RE: [Samba] can samba keep uid/gid/permission on a per-file-base?
Is there a trick to copy files via smbfs and keep uid/gid/permissions? Usually uid/gid/permission of a transfered file depends on the uid used when mounting the remote share. But maybe there is a trick/patch whatever ... I've used xcopy on Windows before to transfer files between shares maintaining permissions, owner, times etc. You need permission on the destination to be able to change those values though. I've never done that with Samba (always when doing Win32 server migrations) but I don't see any reason why it might not work... Cheers Alex -- Alex Harrington - Network Development Manager Longhill High School t: 01273 391672 e: a...@longhill.org.uk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE: [Samba] Samba + RAID + High speed...
I still feel this configuration could be running faster, anyone has any idea where I could optimize it ? (the XFS format paramaters, Areca setup, bonding parameters, etc). My experience says that the SATA/RAID5 will bottleneck the system well before you hit the limits of your 6GB trunk. RAID10 is less computationally expensive for the RAID controller and gives greater access concurrency (ie any given data can be read from a choice of drives). SAS drives/controllers are full duplex which means the bus can be reading/writing at the same time, and so is much faster for high read/write setups. It depends a lot on how the box is to be used. Cheers Alex -- Alex Harrington - Network Development Manager Longhill High School t: 01273 391672 e: a...@longhill.org.uk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE: [Samba] server change
If anyone can shed some light on this I would appreciate it. Is the old server still running? I've seen clients connect to an old DC and change their machine account passwords with that server in a similar scenario.. Alex -- Alex Harrington - Network Development Manager Longhill High School t: 01273 391672 e: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] How to share [homes] in a more flexible way?
I've attempted various approaches but I've failed to achieve my goal, so I wonder if it's even possible. Sharing homes one-by-one is out of question: too many people in my department. Can you help me? Assuming all the people in your department are in a group, you can just include a separate configuration based on group membership: Eg: In smb.conf: include = /etc/samba/%G_smb.conf For your group, you should then create /etc/samba/mygroup_smb.conf: [homes] comment = Homes browsable = no valid users = %S path = %H Etc etc etc You might have problems with this if your department group is not your primary group membership... Alex -- Alex Harrington - Network Development Manager Longhill High School t: 01273 391672 e: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Vista - Profile - Local
- It's not possible so far as I know. - I can tell you it is possible with XP. I can log on my computer: as my_computer_hostname\lmhelp as well as a_samba_domain_name\lmelp using exactly the same profile located at C:\Documents and Settings\lmhelp. It is very convenient. But to do so, one has to edit the registry. I don't understand how that's possible. Your machine cannot be logging on to the other domain, so the only way this is possible so far as I know is if the two domains you're logging on to trust each other? Alex -- Alex Harrington - Network Development Manager Longhill High School t: 01273 391672 e: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Vista - Profile - Local
Has anyone ever got the same problem as I: - having a LAPTOP running VISTA, - being the ONLY user of that laptop, - having to log SOMETIMES on a given Samba domain, SOMETIMES on another, - wanting to use always the SAME PROFILE whichever the login may be, - wanting that profile to be LOCAL. It's not possible so far as I know. A domain profile, local or otherwise, is specific to that domain. As soon as you unjoin/rejoin a new domain, XP will create a username.NEWDOMAIN profile on your laptop. The closest I can suggest is to have the laptop in a workgroup, and just map drives as required? Alex -- Alex Harrington - Network Development Manager Longhill High School t: 01273 391672 e: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Vista - Profile - Local
I can tell you it is possible with XP. I can log on my computer: as my_computer_hostname\lmhelp as well as a_samba_domain_name\lmelp using exactly the same profile located at C:\Documents and Settings\lmhelp. It is very convenient. But to do so, one has to edit the registry. I don't understand how that's possible. Your machine cannot be logging on to the other domain, so the only way this is possible so far as I know is if the two domains you're logging on to trust each other? I just re-read that. OK, so in your example you're using the same profile to log on to your local machine, and the domain. That's quite different from using the profile to log on to a second domain too. Whatever you've managed to make XP do, I'm pretty sure it isn't a Microsoft-supported configuration - unless someone else here knows better? Alex -- Alex Harrington - Network Development Manager Longhill High School t: 01273 391672 e: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Remote announce
Is there anything else that I need to add or could debian be confgiured to send multicast traffic on mutiple interfaces so that a broadcast (192.168.1.255) get to both eth1 and ppp0. 192.168.1.255 is the broadcast address on 192.168.1.0/255.255.255.0 network. Your ppp0 interface is a point-to-point address 192.168.1.128/255.255.255.255 in a completely different network (despite sharing its ip address with one in your existing network). Broadcasts for one network are not going to appear on another... Cheers Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: WG: [Samba] Strange!!! Clients only log on to samba bdc
Ist there no one concerning this behaviour? I did my setup following the man pages. There must be a serious bug in samba 3.031. As I understand it, clients will prefer logging on to a BDC over a PDC, and then use whichever responds quickest, so certainly all the clients should not be logging in to one box or other - and probably least likely to log on to the PDC of the two options. I know that we see about a 60/40 split logins to BDC/PDC. I don't think you should have domain master = yes set on the BDC. Here's the settings from my BDC [global] netbios name = CORE02 server string = Longhill BDC (%v,%h) workgroup = LONGHILL interfaces = 10.108.1.8/255.255.255.0 name resolve order = host bcast wins os level = 65 domain master = no domain logons = yes local master = no preferred master = no guest ok = yes wins server = 10.108.1.32 Hope that helps Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: WG: [Samba] Strange!!! Clients only log on to samba bdc
This is the strange thing I have set on the BDC Security=user Domain logons=yes Domain master= no --- not yes!!! Os level=190 Preferred master=no And when I do a testparm it results Role Domain PDC???!! Can you post again exactly the global section from both PDC and BDC. Several other settings have changed between your two posts which makes it impossible to know exactly what the situation is! Thanks Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] SAMBA and VLAN
Is there anyway to make my PDC server work without forwarding the UDP broadcast ports (137, 138)? As long as you have a WINS server and the PDC and your clients are using it, it should work. That's the setup we have here and it's fine. Cheers Alex -- Alex Harrington - Network Development Manager Longhill High School t: 01273 391672 e: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Permissions Issue
Doug Tucker wrote: From the man pages, it looks like I can set the share to read only, and use the directive write list = @groupname to allow certain users write access to this read only share, but, I don't want to allow everyone read access, I want to only allow certain other users (that I can put in a group) read only access. Any ideas? valid users = @groupthatcanread,@groupthatcanwrite read only = yes write list = @groupthatcanwrite As other posters have mentioned, it's good practice to enforce this at the filesystem level too. Cheers Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Fwd: Add permission? (was How to create awrite-onlyshare?)
Ash My understanding is that admin users should make that user effectively root, and therefore able to access files that aren't owned by them or with no permissions granted. If you directly access a file you know exists - say open in notepad \\server\append\test.txt as michael, I think it will still allow you access. One option would be to have a second share called appendadm which only Michael has permission to access which forces either permissions or drops the hide unreadable statement. eg: [appendadm] path = /home/append valid users = michael writeable = yes write list = michael admin users = michael hide unreadable = no create mode = 200 directory mode = 770 force group = office If you have security=share set then the admin users line will have no effect - so that may be why you aren't seeing the initial share working properly. Cheers Alex -- Alex Harrington - Network Manager Longhill High School t: 01273 304086 e: [EMAIL PROTECTED] -Original Message- From: Ash Gosh [mailto:[EMAIL PROTECTED] Sent: Fri 23/05/2008 21:31 To: Alex Harrington Subject: Re: [Samba] Fwd: Add permission? (was How to create awrite-onlyshare?) Hello! I'm sorry, I was out unfortunatley, was in hospital without internet :( This variant works but... But michael becomes unable to read newly added data because file has been created under user.office -w--- permissions. I'm tried to add setfacl -m default:user:michael:wrx /home/apeend but new files does not inherit this rule... what to do here? AG. On Thu, May 8, 2008 at 12:16 PM, Alex Harrington [EMAIL PROTECTED] wrote: In this case I still can't add a file from Windows machine into the share append... Seems it can't be done with Samba and posix permissions? Try this: [EMAIL PROTECTED] home]# chown -R michael.office append [EMAIL PROTECTED] home]# chmod -R 770 append smb.conf: [append] path = /home/append valid users = +office writeable = yes write list = +office admin users = michael hide unreadable = yes create mode = 200 directory mode = 770 force group = office I can't see any reason why that config won't do exactly what you want it to. If it still doesn't work, you need to start narrowing the problem down - so logon to the console of the server first as michael. Can you cd in to /home/append? If so, can you touch a new file? Repeat the process for a different user in the office group. What is the result? As root, what is the contents of that folder now? If that all works, the POSIX permissions are working fine so it makes it a Samba problem. Visa versa then the POSIX permissions are the ones to look at. Alex -- Alex Harrington - Network Manager, Longhill High School t: 01273 304086 | e: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] samba server maxing out cpu, load up to 10
I reboot the server and sometimes it seems to help for a couple days, and sometimes the load immediately comes back and we just have to wait till the next day. We used to have a similar problem - but I've not seen it in a long time. It was always a badly behaved PC and often involved a Publisher document being stuck open. Running top, see if one smbd process is hogging the CPU. You should be able to work that back to a PC using smbstatus, and I think that's where the problem will be... Alex -- Alex Harrington - Network Manager, Longhill High School t: 01273 304086 | e: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Fwd: Add permission? (was How to create awrite-onlyshare?)
In this case I still can't add a file from Windows machine into the share append... Seems it can't be done with Samba and posix permissions? Try this: [EMAIL PROTECTED] home]# chown -R michael.office append [EMAIL PROTECTED] home]# chmod -R 770 append smb.conf: [append] path = /home/append valid users = +office writeable = yes write list = +office admin users = michael hide unreadable = yes create mode = 200 directory mode = 770 force group = office I can't see any reason why that config won't do exactly what you want it to. If it still doesn't work, you need to start narrowing the problem down - so logon to the console of the server first as michael. Can you cd in to /home/append? If so, can you touch a new file? Repeat the process for a different user in the office group. What is the result? As root, what is the contents of that folder now? If that all works, the POSIX permissions are working fine so it makes it a Samba problem. Visa versa then the POSIX permissions are the ones to look at. Alex -- Alex Harrington - Network Manager, Longhill High School t: 01273 304086 | e: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Fwd: Add permission? (was How to create a write-onlyshare?)
Try: [EMAIL PROTECTED] home]# chown -R michael.office append [EMAIL PROTECTED] home]# chmod -R 700 append smb.conf: [append] path = /home/append valid users = +office writeable = yes write list = +office admin users = michael hide unreadable = yes create mode = 600 directory mode = 700 force group = office I think that will do what you want - but users will still be able to see what they've put in the share - by virtue of the fact they own the file and it has 600 permissions. You could force a create mode of say 200 which would leave the file writable by the user but not readable. I've not tested how Windows will deal with that though... Alex -- Alex Harrington - Network Manager, Longhill High School t: 01273 304086 | e: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Maxtor NAS share problem
What's the exact command line you're using to rsync? I was using a command of the form: rsync -avz /source /destination OK the -a in your command line tells rsync to copy file owners, permissions and groups. Your NAS is not capable of allowing you to change these things in its current configuration - that is a limitation of the NAS you bought, not of SAMBA which it is running, or of rsync. If you need things to work this way, drop the -a and use -r instead. This will copy your files but they will all be owned by whoever you connect to the NAS as. If you need to backup permissions too, you should use getfacl/setfacl to backup just the permissions of all your files to a single text file - which you can then write to the NAS. Failing that, try using something like duplicity to do the job all in one step... Alex -- Alex Harrington - Network Manager, Longhill High School t: 01273 304086 | e: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Maxtor NAS share problem
I was talking about saving the Linux filesystem info. Do your rsync to the NAS, then do a recursive getfacl, redirecting the output to a file on the NAS. When you do an rsync back from the NAS, correct the owner/perms with setfacl. Trouble is that I CAN'T do my rsync to the NAS drive because it doesn't give me the access privileges I need to write to the NAS. The rsync wants to change owner and the NAS won't let it do that. There are switches to modify that behaviour - -p, -o, -t, -g - and there are aliases (eg -a)that switch combinations of those on or off. What's the exact command line you're using to rsync? Something like rsync -r /source/ /destination should work, regardless of the permissions, because rsync will write everything as whoever you're logged on as (or whoever the NAS translates that to be). As previously suggested you can then do a recursive getfacl over /source and write the output to /destination. That will create a text file with all your permissions etc included in it so they can be restored by setfacl if required. Alex -- Alex Harrington - Network Manager, Longhill High School t: 01273 304086 | e: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] write list vs read list
However, the @estero group cannot access the share at all (NT_STATUS_ACCESS_DENIED). What am I doing wrong? Most likely the filesystem permissions prevent users in @estero from executing or reading the /home/samba/lab_smb folder and/or the files in it. Cheers Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: How to create a write-only share?
Please please please! Any indeas are highly welcome! Ash - did you try setting hide unreadable = yes on the share as per my previous email? Alex -- Alex Harrington - Network Manager Longhill High School t: 01273 304086 e: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: How to create a write-only share?
Thanks for the answer but in this case anyone can look into the folder and see the file list. Sometimes even a filenames could be the secret. So this is not helps us. Set hide unreadable = yes on the share. Alex -- Alex Harrington - Network Manager, Longhill High School t: 01273 304086 | e: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Poor performance on open/copy/close/rename file operationsvia remote/VPN connection
All clients accessing samba shares via LAN have no problems. Samba server works perfectly and fast. We are instead experiencing serious performance issues when accessing samba shares from remote clients (WAN), via VPN. I've had this before and never solved it. I always put it down to Windows Explorer touching the files for thumbnails etc. Try mapping a drive from the VPN client to the Samba box, then drop to a command prompt and try copy/deleting files from there. Is the speed any better? Alex -- Alex Harrington - Network Manager, Longhill High School t: 01273 304086 | e: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Domain Authentication Issue - Bug Found
This does not seem logical, it does not seem real, but the results have proven themselves to be true. Hi Dalton It sounds very strange. I'm no Samba dev but I do have a fair experience with AD. Could it be that the Windows server in question has somehow got one of the FSMO roles assigned to it? If it were say a RID master then nothing would be able to make any form of account on the domain until the RID master has synced with other domain controllers. The time difference could have been sufficient to stop that replication happening. Does the output of netdom query fsmo on the corporate domain controllers and on the server with time problems agree? It also strikes me that you say you have the issue affect both Samba and XP clients? Or was the problem on XP described substantially different for the XP boxes? Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Moving user accounts from a domain to another - andchanging their logins
Hi Francis I don't know that much about Windows accounts, but one thing I learned is that the SID is hugely important. As some directories/files are named after the SID in a user's profile, I figure that they are part of the problem, if not the main problem. It's not something I've done personally - but the place I used to work used the MS Migration Tool for migrating profiles etc... http://www.microsoft.com/downloads/details.aspx?FamilyID=4af2d2c9-f16c-4 c52-a203-8daf944dd555displaylang=en Alex -- Alex Harrington - IT Support, Longhill High School t: 01273 304086 | e: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] PDC over PPTP VPN
Someone could have some ideas about how to solve this problem? I tried and tried but I didn't managed in solving it... :-( Is this Microsoft PPTP DUN or Poptop PPTPD? There have been two new fixes for Poptop of late to fix packet ordering bugs that cause some very strange behaviour. Perhaps this is an example? Otherwise try lowering the MTU on the PPP link. If that still doesn't work, you need to look at the traffic flowing over the link with a packet sniffer and see where things break down. It's unlikely to be a problem with the PDC based on your assertion that it works fine on the LAN. I'd suggest that maybe you might get more help from the Poptop users group? Alex -- Alex Harrington - IT Support, Longhill High School t: 01273 304086 | e: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba