Re: [Samba] Samba hangs the boot on Gentoo.
On Sat, Jan 22, 2011 at 7:50 AM, wrote: > > >> >>> Hello, >>> >>> Today I came across with the problem with booting my Gentoo system. >>> Yesterday I installed samba and when I turned on my notebook today it >>> stops >>> booting at starting up the samba daemon. It goes until: >>> >>> >>> * samba -> start: smbd ... >>> > I had some difficulties a few years back with Samba/LDAP nssldap, pam_ldap > and pam. The system would hang for some 10 minutes at startup. The problem > was that nssldap defaults to bind_policy hard, and as nssldap fired before > the ldap server started (from the nssldap conf file): > # Reconnect policy: hard (default) will retry connecting to > # the software with exponential backoff, soft will fail > # immediately. > > changing the value to > bind_policy soft > > rectified the situation. > > >> >>> >>> >>> >>> ... and then freezes ... Maybe the problem is somehow related to my Wi-Fi >>> connection on notebook and Samba is looking for Internet connection and >>> waiting for it to be established? Maybe you can give any advice on how to >>> boot to my system without loading samba and uninstalling it? >>> >>> >> Do an interactive boot. Press I when it asks you to do in the boot >> process. Then do not start the samba daemon. >> >> John >> > I would also run: etc-update To see if /etc/init.d/samba has any newer changes to be applied to the startup script. --Brian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Does this tell me anything? Traffic report
Destination Protocol Info 18 20.074673 192.168.1.100 192.168.1.105 TCP microsoft-ds > 36377 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0 Frame 18 (54 bytes on wire, 54 bytes captured) Ethernet II, Src: Cisco-Li_15:1c:11 (00:18:39:15:1c:11), Dst: Intel_6d:d7:6a (00:04:23:6d:d7:6a) Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.105 (192.168.1.105) Transmission Control Protocol, Src Port: microsoft-ds (445), Dst Port: 36377 (36377), Seq: 1, Ack: 1, Len: 0 No. TimeSourceDestination Protocol Info 19 20.093060 192.168.1.105 192.168.1.100 TCP 45084 > netbios-ssn [SYN] Seq=0 Win=5840 Len=0 MSS=1460 TSV=1977451 TSER=0 WS=6 Frame 19 (74 bytes on wire, 74 bytes captured) Ethernet II, Src: Intel_6d:d7:6a (00:04:23:6d:d7:6a), Dst: Cisco-Li_15:1c:11 (00:18:39:15:1c:11) Internet Protocol, Src: 192.168.1.105 (192.168.1.105), Dst: 192.168.1.100 (192.168.1.100) Transmission Control Protocol, Src Port: 45084 (45084), Dst Port: netbios-ssn (139), Seq: 0, Len: 0 No. TimeSourceDestination Protocol Info 20 20.095051 192.168.1.100 192.168.1.105 TCP netbios-ssn > 45084 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0 Frame 20 (54 bytes on wire, 54 bytes captured) Ethernet II, Src: Cisco-Li_15:1c:11 (00:18:39:15:1c:11), Dst: Intel_6d:d7:6a (00:04:23:6d:d7:6a) Internet Protocol, Src: 192.168.1.100 (192.168.1.100), Dst: 192.168.1.105 (192.168.1.105) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 45084 (45084), Seq: 1, Ack: 1, Len: 0 No. TimeSourceDestination Protocol Info 21 25.145799 Cisco-Li_15:1c:11 Intel_6d:d7:6aARP Who has 192.168.1.105? Tell 192.168.1.100 Frame 21 (42 bytes on wire, 42 bytes captured) Ethernet II, Src: Cisco-Li_15:1c:11 (00:18:39:15:1c:11), Dst: Intel_6d:d7:6a (00:04:23:6d:d7:6a) Address Resolution Protocol (request) No. TimeSourceDestination Protocol Info 22 25.145836 Intel_6d:d7:6aCisco-Li_15:1c:11 ARP 192.168.1.105 is at 00:04:23:6d:d7:6a Frame 22 (42 bytes on wire, 42 bytes captured) Ethernet II, Src: Intel_6d:d7:6a (00:04:23:6d:d7:6a), Dst: Cisco-Li_15:1c:11 (00:18:39:15:1c:11) Address Resolution Protocol (reply) I'm running Ubuntu 8.04, DHCP, DNS and OpenLDAP on the server. Please - any help greatly appreciated! Thanks! -- Matt Burkhardt, M.Sci. Technology Management m...@imparisystems.com (301) 682-7901 502 Fairview Avenue Frederick, MD 21701 http://www.imparisystems.com Here is what mine looks like, 137 is using UDP: harley gregorcy # nmap -P0 humboldt Starting Nmap 4.85BETA9 ( http://nmap.org ) at 2009-06-07 16:03 MDT Interesting ports on x.x.x (x.x.x.x): Not shown: 993 closed ports PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 111/tcp open rpcbind 139/tcp open netbios-ssn 445/tcp open microsoft-ds 2049/tcp open nfs 5666/tcp open nrpe Nmap done: 1 IP address (1 host up) scanned in 0.22 seconds harley gregorcy # nmap -sU humboldt Starting Nmap 4.85BETA9 ( http://nmap.org ) at 2009-06-07 16:03 MDT Interesting ports on x.x.x.x (x.x.x.x): Not shown: 996 closed ports PORT STATE SERVICE 111/udp open|filtered rpcbind 137/udp open|filtered netbios-ns 138/udp open|filtered netbios-dgm 2049/udp open|filtered nfs Where is your WINS server? Is both the samba server and the client machine pointed at the same WINS box? -- Brian Gregorcy IT Manager University of Utah Department of Chemical Engineering -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Dynamic Home Shares
Here is the script that we use to create the home directory when the user first
logs in.
humboldt samba # cat mkhomedir.sh
#!/bin/bash
# Creates home directories when account is created
# gregorcy
# Created: 03/21/2008
# Last Mod: 06/10/2008 - Added the if for is fac and cleanup
###
#
# Variables
hostname=`hostname`
blessed="The permissions have been fixed "
subject1="does not have valid email in our LDAP"
subject2="A user is missing their homedir on $hostname the home dir has been
created but the old homedirs should be checked for data"
emailto="supp...@che.utah.edu"
emailmes="/tmp/emailmessage.txt"
ldapmail=`ldapsearch -D "cn=***,ou=***,dc=*,dc=utah,dc=edu" -b
"ou=***,dc=***,dc=utah,dc=edu" -w * -x -LLL "(sAMAccountName=$1)" mail | grep mail |
sed 's/..//'`
ldapfac=`ldapsearch -D "cn=***,ou=***,dc=,dc=utah,dc=edu" -b "ou=***,dc=***,dc=utah,dc=edu"
-w * -x -LLL "(sAMAccountName=$1)" memberof >> /tmp/testfac`
grep -q Faculty /tmp/testfac
isfac=$?
echo $isfac
# functionville
function createbless () {
touch /home/CHEMENG/$1/.blessed
echo "$blessed" >> /home/CHEMENG/$1/.blessed
#chown root:root /home/CHEMENG/$1/.blessed
chmod 700 /home/CHEMENG/$1/.blessed
}
# scriptage
if [ ! -e /home/CHEMENG/$1 ]; then
echo "The home dir for "$1 "was not found probably was not migrated "> $emailmes
mkdir /home/CHEMENG/$1
echo "Created the home directory but should check trashheap or CHE-2551-30 for old stuff" >> $emailmes
mail -s "$subject2" supp...@***.utah.edu < $emailmes
rm -r $emailmes
fi
if [ ! -e /home/CHEMENG/$1/.blessed ]; then
mkdir /home/CHEMENG/$1
if [ $isfac = 0 ]; then
xfs_quota -x -c "limit bsoft=61440M bhard=63000M $1"
/home
fi
if [ $isfac != 0 ]; then
xfs_quota -x -c "limit bsoft=3072M bhard=3200M $1" /home
fi
#cp -r /etc/skel/* /home/CHEMENG/$1/*
chown "$1:CHEMENG+Domain Users" /home/CHEMENG/$1
chmod -R 711 /home/CHEMENG/$1
if [ -z $ldapmail ]; then
echo "Add the attribute mail to the user $1"> $emailmes
echo "then manually :( create the .forward in
/home/CHEMENG/$1" >> $emailmes
echo "Or add the email attribute to the AD and delete the .blessed
file " >> $emailmes
mail -s "$1 $subject1" supp...@***.utah.edu <
$emailmes
rm -r $emailmes
createbless $1
exit 0
fi
touch /home/CHEMENG/$1/.forward
echo "$ldapmail" >> /home/CHEMENG/$1/.forward
#chown root:root /home/CHEMENG/$1/.forward
chmod 700 /home/CHEMENG/$1/.forward
createbless $1
# mod the public_html folder so apache can see it
chown -R "$1:apache" /home/CHEMENG/$1/public_html
chmod -R 751 /home/CHEMENG/$1/public_html
chmod -R g+s /home/CHEMENG/$1/public_html
fi
# Clean Up
rm /tmp/testfac
exit 0
# Notes
# Basic premise for the .forward add
# touch /home/CHEMENG/$1/foo.txt
# echo "grego...@***.utah.edu" >> /home/CHEMENG/$1/foo.txt
# LDAP Search String
# ldapsearch -D "cn=***,ou=,dc=*,dc=utah,dc=edu" -b
"ou=*8,dc=,dc=utah,dc=edu" -w -x -LLL
"(sAMAccountName=)" mail | grep mail
# Output looks like this:
# mail: j...@***.utah.edu
Adam Williams wrote:
see root preexec = in the man page. so when they go to %U$ (such as
using logon home = z: ) it will run a script that creates the required
directory in /home/pc/
Ken Lupo wrote:
Hello,
I am attempting to dynamically create user shares when they connect to the
server based on their username. I cannot use [homes]. My reasoning for this
is that the users require a $ at the end of the share or it becomes
confusing to them(long story). What I'm seeing is that some Windows XP
clients will connect to /home/ but other clients try to connect to
/home/_ (with an underscore). For a work around I have symlinked
all home folders from to _
Here is my smb.conf file:
[global]
workgroup = PC
realm = PC.DOMAIN.COM
server string = FILE
security = ADS
log file = /var/log/samba/%m.log
local master = No
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
winbind use default domain = Yes
winbind offline logon = false
store dos attributes = Yes
ea support = Yes
dns proxy = no
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192
SO_RCVBUF=8192 SO_KEEPALIVE
inherit acls = yes
inherit permissions = yes
map acl inherit = yes
[%U$]
path = /home/PC/%U
comment = Homes
read only = No
Any help would be greatly appreicated.
Thank you,
Ken
--
To
Re: [Samba] "getent group" shows AD groups; "getent passwd" only shows local users
check that your clock on the linux box matches the clock on the DC. Just being curios: what time difference is acceptable? I.e. up to 5 seconds, 5 minutes? That being said, the clocks are in sync. I think the default is 5 minutes. We have seen odd problems like this when our Linux boxes clock skew to far from our DC. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] "getent group" shows AD groups; "getent passwd" only shows local users
Tomasz Chmielewski wrote: I had winbind configured so that it could fetch users from AD. Everything was working properly, but something happened in the past couple of days (no change in the Samba config) I'm not able to diagnose. "getent group" enumerates groups, "getent passwd" doesn't. "wbinfo -g" returns groups, whereas I get this error when trying to get users: # wbinfo -u Error looking up domain users # net rpc join -S GNCNET -U user_linux Password: Joined domain NUT. # net ads join -S GNCNET -U user_linux user_linux's password: [2009/01/22 10:37:06, 0] utils/net_ads.c:ads_startup_int(286) ads_connect: No logon servers Failed to join domain: No logon servers I see the Samba machine sends and receives packets on port 389 when I do "getent passwd", but just no users are returned. Ideas? This is my smb.conf: workgroup = NUT password server = GNCNET realm = GNCNET.GEORGIANUT.COM security = ads idmap uid = 1-2 idmap gid = 1-2 winbind separator = + template homedir = /home/%D/cbl template shell = /bin/bash winbind use default domain = true winbind offline logon = false server string = Samba Server %v encrypt passwords = Yes log file = /var/log/samba/log.%m max log size = 100 log level = 8 os level = 18 local master = No dns proxy = No winbind enum users = yes winbind enum groups = yes In log.winbindd I can see errors like: [2009/01/22 10:44:55, 3] libads/ldap.c:ads_do_paged_search_args(696) ads_do_paged_search_args: ldap_search_with_timeout((objectCategory=user)) -> Operations error [2009/01/22 10:44:55, 3] libads/ldap_utils.c:ads_do_search_retry_internal(76) Reopening ads connection to realm 'GEORGIANUT.COM' after error Operations error [2009/01/22 10:44:55, 5] libads/dns.c:sitename_fetch(677) sitename_fetch: Returning sitename for georgianut.com: "Default-First-Site-Name" [2009/01/22 10:44:55, 6] libads/ldap.c:ads_find_dc(294) ads_find_dc: looking for realm 'georgianut.com' [2009/01/22 10:44:55, 8] libsmb/namequery.c:get_sorted_dc_list(1626) get_sorted_dc_list: attempting lookup for name georgianut.com (sitename Default-First-Site-Name) using [ads] check that your clock on the linux box matches the clock on the DC. --Brian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Mac OS 10.5 seems to change permissions on files
Add this to the global section: unix extensions = no Stuart Reedy wrote: Greetings, We have an issue using Mac OS 10.5 with our Samba shares connected via cifs://server/Sharename. From what I can tell, when the Mac writes a file the permissions are correct (0660). Then it seems to change the permission to 0644, defeating the whole point of shared files. Has anyone else encountered this and, perhaps, found a work-around? Server Info: Samba 3.0.33 (Slackware package) Slackware 11.0 smb.conf: [global] workgroup = WG server string = Samba Server interfaces = x.x.x.x/16 passwd program = /usr/bin/passwd %u unix password sync = Yes ldap ssl = no hosts allow = x.x., 127.0.0.1 ea support = Yes veto files = /.DS_Store/._.*/DesktopFolderDB/Network Trash Folder/resource.frk/TheFindByContentFolder/TheVolumeSettingsFolder/ delete veto files = true --==SNIP==-- [Sharename] path = /path/ShareName valid users = @somegroup write list = @somegroup read only = No create mask = 0660 directory mask = 0770 force create mode = 0660 force directory mode = 0770 Any assistance is greatly appreciated! Stu... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] OSX client, Linux server, permissions problem
My first reaction to this is that the resource files aren't getting created or the user no longer has permissions...but I'm still learning. So either way you set 'unix extensions' it causes one or the other problem? Can you please clarify? Yes that is what is happening. If I set unix extensions = off One of my macs can't access anything on a share, we can see the icons but when you click on the file it disappears (via finder) If I comment out the above line a different mac when writing to the users home directory that has a public_html folder that our webserver can read, sets the file permissions to 700 --Brian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] OSX client, Linux server, permissions problem
barsalou wrote: Quoting James Peach <[EMAIL PROTECTED]>: 2008/9/29 Brian Gregorcy <[EMAIL PROTECTED]>: I know this doesn't help but we are seeing the same problem, I opened a bug with apple but so far have not heard anything back. I also sent this email to this list awhile back and did not get a response, the copy of the email I sent is below. You might be seeing the SMB unix extensions in action. In 10.5, the OS X SMB filesystem was taught to understand some SMB protocol extensions designed for unix system. what *might* be happening here is that the client is resetting the permissions after Samba applies the configuration mode masks. You should be able to verify this by packet sniffing or setting "unix extensions = no" on the server. This didn't work for me. I still see the same problem when creating folders using the finder. Keystrokes: apple-K Control-click -> New folder This shows up on the server with 755 permissionsI have it set for 770. I actually ran into another issue on a different mac (10.5.4), with unix extensions = no the user can browse the file system (via finder) but cannot open any of the files. They all appear as unknown file types, commenting out the above command and all is well. --Brian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] OSX client, Linux server, permissions problem
You might be seeing the SMB unix extensions in action. In 10.5, the OS X SMB filesystem was taught to understand some SMB protocol extensions designed for unix system. what *might* be happening here is that the client is resetting the permissions after Samba applies the configuration mode masks. You should be able to verify this by packet sniffing or setting "unix extensions = no" on the server. That worked for me :) Thanks I have been looking for that for awhile now, is there any downside to disabling unix extensions? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] OSX client, Linux server, permissions problem
barsalou wrote: I've been using samba for some time and have always had a good experience. I decided to try and configure my home network to let all my computers talk to the samba share. I'm stuck on one part where my OSX client, when creating new files/directories, won't create them writeable by the group. I've tried what seems like every combination of directory mask, force directory mode, etc. but I'm unable to get the OSX client to create folders with 770 permissions on any newly created folders. What I'd like to do is find a way to "see" all the permission's that are getting applied to that directory when it is getting created. This isn't a production box, so I'm willing to try anything at the moment. The good news is that it does create new files and folders...just that other users can't modify them. I do have logging turned up, but do not know what I should be looking for. Scenario: Client - OSX 10.5 Server - Ubuntu 7.04, XFS mounted /home, Samba 3.026a Share section of smb.conf [shared] path = /home/shared available = yes browseable = yes writable = yes create mask = 02770 directory mask = 02770 force group = +shared Testparm results (shared section) [shared] path = /home/shared force group = +shared read only = No Hope I didn't forget anything. I know this doesn't help but we are seeing the same problem, I opened a bug with apple but so far have not heard anything back. I also sent this email to this list awhile back and did not get a response, the copy of the email I sent is below. --Brian Hi all, We are having an issue when a user writes to there home directory the permissions change to 0600, instead of 0751 that we have been setting in smb.conf Here is a description of the problem: reinstalled mac osx we have: 1) OS 10.5.0 I mounted with Prof Sutherlands account created the folder in 1703 --> test_reinstall then copied a file to the new folder: About_Stacks.pdf The permissions on the server for the folder are: 1703 # pwd /home/DOMAIN/00033394/public_html/1703 humboldt 1703 # ls -la total 116 drwxr-s--x 10 00033394 apache 4096 Aug 15 15:18 . drwxr-s--x 18 00033394 apache 4096 Aug 14 15:04 .. -rwxr-s--x 1 00033394 apache 6148 Aug 14 14:55 .DS_Store -rwxr-s--x 1 00033394 apache 11152 Aug 14 13:49 CHEN_1703.html drwxr-s--x 2 00033394 apache 4096 Aug 14 13:49 CHEN_1703_files -rwxr-s--x 1 00033394 apache 8868 Aug 14 13:49 Homework.html drwxr-s--x 2 00033394 apache 155 Aug 14 13:49 Homework_files -rwxr-s--x 1 00033394 apache 10300 Aug 14 13:49 Lectures.html drwxr-s--x 2 00033394 apache 4096 Aug 14 13:49 Lectures_files drwxr-s--x 2 00033394 apache28 Aug 14 13:49 Media -rwxr-s--x 1 00033394 apache 6326 Aug 14 13:49 Schedule.html drwxr-s--x 2 00033394 apache 4096 Aug 14 13:49 Schedule_files drwxr-s--x 3 00033394 apache57 Aug 14 13:49 Scripts -rwxr-s--x 1 00033394 apache 28894 Aug 14 13:49 Syllabus.html drwxr-s--x 2 00033394 apache 4096 Aug 14 13:49 Syllabus_files -rwxr-s--x 1 00033394 apache 1963 Aug 14 13:49 feed.xml -rwxr-s--x 1 00033394 apache 311 Aug 14 13:49 index.html drwxr-s--x 2 00033394 apache29 Aug 15 15:18 test_reinstall test_reinstall # ls -la total 304 drwxr-s--x 2 00033394 apache 29 Aug 15 15:19 . drwxr-s--x 10 00033394 apache 4096 Aug 15 15:18 .. -rwxr- 1 00033394 apache 303444 Aug 15 15:01 About_Stacks.pdf This works I can view the page: http://www.che.utah.edu/~sutherland/1703/test_reinstall/ I am going to update the mac and see what happens updated to 10.5.4 created the folder: test_reinstall_10.5.4 and the copied the file About_Stacks.pdf to it. perms look like this: 1703 # ls -la total 116 drwxr-s--x 11 00033394 apache 4096 Aug 15 15:33 . drwxr-s--x 18 00033394 apache 4096 Aug 14 15:04 .. -rwxr-x--x 1 00033394 apache 6148 Aug 15 15:22 .DS_Store -rwxr-s--x 1 00033394 apache 11152 Aug 14 13:49 CHEN_1703.html drwxr-s--x 2 00033394 apache 4096 Aug 14 13:49 CHEN_1703_files -rwxr-s--x 1 00033394 apache 8868 Aug 14 13:49 Homework.html drwxr-s--x 2 00033394 apache 155 Aug 14 13:49 Homework_files -rwxr-s--x 1 00033394 apache 10300 Aug 14 13:49 Lectures.html drwxr-s--x 2 00033394 apache 4096 Aug 14 13:49 Lectures_files drwxr-s--x 2 00033394 apache28 Aug 14 13:49 Media -rwxr-s--x 1 00033394 apache 6326 Aug 14 13:49 Schedule.html drwxr-s--x 2 00033394 apache 4096 Aug 14 13:49 Schedule_files drwxr-s--x 3 00033394 apache57 Aug 14 13:49 Scripts -rwxr-s--x 1 00033394 apache 28894 Aug 14 13:49 Syllabus.html drwxr-s--x 2 00033394 apache 4096 Aug 14 13:49 Syllabus_files -rwxr-s--x 1 00033394 apache 1963 Aug 14 13:49 feed.xml -rwxr-s--x 1 00033394 apache 311 Aug 14 13:49 index.html drwxr-s--x 2 00033394 apache29 Aug 15 15:19 test_reinstall drwxr-xr-x 2 00033394 apache29 Aug 15 15:33 test_reinstall_10.5.4 *Note that the sticky bit is gone and has been replaced the execute bit The perms on the file: test_reinstall_10.5
[Samba] samba 3.0.28a & mac osx 10.5.4
Hi all, We are having an issue when a user writes to there home directory the permissions change to 0600, instead of 0751 that we have been setting in smb.conf Here is a description of the problem: reinstalled mac osx we have: 1) OS 10.5.0 I mounted with Prof Sutherlands account created the folder in 1703 --> test_reinstall then copied a file to the new folder: About_Stacks.pdf The permissions on the server for the folder are: 1703 # pwd /home/DOMAIN/00033394/public_html/1703 humboldt 1703 # ls -la total 116 drwxr-s--x 10 00033394 apache 4096 Aug 15 15:18 . drwxr-s--x 18 00033394 apache 4096 Aug 14 15:04 .. -rwxr-s--x 1 00033394 apache 6148 Aug 14 14:55 .DS_Store -rwxr-s--x 1 00033394 apache 11152 Aug 14 13:49 CHEN_1703.html drwxr-s--x 2 00033394 apache 4096 Aug 14 13:49 CHEN_1703_files -rwxr-s--x 1 00033394 apache 8868 Aug 14 13:49 Homework.html drwxr-s--x 2 00033394 apache 155 Aug 14 13:49 Homework_files -rwxr-s--x 1 00033394 apache 10300 Aug 14 13:49 Lectures.html drwxr-s--x 2 00033394 apache 4096 Aug 14 13:49 Lectures_files drwxr-s--x 2 00033394 apache28 Aug 14 13:49 Media -rwxr-s--x 1 00033394 apache 6326 Aug 14 13:49 Schedule.html drwxr-s--x 2 00033394 apache 4096 Aug 14 13:49 Schedule_files drwxr-s--x 3 00033394 apache57 Aug 14 13:49 Scripts -rwxr-s--x 1 00033394 apache 28894 Aug 14 13:49 Syllabus.html drwxr-s--x 2 00033394 apache 4096 Aug 14 13:49 Syllabus_files -rwxr-s--x 1 00033394 apache 1963 Aug 14 13:49 feed.xml -rwxr-s--x 1 00033394 apache 311 Aug 14 13:49 index.html drwxr-s--x 2 00033394 apache29 Aug 15 15:18 test_reinstall test_reinstall # ls -la total 304 drwxr-s--x 2 00033394 apache 29 Aug 15 15:19 . drwxr-s--x 10 00033394 apache 4096 Aug 15 15:18 .. -rwxr- 1 00033394 apache 303444 Aug 15 15:01 About_Stacks.pdf This works I can view the page: http://www.che.utah.edu/~sutherland/1703/test_reinstall/ I am going to update the mac and see what happens updated to 10.5.4 created the folder: test_reinstall_10.5.4 and the copied the file About_Stacks.pdf to it. perms look like this: 1703 # ls -la total 116 drwxr-s--x 11 00033394 apache 4096 Aug 15 15:33 . drwxr-s--x 18 00033394 apache 4096 Aug 14 15:04 .. -rwxr-x--x 1 00033394 apache 6148 Aug 15 15:22 .DS_Store -rwxr-s--x 1 00033394 apache 11152 Aug 14 13:49 CHEN_1703.html drwxr-s--x 2 00033394 apache 4096 Aug 14 13:49 CHEN_1703_files -rwxr-s--x 1 00033394 apache 8868 Aug 14 13:49 Homework.html drwxr-s--x 2 00033394 apache 155 Aug 14 13:49 Homework_files -rwxr-s--x 1 00033394 apache 10300 Aug 14 13:49 Lectures.html drwxr-s--x 2 00033394 apache 4096 Aug 14 13:49 Lectures_files drwxr-s--x 2 00033394 apache28 Aug 14 13:49 Media -rwxr-s--x 1 00033394 apache 6326 Aug 14 13:49 Schedule.html drwxr-s--x 2 00033394 apache 4096 Aug 14 13:49 Schedule_files drwxr-s--x 3 00033394 apache57 Aug 14 13:49 Scripts -rwxr-s--x 1 00033394 apache 28894 Aug 14 13:49 Syllabus.html drwxr-s--x 2 00033394 apache 4096 Aug 14 13:49 Syllabus_files -rwxr-s--x 1 00033394 apache 1963 Aug 14 13:49 feed.xml -rwxr-s--x 1 00033394 apache 311 Aug 14 13:49 index.html drwxr-s--x 2 00033394 apache29 Aug 15 15:19 test_reinstall drwxr-xr-x 2 00033394 apache29 Aug 15 15:33 test_reinstall_10.5.4 *Note that the sticky bit is gone and has been replaced the execute bit The perms on the file: test_reinstall_10.5.4 # pwd /home/DOMAIN/00033394/public_html/1703/test_reinstall_10.5.4 humboldt test_reinstall_10.5.4 # ls -la total 304 drwxr-xr-x 2 00033394 apache 29 Aug 15 15:33 . drwxr-s--x 11 00033394 apache 4096 Aug 15 15:33 .. -rw--- 1 00033394 domain users 303444 Aug 15 15:01 About_Stacks.pdf apache is not the group and the perms are 0700, this page will not work. The issue is that the mac is dropping the sticky bit and since the sticky bit is gone the files are being created with the wrong perms. Here is my smb.conf [global] workgroup = DOMAIN netbios name= SERVER realm = REALM server string = CHE file server security= ADS preferred master= no client use spnego = yes server signing = auto encrypt passwords = yes nt acl support = yes acl map full control= yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 template shell = /bin/false password server = DNS1 DNS2 * log level = 3 log file= /var/log/samba/%m max log size= 100 preferred master= No dns proxy = No wins server = WINS1 WINS2 ; W
Re: [Samba] Group membership confusion, UNIX, nested, and AD
Robert M. Martel - CSU wrote: Still hoping that someone can help clear this up. Greetings, I've been reading and re-reading "Chapter 12. Group Mapping: MS Windows and UNIX", Mailing list messages with the subjects "valid users = +group doesn't work" and "Unix ADS group membership or vice versa" and all I've gotten is more confused. I have to move my samba servers from a Samba PDC environment to Active Directory (AD) where they will be member servers. I will NOT be able to make ANY changes to the AD configuration: it is dictated and controlled by those "on high." I cannot add any groups to AD. I can only manipulate the membership of the UNIX groups on my servers. I already have a test samba server (3.0.28a) as a member of AD. What I want is to be able to control access to "shares" using lines like "valid user +www" in smb.conf as I have in the past. The groups I want to use are the UNIX groups on the AD member samba server. I have added AD users as members of the UNIX groups in /etc/group It looks like Samba AD member servers will NOT look at local UNIX groups to check and see if an AD account is a member of the UNIX group. I do not want to have to map each and every AD user to a corresponding local user - I thought accessing AD would cut down on the account management workload, not increase it. I fail to see where windbind's nested groups will help me solve this problem - as presented in the docs it seems to solve an MS Windows issue that I do not have. Perhaps I still do not understand what that the nested group is supposed to provide. Since I have no administrative access to the AD server, how am I to create nested groups? The example shows: net rpc group add demo -L -Uroot%not24get" So it seems I would need some kind of administrative account to even create the nested group. If not an AD account, I do not recall setting up an smbpassword for root as I did in the past on my samba PDC. I am not a member of "Domain Administrators" in out AD setup, but that is a whole different set of questions. How would I make such a nested group the group owner for files/directories? Or would I then use the nested group in the "valid user" line of smb.conf? Use groupmap to associate it with a UNIX group? See, confusion. At this moment it seems my worst case/quick fix calls for long "valid user" lines listing the AD accounts that I wish to have access to certain shares - kinda' defeats the reason to have groups. Why would Samba be written to ignore the group memberships? Thanks in advance to anyone that can help clear up my confusion about groups! -Bob Martel Hi Bob, I recently did something similar, this page helped me the most of anything I believe it was section 14.3 http://samba.dsmirror.nl/samba/docs/man/Samba-HOWTO-Collection/idmapper.html However I think you will need an account with privileges to join machines to the domain, if the AD admins will not give you one it is possible to create an account this is not a domain administrator but can add/remove objects from the domain maybe they can create that type of account for you. Also here are my notes when I was setting up our fileserver, they may help: http://www.che.utah.edu/resources/supportwiki/index.php/Samba_and_Active_Directory -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
