[Samba] ACL defaults and masks
Hello! In samba 3 we used create mask , force create.. to set file permisions. In samba 4 as I understand those options are ignored and default acls are used instead. But, is it possible to set by default different permisions on files and folders? For example on folders rwx, and on files rw-. Because I dont want to give x permision to file as I think it can be dangerous. Thanks in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] segfault Re: Errors, errors, errors in log
0 0.0.0.0:1024 0.0.0.0:* LISTEN 2817/samba tcp 0 0 0.0.0.0:3268 0.0.0.0:* LISTEN 2821/samba udp 0 0 192.168.1.0:464 0.0.0.0:* 2823/samba udp 0 0 0.0.0.0:464 0.0.0.0:* 2823/samba udp 0 0 192.168.1.0:88 0.0.0.0:* 2823/samba udp 0 0 0.0.0.0:88 0.0.0.0:* 2823/samba udp 0 0 0.0.0.0:631 0.0.0.0:* 2407/portreserve udp 0 0 192.168.1.0:389 0.0.0.0:* 2822/samba udp 0 0 0.0.0.0:389 0.0.0.0:* 2822/samba udp 0 0 192.168.1.0:137 0.0.0.0:* 2818/samba udp 0 0 192.168.7.255:137 0.0.0.0:* 2818/samba udp 0 0 0.0.0.0:137 0.0.0.0:* 2818/samba udp 0 0 192.168.1.0:138 0.0.0.0:* 2818/samba udp 0 0 192.168.7.255:138 0.0.0.0:* 2818/samba udp 0 0 0.0.0.0:138 0.0.0.0:* 2818/samba udp 0 0 0.0.0.0:53 0.0.0.0:* 2829/samba Here is conf file: # Global parameters [global] workgroup = EXAMPLE realm = EXAMPLE.COM #netbios name = EXAMPLE-OFFICE-00 netbios name = EXAMPLE.COM server role = active directory domain controller dns forwarder = 192.168.0.1 printcap name = /dev/null load printers = no disable spoolss = yes printing = bsd dns proxy = no hosts allow = 127.0.0.1 192.168.0.0/21 hosts deny = 0.0.0.0/0 eventlog list = Application System Security SyslogLinux Webserver log level = 1 log file = /var/log/samba/log %m panic action = /var/log/samba/panic %d [netlogon] path = /usr/local/samba/var/locks/sysvol/example.com/scripts read only = No [sysvol] path = /usr/local/samba/var/locks/sysvol read only = No [FileStorage] comment = Файловое хранилище path = /data/FileStorage/ public = no browseable = yes writable = yes guest ok = no read only = No Понедельник, 29 апреля 2013, 19:09 +10:00 от Andrew Bartlett abart...@samba.org: Jeremy, This backtrace looks like it might be something to do with your recent struct DIR work. The revision 5727bfa is from master after the work you did for Ceph in the VFS. On Mon, 2013-04-29 at 10:54 +0400, Александр Свиридов wrote: Andrew, please help me with this problem. I searched the solution in internet but couldn't find it. Here is log of certain user. Александр Свиридов, This is the first time we have seen this particular crash. Essentially all such INTERNAL ERROR messages are bugs in Samba that we fix as soon as we can. If you can give more details of your specific OS and configuration, Jeremy will be able to help you. [2013/04/29 09:40:49.557876, 0] ../lib/util/fault.c:72(fault_report) === [2013/04/29 09:40:49.558716, 0] ../lib/util/fault.c:73(fault_report) INTERNAL ERROR: Signal 11 in pid 7068 (4.1.0pre1-GIT-5727bfa) Please read the Trouble-Shooting section of the Samba HOWTO [2013/04/29 09:40:49.558886, 0] ../lib/util/fault.c:75(fault_report) === [2013/04/29 09:40:49.559004, 0] ../source3/lib/util.c:810(smb_panic_s3) PANIC (pid 7068): internal error [2013/04/29 09:40:49.560313, 0] ../source3/lib/util.c:921(log_stack_trace) BACKTRACE: 47 stack frames: #0 /usr/local/samba/lib/libsmbconf.so.0(log_stack_trace+0x1f) [0x7ffd5d8f6baf] #1 /usr/local/samba/lib/libsmbconf.so.0(smb_panic_s3+0x6d) [0x7ffd5d8f6a1e] #2 /usr/local/samba/lib/libsamba-util.so.0(smb_panic+0x28) [0x7ffd5f763a65] #3 /usr/local/samba/lib/libsamba-util.so.0(+0x1c767) [0x7ffd5f763767] #4 /usr/local/samba/lib/libsamba-util.so.0(+0x1c77c) [0x7ffd5f76377c] #5 /lib64/libpthread.so.0() [0x345820f500] #6 /usr/local/samba/lib/private/libsmbd_base.so(TellDir+0xc) [0x7ffd5ee60f32] #7 /usr/local/samba/lib/private/libsmbd_base.so(dptr_TellDir+0x1c) [0x7ffd5ee5eb16] #8 /usr/local/samba/lib/private/libsmbd_base.so(smbd_dirptr_get_entry +0xc7) [0x7ffd5ee5f663] #9 /usr/local/samba/lib/private/libsmbd_base.so(smbd_dirptr_lanman2_entry+0x1b4) [0x7ffd5eeadb47] #10 /usr/local/samba/lib/private
Re: [Samba] segfault Re: Errors, errors, errors in log
Thank you all! But can you say, what I should do? We have samba 4 on our server and people use it. It already has some data (users,group etc). Please, can you explain what I should do now step by step? Понедельник, 29 апреля 2013, 12:21 -07:00 от Jeremy Allison j...@samba.org: On Mon, Apr 29, 2013 at 07:09:16PM +1000, Andrew Bartlett wrote: Jeremy, This backtrace looks like it might be something to do with your recent struct DIR work. The revision 5727bfa is from master after the work you did for Ceph in the VFS. I think David nailed it. I think this is likely to be the bug I just fixed with the earlier patch. Cheers, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Hostname and kerberos
In samba 4 log I get the following message: [2013/04/29 00:44:30, 0] ../source4/smbd/server.c:369(binary_smbd_main) samba version 4.1.0pre1-GIT-5727bfa started. Copyright Andrew Tridgell and the Samba Team 1992-2013 [2013/04/29 00:44:31, 0] ../source4/smbd/server.c:475(binary_smbd_main) samba: using 'standard' process model [2013/04/29 00:44:32, 1] ../source4/auth/gensec/gensec_gssapi.c:339(gensec_gssapi_client_start) Could not determine hostname for target computer, cannot use kerberos [2013/04/29 00:44:32, 1] ../source4/auth/gensec/gensec_gssapi.c:339(gensec_gssapi_client_start) Could not determine hostname for target computer, cannot use kerberos and in another log I have: [2013/04/29 00:44:32.534527, 0] ../source3/lib/util_sock.c:423(open_socket_in) open_socket_in(): socket() call failed: Address family not supported by protocol [2013/04/29 00:44:32.541347, 0] ../source3/smbd/server.c:684(smbd_open_one_socket) smbd_open_once_socket: open_socket_in: Address family not supported by protocol [2013/04/29 00:44:32.542740, 0] ../source3/lib/util_sock.c:423(open_socket_in) open_socket_in(): socket() call failed: Address family not supported by protocol [2013/04/29 00:44:32.542874, 0] ../source3/smbd/server.c:684(smbd_open_one_socket) smbd_open_once_socket: open_socket_in: Address family not supported by protocol I changed the hostname in /etc/sysconfig/network to name of realm, but it didn't help. I use samba 4, centos 6.3. Please help me. Pavel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Hostname and kerberos
Hello, thank you for your answer! Понедельник, 29 апреля 2013, 9:58 +10:00 от Andrew Bartlett abart...@samba.org: On Mon, 2013-04-29 at 00:51 +0400, Александр Свиридов wrote: In samba 4 log I get the following message: [2013/04/29 00:44:30, 0] ../source4/smbd/server.c:369(binary_smbd_main) samba version 4.1.0pre1-GIT-5727bfa started. Copyright Andrew Tridgell and the Samba Team 1992-2013 [2013/04/29 00:44:31, 0] ../source4/smbd/server.c:475(binary_smbd_main) samba: using 'standard' process model [2013/04/29 00:44:32, 1] ../source4/auth/gensec/gensec_gssapi.c:339(gensec_gssapi_client_start) Could not determine hostname for target computer, cannot use kerberos [2013/04/29 00:44:32, 1] ../source4/auth/gensec/gensec_gssapi.c:339(gensec_gssapi_client_start) Could not determine hostname for target computer, cannot use kerberos Don't worry about this. I'll need to change the log level of the message, it isn't important, just a status message. and in another log I have: [2013/04/29 00:44:32.534527, 0] ../source3/lib/util_sock.c:423(open_socket_in) open_socket_in(): socket() call failed: Address family not supported by protocol [2013/04/29 00:44:32.541347, 0] ../source3/smbd/server.c:684(smbd_open_one_socket) smbd_open_once_socket: open_socket_in: Address family not supported by protocol [2013/04/29 00:44:32.542740, 0] ../source3/lib/util_sock.c:423(open_socket_in) open_socket_in(): socket() call failed: Address family not supported by protocol [2013/04/29 00:44:32.542874, 0] ../source3/smbd/server.c:684(smbd_open_one_socket) smbd_open_once_socket: open_socket_in: Address family not supported by protocol This is more odd, but is anything actually wrong? Perhaps you have IPv6 half-enabled in some way? In OS I disabled IPv6 maybe that's why this error arises? But samba works. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Changing group name via samba-tool and other
Hello! Среда, 24 апреля 2013, 22:01 +02:00 от Marc Muehlfeld sa...@marc-muehlfeld.de: Hello, Am 24.04.2013 21:01, schrieb Pavel: But I am shocked. I know samba is free and it means a lot, but CRUD operations are always together. I am a programmer myself and I know what I say. How can it be possible? As every software, there's no version that is totally fitting all needs from everybody. samba-tool, like everything else on that project is growing and getting better with every version. I understand what you mean, but is base functionality. For example I do a programm like (mc) which creates folder. So I must add delete operation. If I don't add rename operation it may mean only one - it's careless work. I'm sure, that samba-tool will provide more features in future versions. But if you are a programmer and familiar with python, you can help adding new features to samba-tool. On the samba-technical mailing list you can ask for some first information to start, if you want to help. Unfortunately I don't know python and never worked with it. Can samba 4 be used in production mode? For me: Absolutely. I migrated our domain at work to samba 4, when it was in beta state (150 users, 230 workstations). And it's running perfect stable and I'm very happy with my samba4 backend. But as everything in production, you should of course validate if the software is fitting your needs at your site. And one more question. In samba 3 we used create mask , force create.. to set file permisions. In samba 4 as I understand those options are ignored and default acls are used instead. But, is it possible to set by default different permisions on files and folders. For example on folders rwx, and on files rw-. Because I dont want to give x permision to file as I think it can be dangerous. I currently don't have samba4 servers with 'create mask', etc. (only on 3.6.x servers) and haven't looked at that yet. Have you tried it with 4.x? Yes, I tried create mask etc in samba 4 - are ignored totally. So the question is open how to set different default permissions on file and folders in samba4. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Changing group name via samba-tool and other
1) Plesea, tell me knows how to change group name in samba 4. I don't believe, that I can't do it, but: # /usr/local/samba/bin/samba-tool group --help ... Available subcommands: add - Creates a new AD group. addmembers - Add members to an AD group. delete - Deletes an AD group. list - List all groups. listmembers - List all members of an AD group. removemembers - Remove members from an AD group. For more help on a specific subcommand, please type: samba-tool group subcommand (-h|--help) 2) One question makes me crazy. Samba 4 is AD. It can be run on linux! WOW! The only thing I cannt understant is why I must use windows machine to configure AD. For example I have ubuntu machine and many my colleagues do.So I must configure AD. How can I do it from ubuntu? Or maybe I don't understand something? -- Pavel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba