is no DC on this subnet ; domain master = no ; local master = yes ; os level = 33 ; dns proxy = no #logs log file = /var/log/samba/samba.log # max 50KB per log file, then rotate max log size = 50 # --- Printing Options - # # Load Printers let you load automatically the list of printers rather # than setting them up individually # # Cups Options let you pass the cups libs custom options, setting it to raw # for example will let you use drivers on your Windows clients # # Printcap Name let you specify an alternative printcap file # # You can choose a non default printing system using the Printing option ; load printers = yes ; cups options = raw ; printcap name = /etc/printcap ; #obtain list of printers automatically on SystemV ; printcap name = lpstat ; printing = cups # --- Filesystem Options --- # # The following options can be uncommented if the filesystem supports # Extended Attributes and they are enabled (usually by the mount option # user_xattr). Thess options will let the admin store the DOS attributes # in an EA and make samba not mess with the permission bits. # # Note: these options can also be set just per share, setting them in global # makes them the default for all shares ; map archive = no ; map hidden = no map read only = no ; map system = no ; guest ok = no ; store dos attributes = yes # Share Definitions == valid users = @"PPOWER/domain users" read list = @"PPOWER/domain users" write list = @"PPOWER/domain users" username map = /etc/samba/smbusers -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] ham, Slow login to Samba domain
On 11/15/2011 5:10 AM, Dermot wrote: Hi, I have noticed that the Windows 7 machines that I have recently installed and joined to our domain take about 40 seconds on average to go from sign in to the desktop displaying. I can't find any explanation for the delay. When the machine are in a work group they login very quickly and the XP machines login at a normal rate. I have searched and not found any articles that are relevant. Does anyone else experience this? Does anyone have any tips on how to work out what Windows 7 is doing during this time? Thanks in advance, Dermot Dermot, See if Marc Cain's solution in the link below can help you. It worked for me. http://lists.samba.org/archive/samba/2010-February/153585.html Dale -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] VFS objects - how to migrate/move file_ntacls.tdb
I suppose this number is subject to both file system and Samba vfs object, whichever comes first to its limit. -David 2011/11/15 adrian.berlin > Many thanks for response. > Do you recommend any good tool to backup ACLs? > > I have another question about how many ACLs can be stored in acl_xattr and > acl_tdb for one directory/file? > > Cheers! > Adrian Berlin > > > Dnia 14 listopada 2011 20:17 Jeremy Allison napisał(a): > > > On Mon, Nov 14, 2011 at 02:12:35PM +0100, adrian.berlin wrote: > > > Hi! > > > Does anyone know how to move/migrate ACLs from file_ntacls.tdb to > another machine? > > > I tried manually copy file_ntacls.tdb and restart samba but it doesn't > work. > > > Also I tried to dump and restore tdb file using tdbdump and tdbrestore > without success. > > > > That's not going to work as the ACL data is indexed by dev/ino pairs > > in the tdb, and on the new machine they will be different. > > > > You'll need to use a backup tool that copies the ACLs as you > > copy the data. > > > > Jeremy. > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SAMBA4 user password field / objectSid
> Hello, > > In order to migrate from samba3 to samba4, i've to know where passwords > are stored in the ldap base. > > I've to know how to see clear objectSids and how to change them too. > You should install phpldapadmin with this configuration file /usr/local/samba/private/phpldapadmin-config.php so you can see everything you want. Felix. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] SAMBA4 user password field / objectSid
Hello, In order to migrate from samba3 to samba4, i've to know where passwords are stored in the ldap base. I've to know how to see clear objectSids and how to change them too. Any help would be appreciate. Thanks -- Hervé Hénoch Responsable informatique Institut Sainte Catherine 1750, chemin du Lavarin, 84000 Avignon Téléphone : 04.90.27.57.44 Messagerie : h.hen...@isc84.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with kerberos method attribut
Hi; I works with a big campagny and I cannot update the samba version on linux Suse : its very complex and require to respect a qualification process. It exists another means to resolve this problem ? --- En date de : Sam 12.11.11, TAKAHASHI Motonobu a écrit : De: TAKAHASHI Motonobu Objet: Re: [Samba] Problem with kerberos method attribut À: dbousse...@yahoo.fr Cc: samba@lists.samba.org Date: Samedi 12 novembre 2011, 8h09 From: djamel boussebha Date: Thu, 10 Nov 2011 15:25:38 + (GMT) > I would like to use a samba configuration with : > > dedicated keytab file = /etc/krb5.keytab > kerberos method = system keytab > security = ADS > > But when I test the configuration (testparm) I have the following error msg : > > Load smb config files from /etc/samba/smb.conf > Unknown parameter encountered: "dedicated keytab file" > Ignoring unknown parameter "dedicated keytab file" > Unknown parameter encountered: "kerberos method" > Ignoring unknown parameter "kerberos method" > > I works on OpenSuse Linux version 10 and a samba version 3.0.36-0.5.5. > Q : how resolve this problem ? Both "kerberos method" and "dedicated keytab file" are introduced at Samba 3.4.0. You use too old version. --- TAKAHASHI Motonobu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Slow login to Samba domain
Hi, I have noticed that the Windows 7 machines that I have recently installed and joined to our domain take about 40 seconds on average to go from sign in to the desktop displaying. I can't find any explanation for the delay. When the machine are in a work group they login very quickly and the XP machines login at a normal rate. I have searched and not found any articles that are relevant. Does anyone else experience this? Does anyone have any tips on how to work out what Windows 7 is doing during this time? Thanks in advance, Dermot -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba