Re: [Samba] New to Samba 4

[TMason]

"Fernando"  wrote in message news:51408060.1040...@netkeep.com.br...

Hi list, it's my first post here, and I have a basic question, but
couldn't find a good explanation out there It's about users folders,
or the [homes] section in Samba 3.X. I believe that the users now stay
inside the AD, and they're not unix users anymore, so, how can I
implement the users folders now, if there is no users folders on the
host system

Thanks!




You mean like a default location when they log into a Unix host, or a folder 
for when a person browses from the network.


If the former, check out the "templates homedir" option. Mine is configured 
like so:


template homedir = /home/%D/%U
template shell = /bin/bash

If the latter, this is how I configured mine, which works well in 
conjunction with what I wrote above:


[homes]
  comment = Home Directories
  browseable = no
  writable = yes

TMason 



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba 4 disabled users

[TMason]

"Kristofer"  wrote in message 
news:1904391917.22173.1363356606822.javamail.r...@cybernetik.net...


Hello,

With Samba 4 Active Directory, how can I determine from the command-line 
(wbinfo, samba-tool, etc.) whether or not a user is disabled?


Thanks,
Kris




You'd probably need to write a script to check the "userAccountControl" 
property via an ldap query.


TMason 



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] There are no currently logon servers available when mappingwith "net use"

[TMason]

"Marcio Oli"  wrote in message 
news:CANpJy9WD=CLxbB=BQhgS==1mt-rktxt0hvmi6muymz5rkxm...@mail.gmail.com...


Hi people, I have a problem and I need so much of your help.

I have a login script in \\server1\netlogon\script.bat (on my PDC and BDC)
that runs "net use" commands to map some shares in time of the logon.
This login tries to map share in another server (samba member of domain
\\server2).

So, I put the result at a log and appears these lines:
"
System error 1311 has occurred.
There are currently no logon servers available to service the logon request.
"

This is a recurrent problem, but neither always this happens. Sometimes,
everything is wonderful and works very well mapping all shares, but is
unstable.




Windows clients have this problem regardless of the type of PDC/BDC you have 
(Windows or Samba). The problem is that Windows is generally ready to let 
people log in before all of the network services are ready and as such 
people can't log in.


Are your servers on static IPs? Also, what kind of DNS/DHCP server do you 
have?


This will help in troubleshooting.

TMason



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] There are no currently logon servers available when mapping with "net use"

[Marcio Oli]

Hi people, I have a problem and I need so much of your help.

I have a login script in \\server1\netlogon\script.bat (on my PDC and BDC)
that runs "net use" commands to map some shares in time of the logon.
This login tries to map share in another server (samba member of domain
\\server2).

So, I put the result at a log and appears these lines:
"
System error 1311 has occurred.
There are currently no logon servers available to service the logon request.
"

This is a recurrent problem, but neither always this happens. Sometimes,
everything is wonderful and works very well mapping all shares, but is
unstable.


Follow my confs:


My pdc's smb.conf (Local IP: 10.0.0.224):
"
[global]
dos charset = 850
unix charset = ISO8859-1
workgroup = MyDomain
netbios name = pdc-name
server string = PDC Sede 2 Dominio
security = user
smb ports = 139 445
name resolve order = lmhosts wins host bcast
map to guest = Bad User
passdb backend = ldapsam:ldap://ldap.server.br
unix password sync = No
log level = 1
syslog = 1
log file = /var/log/samba/log.%U
max log size = 2
time server = Yes
deadtime = 10
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
"%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
rename user script = /usr/sbin/smbldap-usermod -r "%unew" "%uold"
logon script = %G-sede2.bat
logon path =
logon home =
logon drive =
os level = 255
domain logons = Yes
preferred master = Yes
domain master = Yes
local master = Yes
wins support = Yes
dns proxy = yes
ldap admin dn = cn=root
ldap group suffix = ou=grupos
ldap machine suffix = ou=computadores
ldap suffix = O=MPT,C=BR
ldap ssl = no
ldap user suffix = ou=usuarios
create mask = 0640
directory mask = 0750
nt acl support = No
case sensitive = No
dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
# Habilitar Auditoria:
vfs objects = full_audit
#full_audit:success = open, opendir, write, unlink, rename, mkdir,
rmdir, chmod, chown
full_audit:success = open, write, unlink, rename, mkdir, rmdir,
chmod, chown
full_audit:prefix = %u|%I|%S
full_audit:failure = none
full_audit:facility = local5
full_audit:priority = notice

[netlogon]
path = /home/netlogon/
browseable = No
writeable = Yes
admin users = @"MyDomain\netlogon"
"

My bdc's smb.conf (Local IP: 10.0.0.225):
"
[global]
dos charset = 850
unix charset = ISO8859-1
workgroup = MyDomain
netbios name = bdc-sede2
server string = BDC Sede 2 Dominio
security = user
smb ports = 139 445
name resolve order = lmhosts wins host bcast
map to guest = Bad User
passdb backend = ldapsam:ldap://ldap.sever.br
unix password sync = No
log level = 1
syslog = 1
log file = /var/log/samba/log.%U
max log size = 2
time server = Yes
deadtime = 10
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u"
"%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
rename user script = /usr/sbin/smbldap-usermod -r "%unew" "%uold"
logon script = %G-sede2.bat
logon path =
logon home =
logon drive =
os level = 253
domain logons = Yes
domain master = No
local master = No
wins support = no
wins server = 10.0.0.224
dns proxy = no
ldap admin dn = cn=root
ldap group suffix = ou=grupos
ldap machine suffix = ou=computadores
ldap suffix = O=MPT,C=BR
ldap ssl = no
ldap user suffix = ou=usuarios
create mask = 0640
directory mask = 0750
nt acl support = No
 

[Samba] Samba (3.6.12) - Different Home Directories for Different Users

[TMason]

Hello,

I am using Samba (3.6.12) with Gentoo Linux (Kernel Version 3.7.10) and I 
have a system integrated with Active Directory (the Microsoft Windows 
servers are running 2008 Enterprise Edition, Release 2). All is well on that 
front (I can log in, directories are created, etc.)


What I would like to do now is have different /etc/skel directories for 
different groups. So, for example, if someone from the Finance department 
logs in one set of default settings are copied for that person but if 
someone from sales logs in another set of default settings are copied over 
for that user.


How can I do this with Samba/Linux? Thank you for your time. 



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] smbstatus after upgrade from 3.5 to 3.6

[Hilko Meyer]

Hi,
recently I updated my samba from 3.5.19 to 3.6.12. After that smbstatus only
shows the 'Locked files' section if run as root.

I found a bug report related to my problem, but there is no answer:
https://bugzilla.samba.org/show_bug.cgi?id=9432

Was the change intentional and/or is it possible to restore the old behaviour?

regards,
Hilko
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Migrating Win2000 PDC to Samba4 AD

[Thomas Simmons]

On Fri, Mar 15, 2013 at 1:18 PM, Lukas Gradl  wrote:

>
> Zitat von fe...@epepm.cupet.cu:
>
>
>  Hi!
>>>
>>> We want to replace an old Win2000 Server (PDC). As we've already some
>>> Samba4 AD-Controllers up and running we would like to migrate to that
>>> setup.
>>>
>>> Unfortunatly we're not really good at Windows-Stuff - our main Focus
>>> ist Linux.
>>>
>>> So perhaps someone could point as to a good (and ideally painless :-))
>>> way to migrate.
>>>
>>> So the current setup is:
>>> A single Win2000 PDC used mainly as File- and Printserver on some
>>> ancient Hardware. Clients run WinXP and Win7.
>>>
>>> What we want to achieve:
>>> A Samba4 AD server offering File- and Printservices on new Hardware.
>>> (Later on we add another Samba4 Server in the same AD which we've
>>> already done on another Installation, so no problem here)
>>>
>>> What we consider as possibly helpful things we have available: A
>>> Windows 2003 License and a Win2008R2 License which is currently unused.
>>> All new hardware is virtualized, so it's no problem to setup some
>>> additional server as intermediate step if necessary.
>>>
>>>
>>>
>>> So, any Windows-Guru available that can help us with that task and
>>> without having to recreate the whole Windows domain with all it's
>>> users and rejoining and reconfiguring all client-PCs?
>>>
>>>
>> I think this is what you're looking for:
>>
>> https://wiki.samba.org/index.**php/Samba4/HOWTO/Join_a_**domain_as_a_DC
>>
>> Felix.
>>
>>
> Felix,
>
> Thanks for your response. This is for joining to an existing
> AD-Controller. Does this work for Win2000 as well? As I said - we're not
> really good at Windows stuff and thought Win2000 is not Active Directory
> but the old PDC/BDC scheme.
>
> The Server shows "The Computer is a Domain-Controller" when checking in My
> Computer/Properties/Network.
> Does that mean this is an AD-Controller?
>
> Regards
> Lukas
>
> Yes, W2K is AD. Unless there is something I'm not aware of, the process
should be the same as 2K3 or any other Window Server. Join the S4 server as
a DC then copy your sysvol share and FSMO roles to the S4 server.

>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  
> https://lists.samba.org/**mailman/options/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] "Samba 4" - "smbd"; "can't parse the PAC: NT_STATUS_BUFFER_TOO_SMALL" error but only for a single domain user ("Server 2008 R2" domain, "Server 2008" functional level forest).

[Tris Mabbs]

>>  So it seems that with these changes, "kerberos_decode_pac()" is never 
>> entered with "client_principal" anything other than a NULL pointer.
>> 
>> So I'm (very) happy that these changes fix my problem.  However it 
>> does seem a little curious that "client_principal" now never appears 
>> to be set - I don't know whether that's expected behaviour?
>
> It isn't, we need to look into that some more. 

More than happy to - let me know what you want put where and it'll be 
done.

Meanwhile, having cleared them out recently, I currently have ~3,600 
PAC dumps, not a single one with the Kerberos principal in the name (every 
one's a PID based name).

On the plus side, still nary a core dump:

--->Cut here:
# find /var/samba4/log/cores/ -type f
#
<---Cut here.

> Does the ndrdump run you did before now pass fine?

Yes, runs perfectly:

--->Cut here:
% /var/tmp/samba/samba-master/samba-gd/bin/ndrdump krb5pacdecode_pac in 
PAC-NDR-1819
pull returned NT_STATUS_OK
decode_pac: struct decode_pac
in: struct decode_pac
pac: struct PAC_DATA
num_buffers  : 0x0005 (5)
version  : 0x (0)
buffers: ARRAY(5)
buffers: struct PAC_BUFFER
type : PAC_TYPE_LOGON_INFO (1)
_ndr_size: 0x0248 (584)
info : *
info : union PAC_INFO(case 1)
logon_info: struct PAC_LOGON_INFO_CTR

...

buffers: struct PAC_BUFFER
type : PAC_TYPE_KDC_CHECKSUM (7)
_ndr_size: 0x0014 (20)
info : *
info : union PAC_INFO(case 7)
kdc_cksum: struct PAC_SIGNATURE_DATA
type : KERB_CHECKSUM_HMAC_MD
5 (0xFF76)
signature: DATA_BLOB length=16
[] 3B 96 CC BB BB 9D E4 57   13 C9 6D 1C 65 A0 B1 1B   ;..W ..m.e...
RODCIdentifier   : 0x (0)
_pad : 0x (0)
dump OK
%
<--- Cut here.

Large amounts of data, all looking absolutely fine.

So definite progress ...

Many thanks, regards, and have a great weekend everyone,

Tris.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Migrating Win2000 PDC to Samba4 AD

[Lukas Gradl]

Zitat von fe...@epepm.cupet.cu:


Hi!

We want to replace an old Win2000 Server (PDC). As we've already some
Samba4 AD-Controllers up and running we would like to migrate to that
setup.

Unfortunatly we're not really good at Windows-Stuff - our main Focus
ist Linux.

So perhaps someone could point as to a good (and ideally painless :-))
way to migrate.

So the current setup is:
A single Win2000 PDC used mainly as File- and Printserver on some
ancient Hardware. Clients run WinXP and Win7.

What we want to achieve:
A Samba4 AD server offering File- and Printservices on new Hardware.
(Later on we add another Samba4 Server in the same AD which we've
already done on another Installation, so no problem here)

What we consider as possibly helpful things we have available: A
Windows 2003 License and a Win2008R2 License which is currently unused.
All new hardware is virtualized, so it's no problem to setup some
additional server as intermediate step if necessary.



So, any Windows-Guru available that can help us with that task and
without having to recreate the whole Windows domain with all it's
users and rejoining and reconfiguring all client-PCs?



I think this is what you're looking for:

https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC

Felix.



Felix,

Thanks for your response. This is for joining to an existing  
AD-Controller. Does this work for Win2000 as well? As I said - we're  
not really good at Windows stuff and thought Win2000 is not Active  
Directory but the old PDC/BDC scheme.


The Server shows "The Computer is a Domain-Controller" when checking  
in My Computer/Properties/Network.

Does that mean this is an AD-Controller?

Regards
Lukas



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Kerberos MS PAC info dump

[Markus Moeller]

Hi,

 Does Samba have a tool which can list the MS PAC content of a Kerberos 
cache ?


Thank you
Markus 



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Migrating Win2000 PDC to Samba4 AD

[felix]

> Hi!
>
> We want to replace an old Win2000 Server (PDC). As we've already some
> Samba4 AD-Controllers up and running we would like to migrate to that
> setup.
>
> Unfortunatly we're not really good at Windows-Stuff - our main Focus
> ist Linux.
>
> So perhaps someone could point as to a good (and ideally painless :-))
> way to migrate.
>
> So the current setup is:
> A single Win2000 PDC used mainly as File- and Printserver on some
> ancient Hardware. Clients run WinXP and Win7.
>
> What we want to achieve:
> A Samba4 AD server offering File- and Printservices on new Hardware.
> (Later on we add another Samba4 Server in the same AD which we've
> already done on another Installation, so no problem here)
>
> What we consider as possibly helpful things we have available: A
> Windows 2003 License and a Win2008R2 License which is currently unused.
> All new hardware is virtualized, so it's no problem to setup some
> additional server as intermediate step if necessary.
>
>
>
> So, any Windows-Guru available that can help us with that task and
> without having to recreate the whole Windows domain with all it's
> users and rejoining and reconfiguring all client-PCs?
>

I think this is what you're looking for:

https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC

Felix.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Migrating Win2000 PDC to Samba4 AD

[Lukas Gradl]

Hi!

We want to replace an old Win2000 Server (PDC). As we've already some  
Samba4 AD-Controllers up and running we would like to migrate to that  
setup.


Unfortunatly we're not really good at Windows-Stuff - our main Focus  
ist Linux.


So perhaps someone could point as to a good (and ideally painless :-))  
way to migrate.


So the current setup is:
A single Win2000 PDC used mainly as File- and Printserver on some  
ancient Hardware. Clients run WinXP and Win7.


What we want to achieve:
A Samba4 AD server offering File- and Printservices on new Hardware.  
(Later on we add another Samba4 Server in the same AD which we've  
already done on another Installation, so no problem here)


What we consider as possibly helpful things we have available: A  
Windows 2003 License and a Win2008R2 License which is currently unused.
All new hardware is virtualized, so it's no problem to setup some  
additional server as intermediate step if necessary.




So, any Windows-Guru available that can help us with that task and  
without having to recreate the whole Windows domain with all it's  
users and rejoining and reconfiguring all client-PCs?


regards
Lukas


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Samba panics frequently after being configured for AD authentication

[Chris Kukuchka]

On Mar 14, 2013, at 3:57 AM, Volker Lendecke wrote:

> On Wed, Mar 13, 2013 at 02:13:47PM -0600, Chris Kukuchka wrote:
>> Hello,
>> 
>> I had just completed reconfiguring Samba so it would
>> authenticate against Active Directory.  After user side
>> testing seemed successful, I found the log directory on
>> the server was growing quickly and abrtd emails were being
>> sent out.  Unfortunately, I have been unable to track down
>> the cause for these panics and I am looking for help.
> 
> If you happen to have one of the core files left, can you
> get us a full backtrace ("bt full" in gdb) with symbols, so
> that we can see the line numbers and local variables? You
> might have to install debuginfo RPMs for Samba.

Thank you so much for your reply.  I apologize for not posting back sooner, but 
I wanted to be certain what I was seeing.

After making my configuration change, Samba was panicking several times a 
minute.  To prevent filling up the filesystem, I turned off core dumps and 
removed all the core files.  This panics continued from Mar 13 13:21 to  Mar 14 
06:03 and then stopped completed.  At this time (Mar 15 11:16), no further 
panics have happened.

Luckily, sosreport kept a couple core dump files.  Here is the requested 
backtrace:

Core was generated by `smbd -D'.
Program terminated with signal 6, Aborted.
#0  0x7f02396648a5 in raise (sig=6) at 
../nptl/sysdeps/unix/sysv/linux/raise.c:64
64return INLINE_SYSCALL (tgkill, 3, pid, selftid, sig);
(gdb) bt
#0  0x7f02396648a5 in raise (sig=6) at 
../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x7f0239666085 in abort () at abort.c:92
#2  0x7f023cce2e31 in dump_core () at lib/fault.c:391
#3  0x7f023ccf2869 in smb_panic (why=) at 
lib/util.c:1133
#4  0x7f023cce32b4 in fault_report (sig=11) at lib/fault.c:53
#5  sig_fault (sig=11) at lib/fault.c:76
#6  
#7  0x7f023cb61844 in _wkssvc_NetWkstaEnumUsers (p=, 
r=)
at rpc_server/wkssvc/srv_wkssvc_nt.c:591
#8  0x7f023cb606f7 in api_wkssvc_NetWkstaEnumUsers (p=0x7f023e84baf0) at 
librpc/gen_ndr/srv_wkssvc.c:209
#9  0x7f023cbe54b6 in api_rpcTNP (p=0x7f023e84baf0, pkt=0x7f023e843ed0, 
api_rpc_cmds=0x7f023d4689c0, 
n_cmds=) at rpc_server/srv_pipe.c:1647
#10 0x7f023cbe672f in api_pipe_request (p=0x7f023e84baf0) at 
rpc_server/srv_pipe.c:1580
#11 process_request_pdu (p=0x7f023e84baf0) at rpc_server/srv_pipe.c:1837
#12 process_complete_pdu (p=0x7f023e84baf0) at rpc_server/srv_pipe.c:1894
#13 0x7f023cbe7ea8 in process_incoming_data (p=0x7f023e84baf0, 
data=0x7f023e85d020 "D", n=)
at rpc_server/srv_pipe_hnd.c:218
#14 0x7f023cbe8341 in write_to_internal_pipe (mem_ctx=, ev=0x7f023e82d4f0, handle=, 
data=, len=92) at rpc_server/srv_pipe_hnd.c:244
#15 np_write_send (mem_ctx=, ev=0x7f023e82d4f0, 
handle=, data=, 
len=92) at rpc_server/srv_pipe_hnd.c:538
#16 0x7f023c9d7f79 in api_dcerpc_cmd (conn=0x7f023e844b00, vuid=, req=, 
setup=, data=, params=, suwcnt=2, tdscnt=92, tpscnt=0, 
mdrcnt=1024, mprcnt=0) at smbd/ipc.c:271
#17 api_fd_reply (conn=0x7f023e844b00, vuid=, req=, setup=, 
data=, params=, suwcnt=2, 
tdscnt=92, tpscnt=0, mdrcnt=1024, mprcnt=0)
at smbd/ipc.c:482
#18 0x7f023c9d847b in named_pipe (conn=0x7f023e844b00, req=0x7f023e85ceb0, 
state=0x7f023e846c10) at smbd/ipc.c:537
#19 handle_trans (conn=0x7f023e844b00, req=0x7f023e85ceb0, 
state=0x7f023e846c10) at smbd/ipc.c:594
#20 0x7f023c9d92ea in reply_trans (req=0x7f023e85ceb0) at smbd/ipc.c:779
#21 0x7f023ca41604 in switch_message (type=37 '%', req=0x7f023e85ceb0, 
size=180) at smbd/process.c:1574
#22 0x7f023ca41a1b in construct_reply (sconn=0x7f023e82d5b0, inbuf=, nread=180, unread_bytes=0, 
seqnum=, encrypted=false, deferred_pcd=0x0) at 
smbd/process.c:1610
#23 process_smb (sconn=0x7f023e82d5b0, inbuf=, nread=180, 
unread_bytes=0, seqnum=, 
encrypted=false, deferred_pcd=0x0) at smbd/process.c:1688
#24 0x7f023ca41e35 in smbd_server_connection_read_handler 
(conn=0x7f023e82d5b0, fd=27) at smbd/process.c:2318
#25 0x7f023cd01ad7 in run_events_poll (ev=0x7f023e82d4f0, pollrtn=, pfds=0x7f023e844670, num_pfds=2)
at lib/events.c:286
#26 0x7f023ca3f97d in smbd_server_connection_loop_once 
(sconn=0x7f023e82d5b0) at smbd/process.c:1017
#27 smbd_process (sconn=0x7f023e82d5b0) at smbd/process.c:3159
#28 0x7f023cf628cf in smbd_accept_connection (ev=, 
fde=, 
flags=, private_data=) at 
smbd/server.c:514
#29 0x7f023cd01ad7 in run_events_poll (ev=0x7f023e82d4f0, pollrtn=, pfds=0x7f023e846e40, num_pfds=5)
at lib/events.c:286
#30 0x7f023cd01f8f in s3_event_loop_once (ev=0x7f023e82d4f0, 
location=) at lib/events.c:349
#31 0x7f023cd02310 in _tevent_loop_once (ev=0x7f023e82d4f0, 
location=0x7f023d16d929 "smbd/server.c:820")
at ../lib/tevent/tevent.c:494
#32 0x7f023cf63bcb in smbd_parent_loop (argc=, 
argv=0x7f023e851450) at smbd/server.c:820
#33 main (argc=, argv=0x7f023e851450) at smbd/server.c:1304

HTH

Chris Kukuchka

Re: [Samba] Samba4 smb.conf parse shares diffently depending on where a section is located.

[Jeremy Allison]

On Fri, Mar 15, 2013 at 12:53:16PM +0100, Daniel Hedblom wrote:
> I guess this works as intended but i wanted to put it here anyhow for
> future reference for others.
> 
> If a share definition is located above [Global] it gets totally different
> attributes. We had enormous problems with rights on one share and no matter
> what we did to acl, xattr and Windows permissions it just would not work
> correctly. A couple of things added to a definition above [Global] is:
> 
> create mask = 0744
> directory mask = 0755
> map archive = Yes
> map readonly = yes
> store dos attributes = No
> vfs objects =
> 
> Putting the share below the [Global] section solved everything anyhow.

Yeah, that's just an side effect of the parsing being
linear. More of a "well don't do that then" kind of a
thing really. Not worth the large effort needed in
changing the code.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba 4 disabled users

[Kristofer]

Hello, 

With Samba 4 Active Directory, how can I determine from the command-line 
(wbinfo, samba-tool, etc.) whether or not a user is disabled? 

Thanks, 
Kris 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba ignoring group permissions (list files permission) for Windows 7 clients

[Ivo Palli]

Hi all,

After updating a RHEL6 server I'm having trouble with Samba ignoring
group permissions on directories. If I mount it under Linux as CIFS,
everything works as expected. But trying to mount it with a Windows 7
client gives me problems.

My shares are mode drwxr-x--- (750) with owner 'root.domain users'. If I
try to mount it under Windows 7, I get "Windows cannot access... You do
not have permissions to..".

However if I create a directory 'temp' with mode rwxrwxrwx (777) then I
can access it by going to it directly: \\myserver\myshare\temp\

If I change the mode of 'temp' to 770, I can no longer access it (i.e.
cannot list files), but I _can_ access any files inside as long as I
address them directly:

-rw-rw   root.domain users   myfile1.txt

\\myserver\myshare\temp\myfile1.txt

I can also create files in that directory.

So I can not list files, but I should be able to. If I create a file
with a Windows 7 user, the owner is "user1.domain users", so it's the
correct group.

For all above examples, I stripped all ACL's, so it's just the Unix
uid/gid owner permissions on the files and directories.

Can anybody help me to figure out why I cannot list the directories
under Windows 7? It works under Linux mounts.

My version is the latest RHEL6 version, i.e. Version 3.6.9-151.el6

Thanks!

   Ivo Palli
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Re: [Samba] Problem setting rights on Samba share.

[Daniel Hedblom]

The problem here was the [share] definition was located above the [global]
section. Testparm showed the additional things that got added that made the
share rights fail.


2013/3/10 Daniel Hedblom 

> I have some difficulties setting rights from Windows on a Samba share.
> Tried changing posix rights to no avail. The Admin rights has disappeared
> and i need to reset them at the share level. How do i do that when it is
> not working from Windows. I do not understand samba-tool ntacl and how it
> is supposed to be used.
>
> So, how do one set rights in samba 4 when you lost your ability to manage
> them from a Windows computer?
>
> Cheers
>
> //danielh
>
> --
> With best regards,
> Daniel Hedblom
> Sysadmin
> Department Barn och Skolförvaltningen
> Municipality of Sollefteå
> Phone: +46 (0) 620-68 22 02
> Mobile: + 46 (0) 70 383 72 44
>
>
>
>



-- 
With best regards,
Daniel Hedblom
Sysadmin
Department Barn och Skolförvaltningen
Municipality of Sollefteå
Phone: +46 (0) 620-68 22 02
Mobile: + 46 (0) 70 383 72 44
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Samba4 smb.conf parse shares diffently depending on where a section is located.

[Daniel Hedblom]

I guess this works as intended but i wanted to put it here anyhow for
future reference for others.

If a share definition is located above [Global] it gets totally different
attributes. We had enormous problems with rights on one share and no matter
what we did to acl, xattr and Windows permissions it just would not work
correctly. A couple of things added to a definition above [Global] is:

create mask = 0744
directory mask = 0755
map archive = Yes
map readonly = yes
store dos attributes = No
vfs objects =

Putting the share below the [Global] section solved everything anyhow.

Daniel Hedblom
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

[Samba] Can smbclient bind the source IP address?

[Marcel Hernandez Bertran]

I'd like to know if there's any way to bind a source IP address for smbclient 
requests, the likes of ssh's -b argument:

ssh [-1246AaCfgkMNnqsTtVvXxY] [-b bind_address]...

-b bind_address
 Use bind_address on the local machine as the source address of
 the connection.  Only useful on systems with more than one
 address.
  
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba