Re: [Samba] Samba server dropping off the domain
Well, I have been unable to find out why our server drops after 15 to 40 minutes. Gone over everything on the domain servers and not seeing any errors there. And no error message on the samba side either. So I took out my sledge hammer and pounded the square peg into the circle hole with a crontab to rejoin to the domain every 10 minutes. I found I do not need to stop and restart samba for this. That's working, and I can move on to other things. On 1/5/12 3:11 PM, Don Krause wrote: On Jan 5, 2012, at 2:00 PM, CJ Keist wrote: I have strange problem. Installed 3.6.1 on SL Linux (Scientific Linux release 6.1 (Carbon)). Compiled: ./configure --prefix=/WWW/apps/samba-3.6.1 --with-quotas --disable-shared-libs make and make install all clean. Joined to our windows domain via command: ./net join -S domainserver -w DOMAIN -U adminuser Start up Samba via web gui and all is working for about 40 minutes to an hour. At which point it stops allowing connections. Only fix is to stop Samba and rerun the net join command and then restart Samba which it will work for about 40 minutes and then stop again. Anyone seen this before? Conf: [global] workgroup = DOMAIN server string = Web Server security = DOMAIN passdb backend = smbpasswd map untrusted to domain = Yes log level = 1 log file = /var/log/samba/logs/log.%m name resolve order = host bcast unix extensions = No keepalive = 0 max open files = 1 socket options = TCP_NODELAY SO_KEEPALIVE load printers = No dns proxy = No lock spin time = 3 remote announce = xxx.xx.xxx.xx idmap config * : range = idmap config * : backend = tdb strict locking = No [WWW] comment = Web Pages path = /WWW/docs read only = No create mask = 0774 directory mask = 0775 inherit permissions = Yes -- C. J. Keist Email: cj.ke...@colostate.edu Systems Group Manager Solaris 10 OS (SAI) Engineering Network ServicesPhone: 970-491-0630 College of Engineering, CSU Fax: 970-491-5569 Ft. Collins, CO 80523-1301 We've seen this recently as well, Samba 3.5.0 on Ubuntu (9.04 or 9.10), against a pair of 2008r2 AD servers. (Security = ADS) Fortunately, we're usually good for a week or so. This is a recent event on a box that had been running great for over a year. Sorry, I don't know a fix yet. -- Don Krause Head Systems Geek, Waver of Deceased Chickens. Optivus Proton Therapy, Inc. P.O. Box 608 Loma Linda, California 92354 909.799.8327 Tel 909.799.8366 Fax dkra...@optivus.com www.optivus.com "This message represents the official view of the voices in my head." -- C. J. Keist Email: cj.ke...@colostate.edu Systems Group Manager Solaris 10 OS (SAI) Engineering Network ServicesPhone: 970-491-0630 College of Engineering, CSU Fax: 970-491-5569 Ft. Collins, CO 80523-1301 All I want is a chance to prove 'Money can't buy happiness' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba server dropping off the domain
I have strange problem. Installed 3.6.1 on SL Linux (Scientific Linux release 6.1 (Carbon)). Compiled: ./configure --prefix=/WWW/apps/samba-3.6.1 --with-quotas --disable-shared-libs make and make install all clean. Joined to our windows domain via command: ./net join -S domainserver -w DOMAIN -U adminuser Start up Samba via web gui and all is working for about 40 minutes to an hour. At which point it stops allowing connections. Only fix is to stop Samba and rerun the net join command and then restart Samba which it will work for about 40 minutes and then stop again. Anyone seen this before? Conf: [global] workgroup = DOMAIN server string = Web Server security = DOMAIN passdb backend = smbpasswd map untrusted to domain = Yes log level = 1 log file = /var/log/samba/logs/log.%m name resolve order = host bcast unix extensions = No keepalive = 0 max open files = 1 socket options = TCP_NODELAY SO_KEEPALIVE load printers = No dns proxy = No lock spin time = 3 remote announce = xxx.xx.xxx.xx idmap config * : range = idmap config * : backend = tdb strict locking = No [WWW] comment = Web Pages path = /WWW/docs read only = No create mask = 0774 directory mask = 0775 inherit permissions = Yes -- C. J. Keist Email: cj.ke...@colostate.edu Systems Group Manager Solaris 10 OS (SAI) Engineering Network ServicesPhone: 970-491-0630 College of Engineering, CSU Fax: 970-491-5569 Ft. Collins, CO 80523-1301 All I want is a chance to prove 'Money can't buy happiness' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Swat not showing samba processes
Solved it. In unrelated article, I saw that the libwbclient.so.0 from the samba complied source needs to replace the on in /usr/lib64. Once I did this swat now sees the samba processes just fine. On 12/3/11 1:10 PM, CJ Keist wrote: I take it no one has seen this issue before? If helps running this on Scientific Linux 6.1. Just install Samba 3.5.9 with no issues. I have swat setup and can connect to the web gui. Problem is that when I start smbd and nmbd from the web gui, swat still shows that processes are not running. But in fact on the server they were started, and the logs show no errors. Any reason why swat is not showing me that the samba processes are running? -- C. J. Keist Email: cj.ke...@colostate.edu Systems Group Manager Solaris 10 OS (SAI) Engineering Network ServicesPhone: 970-491-0630 College of Engineering, CSU Fax: 970-491-5569 Ft. Collins, CO 80523-1301 All I want is a chance to prove 'Money can't buy happiness' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Swat not showing samba processes
I take it no one has seen this issue before? If helps running this on Scientific Linux 6.1. Just install Samba 3.5.9 with no issues. I have swat setup and can connect to the web gui. Problem is that when I start smbd and nmbd from the web gui, swat still shows that processes are not running. But in fact on the server they were started, and the logs show no errors. Any reason why swat is not showing me that the samba processes are running? -- C. J. Keist Email: cj.ke...@colostate.edu Systems Group Manager Solaris 10 OS (SAI) Engineering Network ServicesPhone: 970-491-0630 College of Engineering, CSU Fax: 970-491-5569 Ft. Collins, CO 80523-1301 All I want is a chance to prove 'Money can't buy happiness' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Swat not showing samba processes
Just install Samba 3.5.9 with no issues. I have swat setup and can connect to the web gui. Problem is that when I start smbd and nmbd from the web gui, swat still shows that processes are not running. But in fact on the server they were started, and the logs show no errors. Any reason why swat is not showing me that the samba processes are running? -- C. J. Keist Email: cj.ke...@colostate.edu Systems Group Manager Solaris 10 OS (SAI) Engineering Network ServicesPhone: 970-491-0630 College of Engineering, CSU Fax: 970-491-5569 Ft. Collins, CO 80523-1301 All I want is a chance to prove 'Money can't buy happiness' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Solaris 10 winbind authentication with ADS
Thanks for the replies. I got this resolved. It was case of my eyes not seeing what was in front of my face. The solaris upgrade DID replaced my /usr/lib/nss_winbind.so.1 link with Solaris's on library of same name. So I just had to rename that and recreate my link to the samba compiled libnss_winbind.so file. This is how I have the links done in /usr/lib -r-xr-xr-x 1 root root 50880 Dec 27 13:14 libnss_winbind.so lrwxrwxrwx 1 root root 17 Dec 17 15:29 libnss_winbind.so.1 -> libnss_winbind.so lrwxrwxrwx 1 root root 17 Jan 12 13:58 nss_winbind.so.1 -> libnss_winbind.so On 1/7/11 5:36 AM, Michael Wood wrote: Hi On 6 January 2011 01:11, CJ Keist wrote: Well, I did smart thing and upgraded my Solaris box to Solaris 10 update 9. And now my winbind authentication has broken. I have checked all my /usr/lib/*winbind* and /usr/lib/security/*winbind* libs and all are still good from my last install. /etc/pam.conf, nsswitch.conf are still intact. wbinfo seems to work fine. getent passwd username just returns empty. This is what I'm getting in my /var/samba/log/log.winbindd file: [2011/01/05 16:04:00.061446, 2] winbindd/winbindd.c:819(winbind_client_request_read) Could not read client request from fd 22: I/O error I don't run Solaris and am not using winbind, so this is just a guess, but I hope it helps. winbind communicates via a socket, which I think is put in /tmp by default (/tmp/.winbindd/ or something like that). Can you check what "fd 22" is? e.g. using lsof. Maybe it's the socket. It might be that Solaris 10 changes something about /tmp that interferes with winbind's socket? Maybe try putting the socket somewhere else. I think you're supposed to be able to do this with "winbind:socket dir = ...". It seems the "winbind:socket dir" option was introduced in Samba 3.2.0. -- C. J. Keist Email: cj.ke...@colostate.edu Systems Group Manager Phone: 970-491-0630 Engineering Network ServicesFax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301 All I want is a chance to prove 'Money can't buy happiness' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Solaris 10 winbind authentication with ADS
So, no one has a clue here? -- Well, I did smart thing and upgraded my Solaris box to Solaris 10 update 9. And now my winbind authentication has broken. I have checked all my /usr/lib/*winbind* and /usr/lib/security/*winbind* libs and all are still good from my last install. /etc/pam.conf, nsswitch.conf are still intact. wbinfo seems to work fine. getent passwd username just returns empty. This is what I'm getting in my /var/samba/log/log.winbindd file: [2011/01/05 16:04:00.061446, 2] winbindd/winbindd.c:819(winbind_client_request_read) Could not read client request from fd 22: I/O error Anyone have any ideas what broke? # ./testparm Load smb config files from /opt/local/lib/smb.conf rlimit_max: rlimit_max (256) below minimum Windows limit (16384) Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] workgroup = DOMAIN realm = DOMAIN.EDU interfaces = eri0 security = ADS password server = domain.edu log level = 10 winbind:10 log file = /var/samba/log/log.%m max log size = 50 load printers = No utmp = Yes idmap backend = rid:DOMAIN=10-50 idmap uid = 10-50 idmap gid = 10-50 template homedir = /home/%U template shell = /bin/tcsh winbind separator = / winbind cache time = 1800 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes create krb5 conf = No -- C. J. Keist Email: cj.ke...@colostate.edu Systems Group Manager Phone: 970-491-0630 Engineering Network ServicesFax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301 All I want is a chance to prove 'Money can't buy happiness' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Solaris 10 winbind authentication with ADS
Well, I did smart thing and upgraded my Solaris box to Solaris 10 update 9. And now my winbind authentication has broken. I have checked all my /usr/lib/*winbind* and /usr/lib/security/*winbind* libs and all are still good from my last install. /etc/pam.conf, nsswitch.conf are still intact. wbinfo seems to work fine. getent passwd username just returns empty. This is what I'm getting in my /var/samba/log/log.winbindd file: [2011/01/05 16:04:00.061446, 2] winbindd/winbindd.c:819(winbind_client_request_read) Could not read client request from fd 22: I/O error Anyone have any ideas what broke? # ./testparm Load smb config files from /opt/local/lib/smb.conf rlimit_max: rlimit_max (256) below minimum Windows limit (16384) Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] workgroup = DOMAIN realm = DOMAIN.EDU interfaces = eri0 security = ADS password server = domain.edu log level = 10 winbind:10 log file = /var/samba/log/log.%m max log size = 50 load printers = No utmp = Yes idmap backend = rid:DOMAIN=10-50 idmap uid = 10-50 idmap gid = 10-50 template homedir = /home/%U template shell = /bin/tcsh winbind separator = / winbind cache time = 1800 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes create krb5 conf = No -- C. J. Keist Email: cj.ke...@colostate.edu Systems Group Manager Phone: 970-491-0630 Engineering Network ServicesFax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301 All I want is a chance to prove 'Money can't buy happiness' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] solaris 10 winbind authentication with ADS
Made some progress here. I saw from the log files that samba couldn't find the /opt/local/lib/idmap/rid.so module. So I added --with-shared-modules=idmap_rid to my configure options. That got the rid.so to get installed and now the "getent passwd login" works! But getent passwd by itself doesn't?? Could there be a limit on what the getent will spit out? We have 30k+ accounts in our windows domain. But I still cannot ssh into this server. -- Forgot to add, my nsswitch.conf file has the winbind option added to the end of the passwd and group lines: passwd: files winbind group: files winbind I'm trying to setup a Solaris 10 Sparc station to authenticate users on login with Windows ADS. I have found the documentation for this but having no luck in getting the pam modules to work. Here is what I have done so far: Compiling Kerberos MIT5-1.8.3: cd into the src directory ./configure --prefix=/opt/local gmake gmake install Compiling Samba 3.5.6: setenv CFLAGS "-O2" setenv LDFLAGS "-L/opt/local/lib -Wl,-R/opt/local/lib" setenv CPPFLAGS "-I/opt/local/include" ./configure --prefix=/opt/local --with-pam --with-ads --with-winbind --with-krb5=/opt/local gmake gmake install Compiles and installs with no errors. Here is my samba conf. file: [global] workgroup = DOMAINNAME realm = DOMINNAME.EDU security = ADS password server = domainname.edu log file = /var/samba/log/log.%m max log size = 50 load printers = No utmp = Yes idmap backend = idmap_rid:DOMAINNAME=10-50 idmap uid = 10-50 idmap gid = 10-50 template homedir = /home/%U template shell = /bin/tcsh winbind cache time = 1800 winbind enum users = No winbind enum groups = No winbind use default domain = Yes winbind separator = / create krb5 conf = No Krb5.conf: [libdefaults] default_realm = DOMAINNAME.EDU [realms] DOMAINNAME.EDU = { kdc = server.domainname.edu } [domain_realm] .server.domainname.edu = DOMAINNAME.EDU server.domainname.edu = DOMAINNAME.EDU Then I was able to join okay: # ./net ads join -U user Enter user's password: Using short domain name -- DOMAINNAME Joined 'SUNTEST1' to realm 'DomainName.EDU' # ./net ads testjoin Join is OK I can get info from the ADS from wbinfo command just fine. But I cannot get anything via getent passwd user_name or getent group group_name I did copy the libnss_winbind.so from the samba build and have the pam_winbind.so linked in as well: # cd /usr/lib # ls -l *winbind* -r-xr-xr-x 1 root root 50880 Dec 20 13:07 libnss_winbind.so lrwxrwxrwx 1 root root 17 Dec 17 15:29 libnss_winbind.so.1 -> libnss_winbind.so lrwxrwxrwx 1 root root 17 Dec 17 15:30 libnss_winbind.so.2 -> libnss_winbind.so lrwxrwxrwx 1 root root 17 Dec 20 13:41 nss_winbind.so.1 -> libnss_winbind.so lrwxrwxrwx 1 root root 17 Dec 20 13:41 nss_winbind.so.2 -> libnss_winbind.so # cd /usr/lib/security/ # ls -l *winbind* lrwxrwxrwx 1 root root 38 Dec 20 13:04 pam_winbind.so -> /opt/local/lib/security/pam_winbind.so lrwxrwxrwx 1 root root 38 Dec 20 13:05 pam_winbind.so.1 -> /opt/local/lib/security/pam_winbind.so My pam.conf: loginauth sufficient/opt/local/lib/security/pam_winbind.so try_first_pass loginauth requisitepam_authtok_get.so.1 loginauth requiredpam_dhkeys.so.1 loginauth requiredpam_unix_cred.so.1 loginauth requiredpam_unix_auth.so.1 loginauth requiredpam_dial_auth.so.1 otherauth sufficient/opt/local/lib/security/pam_winbind.so try_first_pass otherauth requisitepam_authtok_get.so.1 otherauth requiredpam_dhkeys.so.1 otherauth requiredpam_unix_cred.so.1 otherauth requiredpam_unix_auth.so.1 othersession sufficient/opt/local/lib/security/pam_winbind.so try_first _pass othersession requiredpam_unix_session.so.1 What am I missing -- C. J. Keist Email: cj.ke...@colostate.edu Systems Group Manager Phone: 970-491-0630 Engineering Network ServicesFax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301 All I want is a chance to prove 'Money can't buy happiness' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] solaris 10 winbind authentication with ADS
Thank you. ./wbinfo -n login_name works. But the wbinfo -i doesn't work, "Could not get info for user COLOSTATE\login". So windbind is working partially? Could there be something on the Windows domain controller that isn't allowing the information to my samba server? On 12/22/10 4:05 AM, Volker Lendecke wrote: On Tue, Dec 21, 2010 at 10:35:58AM -0700, CJ Keist wrote: getent passwd user_name or getent group group_name Try wbinfo -i user_name or wbinfo -i domain\\user_name That is a direct path without NSS intervention. This way you can reduce the problem to either winbind proper or nss problems. With best regards, Volker Lendecke -- C. J. Keist Email: cj.ke...@colostate.edu Systems Group Manager Phone: 970-491-0630 Engineering Network ServicesFax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301 All I want is a chance to prove 'Money can't buy happiness' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] solaris 10 winbind authentication with ADS
I want to authenticate for ssh logins. I will not be running the smbd or nmbd daemons. Just winbind. running your commands I got: # ./wbinfo --allocate-uid Could not allocate a uid The second there is no --set-uid-mapping option. On 12/21/10 1:43 PM, Gaiseric Vandal wrote: Is this to support authentication for unix users (e.g. via ssh) or windows users (via samba?) I found that after upgrading from samba 3.0.x to 3.4.x that the idmap allocation stopped working. In my case I already had the imdap entries populated into ldap. can you use "wbinfo --allocate-uid" or "wbinfo --set-uid-mapping " to manually create a UID-to-SID mapping? On 12/21/2010 01:44 PM, CJ Keist wrote: Forgot to add, my nsswitch.conf file has the winbind option added to the end of the passwd and group lines: passwd: files winbind group: files winbind I'm trying to setup a Solaris 10 Sparc station to authenticate users on login with Windows ADS. I have found the documentation for this but having no luck in getting the pam modules to work. Here is what I have done so far: Compiling Kerberos MIT5-1.8.3: cd into the src directory ./configure --prefix=/opt/local gmake gmake install Compiling Samba 3.5.6: setenv CFLAGS "-O2" setenv LDFLAGS "-L/opt/local/lib -Wl,-R/opt/local/lib" setenv CPPFLAGS "-I/opt/local/include" ./configure --prefix=/opt/local --with-pam --with-ads --with-winbind --with-krb5=/opt/local gmake gmake install Compiles and installs with no errors. Here is my samba conf. file: [global] workgroup = DOMAINNAME realm = DOMINNAME.EDU security = ADS password server = domainname.edu log file = /var/samba/log/log.%m max log size = 50 load printers = No utmp = Yes idmap backend = idmap_rid:DOMAINNAME=10-50 idmap uid = 10-50 idmap gid = 10-50 template homedir = /home/%U template shell = /bin/tcsh winbind cache time = 1800 winbind enum users = No winbind enum groups = No winbind use default domain = Yes winbind separator = / create krb5 conf = No Krb5.conf: [libdefaults] default_realm = DOMAINNAME.EDU [realms] DOMAINNAME.EDU = { kdc = server.domainname.edu } [domain_realm] .server.domainname.edu = DOMAINNAME.EDU server.domainname.edu = DOMAINNAME.EDU Then I was able to join okay: # ./net ads join -U user Enter user's password: Using short domain name -- DOMAINNAME Joined 'SUNTEST1' to realm 'DomainName.EDU' # ./net ads testjoin Join is OK I can get info from the ADS from wbinfo command just fine. But I cannot get anything via getent passwd user_name or getent group group_name I did copy the libnss_winbind.so from the samba build and have the pam_winbind.so linked in as well: # cd /usr/lib # ls -l *winbind* -r-xr-xr-x 1 root root 50880 Dec 20 13:07 libnss_winbind.so lrwxrwxrwx 1 root root 17 Dec 17 15:29 libnss_winbind.so.1 -> libnss_winbind.so lrwxrwxrwx 1 root root 17 Dec 17 15:30 libnss_winbind.so.2 -> libnss_winbind.so lrwxrwxrwx 1 root root 17 Dec 20 13:41 nss_winbind.so.1 -> libnss_winbind.so lrwxrwxrwx 1 root root 17 Dec 20 13:41 nss_winbind.so.2 -> libnss_winbind.so # cd /usr/lib/security/ # ls -l *winbind* lrwxrwxrwx 1 root root 38 Dec 20 13:04 pam_winbind.so -> /opt/local/lib/security/pam_winbind.so lrwxrwxrwx 1 root root 38 Dec 20 13:05 pam_winbind.so.1 -> /opt/local/lib/security/pam_winbind.so My pam.conf: loginauth sufficient/opt/local/lib/security/pam_winbind.so try_first_pass loginauth requisitepam_authtok_get.so.1 loginauth requiredpam_dhkeys.so.1 loginauth requiredpam_unix_cred.so.1 loginauth requiredpam_unix_auth.so.1 loginauth requiredpam_dial_auth.so.1 otherauth sufficient/opt/local/lib/security/pam_winbind.so try_first_pass otherauth requisitepam_authtok_get.so.1 otherauth requiredpam_dhkeys.so.1 otherauth requiredpam_unix_cred.so.1 otherauth requiredpam_unix_auth.so.1 othersession sufficient/opt/local/lib/security/pam_winbind.so try_first _pass othersession requiredpam_unix_session.so.1 What am I missing -- C. J. Keist Email: cj.ke...@colostate.edu Systems Group Manager Phone: 970-491-0630 Engineering Network ServicesFax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301 All I want is a chance to prove 'Money can't buy happiness' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] solaris 10 winbind authentication with ADS
Forgot to add, my nsswitch.conf file has the winbind option added to the end of the passwd and group lines: passwd: files winbind group: files winbind I'm trying to setup a Solaris 10 Sparc station to authenticate users on login with Windows ADS. I have found the documentation for this but having no luck in getting the pam modules to work. Here is what I have done so far: Compiling Kerberos MIT5-1.8.3: cd into the src directory ./configure --prefix=/opt/local gmake gmake install Compiling Samba 3.5.6: setenv CFLAGS "-O2" setenv LDFLAGS "-L/opt/local/lib -Wl,-R/opt/local/lib" setenv CPPFLAGS "-I/opt/local/include" ./configure --prefix=/opt/local --with-pam --with-ads --with-winbind --with-krb5=/opt/local gmake gmake install Compiles and installs with no errors. Here is my samba conf. file: [global] workgroup = DOMAINNAME realm = DOMINNAME.EDU security = ADS password server = domainname.edu log file = /var/samba/log/log.%m max log size = 50 load printers = No utmp = Yes idmap backend = idmap_rid:DOMAINNAME=10-50 idmap uid = 10-50 idmap gid = 10-50 template homedir = /home/%U template shell = /bin/tcsh winbind cache time = 1800 winbind enum users = No winbind enum groups = No winbind use default domain = Yes winbind separator = / create krb5 conf = No Krb5.conf: [libdefaults] default_realm = DOMAINNAME.EDU [realms] DOMAINNAME.EDU = { kdc = server.domainname.edu } [domain_realm] .server.domainname.edu = DOMAINNAME.EDU server.domainname.edu = DOMAINNAME.EDU Then I was able to join okay: # ./net ads join -U user Enter user's password: Using short domain name -- DOMAINNAME Joined 'SUNTEST1' to realm 'DomainName.EDU' # ./net ads testjoin Join is OK I can get info from the ADS from wbinfo command just fine. But I cannot get anything via getent passwd user_name or getent group group_name I did copy the libnss_winbind.so from the samba build and have the pam_winbind.so linked in as well: # cd /usr/lib # ls -l *winbind* -r-xr-xr-x 1 root root 50880 Dec 20 13:07 libnss_winbind.so lrwxrwxrwx 1 root root 17 Dec 17 15:29 libnss_winbind.so.1 -> libnss_winbind.so lrwxrwxrwx 1 root root 17 Dec 17 15:30 libnss_winbind.so.2 -> libnss_winbind.so lrwxrwxrwx 1 root root 17 Dec 20 13:41 nss_winbind.so.1 -> libnss_winbind.so lrwxrwxrwx 1 root root 17 Dec 20 13:41 nss_winbind.so.2 -> libnss_winbind.so # cd /usr/lib/security/ # ls -l *winbind* lrwxrwxrwx 1 root root 38 Dec 20 13:04 pam_winbind.so -> /opt/local/lib/security/pam_winbind.so lrwxrwxrwx 1 root root 38 Dec 20 13:05 pam_winbind.so.1 -> /opt/local/lib/security/pam_winbind.so My pam.conf: loginauth sufficient/opt/local/lib/security/pam_winbind.so try_first_pass loginauth requisitepam_authtok_get.so.1 loginauth requiredpam_dhkeys.so.1 loginauth requiredpam_unix_cred.so.1 loginauth requiredpam_unix_auth.so.1 loginauth requiredpam_dial_auth.so.1 otherauth sufficient/opt/local/lib/security/pam_winbind.so try_first_pass otherauth requisitepam_authtok_get.so.1 otherauth requiredpam_dhkeys.so.1 otherauth requiredpam_unix_cred.so.1 otherauth requiredpam_unix_auth.so.1 othersession sufficient/opt/local/lib/security/pam_winbind.so try_first _pass othersession requiredpam_unix_session.so.1 What am I missing -- C. J. Keist Email: cj.ke...@colostate.edu Systems Group Manager Phone: 970-491-0630 Engineering Network ServicesFax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301 All I want is a chance to prove 'Money can't buy happiness' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] solaris 10 winbind authentication with ADS
I'm trying to setup a Solaris 10 Sparc station to authenticate users on login with Windows ADS. I have found the documentation for this but having no luck in getting the pam modules to work. Here is what I have done so far: Compiling Kerberos MIT5-1.8.3: cd into the src directory ./configure --prefix=/opt/local gmake gmake install Compiling Samba 3.5.6: setenv CFLAGS "-O2" setenv LDFLAGS "-L/opt/local/lib -Wl,-R/opt/local/lib" setenv CPPFLAGS "-I/opt/local/include" ./configure --prefix=/opt/local --with-pam --with-ads --with-winbind --with-krb5=/opt/local gmake gmake install Compiles and installs with no errors. Here is my samba conf. file: [global] workgroup = DOMAINNAME realm = DOMINNAME.EDU security = ADS password server = domainname.edu log file = /var/samba/log/log.%m max log size = 50 load printers = No utmp = Yes idmap backend = idmap_rid:DOMAINNAME=10-50 idmap uid = 10-50 idmap gid = 10-50 template homedir = /home/%U template shell = /bin/tcsh winbind cache time = 1800 winbind enum users = No winbind enum groups = No winbind use default domain = Yes winbind separator = / create krb5 conf = No Krb5.conf: [libdefaults] default_realm = DOMAINNAME.EDU [realms] DOMAINNAME.EDU = { kdc = server.domainname.edu } [domain_realm] .server.domainname.edu = DOMAINNAME.EDU server.domainname.edu = DOMAINNAME.EDU Then I was able to join okay: # ./net ads join -U user Enter user's password: Using short domain name -- DOMAINNAME Joined 'SUNTEST1' to realm 'DomainName.EDU' # ./net ads testjoin Join is OK I can get info from the ADS from wbinfo command just fine. But I cannot get anything via getent passwd user_name or getent group group_name I did copy the libnss_winbind.so from the samba build and have the pam_winbind.so linked in as well: # cd /usr/lib # ls -l *winbind* -r-xr-xr-x 1 root root 50880 Dec 20 13:07 libnss_winbind.so lrwxrwxrwx 1 root root 17 Dec 17 15:29 libnss_winbind.so.1 -> libnss_winbind.so lrwxrwxrwx 1 root root 17 Dec 17 15:30 libnss_winbind.so.2 -> libnss_winbind.so lrwxrwxrwx 1 root root 17 Dec 20 13:41 nss_winbind.so.1 -> libnss_winbind.so lrwxrwxrwx 1 root root 17 Dec 20 13:41 nss_winbind.so.2 -> libnss_winbind.so # cd /usr/lib/security/ # ls -l *winbind* lrwxrwxrwx 1 root root 38 Dec 20 13:04 pam_winbind.so -> /opt/local/lib/security/pam_winbind.so lrwxrwxrwx 1 root root 38 Dec 20 13:05 pam_winbind.so.1 -> /opt/local/lib/security/pam_winbind.so My pam.conf: loginauth sufficient/opt/local/lib/security/pam_winbind.so try_first_pass loginauth requisitepam_authtok_get.so.1 loginauth requiredpam_dhkeys.so.1 loginauth requiredpam_unix_cred.so.1 loginauth requiredpam_unix_auth.so.1 loginauth requiredpam_dial_auth.so.1 otherauth sufficient/opt/local/lib/security/pam_winbind.so try_first_pass otherauth requisitepam_authtok_get.so.1 otherauth requiredpam_dhkeys.so.1 otherauth requiredpam_unix_cred.so.1 otherauth requiredpam_unix_auth.so.1 othersession sufficient/opt/local/lib/security/pam_winbind.so try_first _pass othersession requiredpam_unix_session.so.1 What am I missing -- C. J. Keist Email: cj.ke...@colostate.edu Systems Group Manager Phone: 970-491-0630 Engineering Network ServicesFax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301 All I want is a chance to prove 'Money can't buy happiness' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] More strangeness with ZFS and Samba
A new problem now. Running Samba 3.5.4, on Solaris 10 with zfs. Issue with Microsoft Office 2007: User opens up a .xlsx, then closes the file (Not Excel). Then user reopens the .xlsx file and now Excel says the file is read-only. But permissions on the file have not changed! Only fix is to exit out of Excel and restart, then user can open that file just fine. The issue also looks to be tied to how big the file is. Small .xlsx files do not exhibit this behavior. But files over 500K does it all the time. Time doesn't matter either, user can close the file and then come back to open it an hour later and it will still say read-only. Here is my conf file. issue is with all shares, I'm including just one atmos share below: [global] workgroup = ENGR_DOM server string = Samba Server interfaces = e1000g0, lo0 bind interfaces only = Yes security = DOMAIN passdb backend = smbpasswd client NTLMv2 auth = Yes map untrusted to domain = Yes log level = 1 log file = /var/log/samba/logs/log.%m name resolve order = host bcast unix extensions = No max open files = 1 load printers = No domain master = No dns proxy = No lock spin time = 3 veto oplock files = /*.doc/*.DOC/*.docx/*.DOCX/*.xlsx/*.XLSX/*.xls/*.XLS/*.ppt/*.PPT/*.pst/*.PST/*.mdb/*.MDB/*.ldb/*.LDB/*.vsd/*.VSD/*.dwg/*.DWG/*.cdr/*.CDR/ strict locking = No [atmos] comment = ATMOS path = /XKA2/academic/Atmos valid users = +Atmosfac force group = Atmosfac read only = No create mask = 0770 force create mode = 0770 security mask = 0770 directory mask = 02770 inherit permissions = Yes inherit acls = Yes nt acl support = No map archive = No map readonly = permissions store dos attributes = Yes vfs objects = zfsacl nfs4:mode = special nfs4:acedup = merge -- C. J. Keist Email: cj.ke...@colostate.edu Systems Group Manager Phone: 970-491-0630 Engineering Network ServicesFax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301 All I want is a chance to prove 'Money can't buy happiness' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] File permissions getting destroyed with M$ software on ZFS
Well, I think I got it fixed, but not sure if it is the correct way. This is what my share ens looks like now: [ens] comment = ENS Groups path = /XKA2/admin/ENS valid users = +admin force group = admin read only = No create mask = 0770 force create mode = 0770 security mask = 0770 directory mask = 02770 inherit permissions = Yes inherit acls = Yes nt acl support = No map archive = No map readonly = permissions store dos attributes = Yes vfs objects = zfsacl nfs4:acedup = merge nfs4:mode = special I changed "nt acl support" to No. On 10/1/10 8:15 AM, CJ Keist wrote: All, Running Samba 3.5.4 on Solaris 10 with ZFS file system. I have issues where we have shared group folders. In these folders a userA in GroupA create file just fine with the correct inherited permissions 660. Problem is when userB in GroupA reads and modifies that file, with M$ office apps, the permissions get whacked to 060+ and the file becomes read only by everyone. I did google this and found exactly someone else with the same problem with a fix! But the fix is not working for me, so looking for some more help and incite to this problem. The following are the two URLs I found which looked like a fix to my problem: http://lists.samba.org/archive/samba/2008-November/145094.html https://bugzilla.samba.org/show_bug.cgi?id=6050 I have implemented those settings, but I still see the problem of the file permissions getting whacked. Here is my conf file: [global] workgroup = ENGR_DOM server string = Samba Server interfaces = e1000g0, lo0 bind interfaces only = Yes security = DOMAIN passdb backend = smbpasswd client NTLMv2 auth = Yes map untrusted to domain = Yes log level = 1 log file = /var/log/samba/logs/log.%m name resolve order = host bcast unix extensions = No max open files = 1 load printers = No domain master = No dns proxy = No lock spin time = 3 veto oplock files = /*.doc/*.DOC/*.docx/*.DOCX/*.xlsx/*.XLSX/*.xls/*.XLS/*.ppt/*.PPT/*.pst/*.PST/*.mdb/*.MDB/*.ldb/*.LDB/*.vsd/*.VSD/*.dwg/*.DWG/*.cdr/*.CDR/ strict locking = No [homes] comment = Home Directories read only = No create mask = 0640 directory mask = 0751 force directory mode = 0751 directory security mask = 0750 inherit permissions = Yes inherit owner = Yes browseable = No level2 oplocks = No vfs objects = zfsacl nfs4:acedup = merge nfs4:mode = special [ens] comment = ENS Groups path = /XKA2/admin/ENS valid users = +admin force group = admin read only = No create mask = 0770 directory mask = 02770 inherit permissions = Yes inherit acls = Yes map archive = No map readonly = permissions vfs objects = zfsacl nfs4:acedup = merge nfs4:mode = special The issue is in the ENS share. I also have the ZFS file system aclmode and aclinherit set to passthrough, see output of zfs get all: kame % zfs get all fsdata/admin/ENS NAME PROPERTY VALUE SOURCE fsdata/admin/ENS type filesystem - fsdata/admin/ENS creation Mon Mar 15 14:47 2010 - fsdata/admin/ENS used 73.6G - fsdata/admin/ENS available 9.35T - fsdata/admin/ENS referenced73.6G - fsdata/admin/ENS compressratio 1.15x - fsdata/admin/ENS mounted yes- fsdata/admin/ENS quota none default fsdata/admin/ENS reservation none default fsdata/admin/ENS recordsize64K inherited from fsdata/admin fsdata/admin/ENS mountpoint/XKA2/admin/ENS inherited from fsdata fsdata/admin/ENS sharenfs rw,anon=0 inherited from fsdata/admin fsdata/admin/ENS checksum on default fsdata/admin/ENS compression on inherited from fsdata fsdata/admin/ENS atime off inherited from fsdata fsdata/admin/ENS devices on default fsdata/admin/ENS exec on default fsdata/admin/ENS setuidon default fsdata/admin/ENS readonly offdefault fsdata/admin/ENS zoned offdefault fsdata/admin/ENS snapdir hidden default fsdata/admin/ENS aclmode passthrough inherited from fsdata/admin fsdata/admin/ENS aclinheritpassthrough inherited from fsdata/admin fsdata/admin/ENS canmount on default fsdata/admin/ENS
[Samba] File permissions getting destroyed with M$ software on ZFS
All, Running Samba 3.5.4 on Solaris 10 with ZFS file system. I have issues where we have shared group folders. In these folders a userA in GroupA create file just fine with the correct inherited permissions 660. Problem is when userB in GroupA reads and modifies that file, with M$ office apps, the permissions get whacked to 060+ and the file becomes read only by everyone. I did google this and found exactly someone else with the same problem with a fix! But the fix is not working for me, so looking for some more help and incite to this problem. The following are the two URLs I found which looked like a fix to my problem: http://lists.samba.org/archive/samba/2008-November/145094.html https://bugzilla.samba.org/show_bug.cgi?id=6050 I have implemented those settings, but I still see the problem of the file permissions getting whacked. Here is my conf file: [global] workgroup = ENGR_DOM server string = Samba Server interfaces = e1000g0, lo0 bind interfaces only = Yes security = DOMAIN passdb backend = smbpasswd client NTLMv2 auth = Yes map untrusted to domain = Yes log level = 1 log file = /var/log/samba/logs/log.%m name resolve order = host bcast unix extensions = No max open files = 1 load printers = No domain master = No dns proxy = No lock spin time = 3 veto oplock files = /*.doc/*.DOC/*.docx/*.DOCX/*.xlsx/*.XLSX/*.xls/*.XLS/*.ppt/*.PPT/*.pst/*.PST/*.mdb/*.MDB/*.ldb/*.LDB/*.vsd/*.VSD/*.dwg/*.DWG/*.cdr/*.CDR/ strict locking = No [homes] comment = Home Directories read only = No create mask = 0640 directory mask = 0751 force directory mode = 0751 directory security mask = 0750 inherit permissions = Yes inherit owner = Yes browseable = No level2 oplocks = No vfs objects = zfsacl nfs4:acedup = merge nfs4:mode = special [ens] comment = ENS Groups path = /XKA2/admin/ENS valid users = +admin force group = admin read only = No create mask = 0770 directory mask = 02770 inherit permissions = Yes inherit acls = Yes map archive = No map readonly = permissions vfs objects = zfsacl nfs4:acedup = merge nfs4:mode = special The issue is in the ENS share. I also have the ZFS file system aclmode and aclinherit set to passthrough, see output of zfs get all: kame % zfs get all fsdata/admin/ENS NAME PROPERTY VALUE SOURCE fsdata/admin/ENS type filesystem - fsdata/admin/ENS creation Mon Mar 15 14:47 2010 - fsdata/admin/ENS used 73.6G - fsdata/admin/ENS available 9.35T - fsdata/admin/ENS referenced73.6G - fsdata/admin/ENS compressratio 1.15x - fsdata/admin/ENS mounted yes- fsdata/admin/ENS quota none default fsdata/admin/ENS reservation none default fsdata/admin/ENS recordsize64Kinherited from fsdata/admin fsdata/admin/ENS mountpoint/XKA2/admin/ENSinherited from fsdata fsdata/admin/ENS sharenfs rw,anon=0 inherited from fsdata/admin fsdata/admin/ENS checksum on default fsdata/admin/ENS compression on inherited from fsdata fsdata/admin/ENS atime offinherited from fsdata fsdata/admin/ENS devices on default fsdata/admin/ENS exec on default fsdata/admin/ENS setuidon default fsdata/admin/ENS readonly offdefault fsdata/admin/ENS zoned offdefault fsdata/admin/ENS snapdir hidden default fsdata/admin/ENS aclmode passthroughinherited from fsdata/admin fsdata/admin/ENS aclinheritpassthroughinherited from fsdata/admin fsdata/admin/ENS canmount on default fsdata/admin/ENS shareiscsioffdefault fsdata/admin/ENS xattr on default fsdata/admin/ENS copies1 default fsdata/admin/ENS version 4 - fsdata/admin/ENS utf8only off- fsdata/admin/ENS normalization none - fsdata/admin/ENS casesensitivity sensitive - fsdata/admin/ENS vscan offdefault fsdata/admin/ENS nbmandoffdefault fsdata/admin/ENS sharesmb offdefault fsdata/admi
Re: [Samba] rlimit_max errors
This is for Linux right? Solaris doesn't have limits.conf file. In Solaris such kernel parameters are put in /etc/system file. Just have to find the right kernel parameter to adjust. On 2/21/10 3:09 PM, Miguel Medalha wrote: Running Samba 3.4.5 on Solaris 10 Sparc platform. I can't seem to get rid of the following errors: log.b104d1:rlimit_max: rlimit_max (10020) below minimum Windows limit (16384) I've tried adding "ulimit -n 16384" to the samba start scripts, but still getting these errors. Anyone know what I should do about this. Could these errors cause slowness to the samba share for clients? I got rid of the error by making the necessary change permanent. I entered the following line in "/etc/security/limits.conf": * - nofile 16384 The warning previously given by "testparm" is now gone. From "limits.conf"'s header: «Quote: - the wildcard *, for default entry - nofile - max number of open files End of quote» -- C. J. Keist Email: cj.ke...@colostate.edu UNIX/Network ManagerPhone: 970-491-0630 Engineering Network ServicesFax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301 All I want is a chance to prove 'Money can't buy happiness' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Why Samba is stating files in /net??
running 3.4.5 on Solaris 10 sparc platform. Seeing odd behavior when I'm watching my smbd process through truss. When ever I just onen my Windows explorer window that just shows my mapped shares, the truss shows that the smbd process is trying to stat everything under /net. What is it doing that when I have no paths to /net specified in my smb.conf file? And is there anyway to stop smbd from trying to stat anything in /net? smb.conf: [global] workgroup = ENGR_DOM server string = Samba Server interfaces = e1000g0, lo0 bind interfaces only = Yes security = DOMAIN password server = xxx.xx.xx.xxx.xx passdb backend = smbpasswd client NTLMv2 auth = Yes map untrusted to domain = Yes log level = 2 log file = /var/log/samba/logs/log.%m name resolve order = host bcast unix extensions = No deadtime = 10 max open files = 1 load printers = No domain master = No dns proxy = No lock spin time = 3 veto oplock files = /*.doc/*.DOC/*.docx/*.DOCX/*.xlsx/*.XLSX/*.xls/*.XLS /*.ppt/*.PPT/*.pst/*.PST/*.mdb/*.MDB/*.ldb/*.LDB/*.vsd/*.VSD/*.dwg/*.DWG/*.cdr/* .CDR/ strict locking = No [homes] comment = Home Directories read only = No create mask = 0640 directory mask = 0751 force directory mode = 0751 directory security mask = 0750 inherit owner = Yes browseable = No browsable = No level2 oplocks = No vfs objects = zfsacl nfs4:mode = special [projects] comment = Project space path = /XKA1/projects read only = No create mask = 0775 directory mask = 02771 inherit permissions = Yes inherit acls = Yes vfs objects = zfsacl nfs4:mode = special [profiles] comment = Windows Roaming Profiles path = /XKA1/profiles valid users = +admin, +ens-students, +ACother read only = No profile acls = Yes [ens$] path = / valid users = cmapel, cjay, shaila, acrane force user = root read only = No browseable = No browsable = No [dean] comment = Dean Group path = /XKA1/temp-move/admin/Dean valid users = +Dean force group = Dean read only = No create mask = 0770 directory mask = 02770 inherit acls = Yes vfs objects = zfsacl nfs4:mode = special [ens] comment = ENS Groups path = /XKA1/temp-move/admin/ENS valid users = +admin force group = admin read only = No create mask = 0770 directory mask = 02770 inherit acls = Yes vfs objects = zfsacl nfs4:mode = special [ebo] comment = EBO path = /XKA1/temp-move/admin/EBO valid users = +ebo, +ebostdnt force group = ebo read only = No create mask = 0770 directory mask = 02770 inherit acls = Yes vfs objects = zfsacl nfs4:mode = special [adr] comment = Associate Dean for Researc path = /XKA1/temp-move/admin/ResearchDean valid users = +adr force group = adr read only = No create mask = 0770 directory mask = 02770 inherit acls = Yes vfs objects = zfsacl nfs4:mode = special [adu] comment = Associate Dean for UnderGraduates path = /XKA1/temp-move/admin/AcadAffairs valid users = +adu force group = adu read only = No create mask = 0770 directory mask = 02770 inherit acls = Yes vfs objects = zfsacl nfs4:mode = special [wmep] comment = Women&Minority in Engineering Programs path = /XKA1/temp-move/admin/WMEP valid users = +wmep force group = wmep read only = No create mask = 0770 directory mask = 02770 inherit acls = Yes vfs objects = zfsacl nfs4:mode = special [development] comment = Engineering Development path = /XKA1/temp-move/admin/Development valid users = +Devel force group = Devel read only = No create mask = 0770 directory mask = 02770 inherit acls = Yes vfs objects = zfsacl nfs4:mode = special [ce] comment = Civil Engineering path = /XKA1/temp-move/academic/CE valid users = +CEgroup force group = CEgroup read only = No create mask = 0770 directory mask = 02770 inherit acls = Yes vfs objects = zfsacl nfs4:mode = special [cira] comment = CIRA path = /XKA1/temp-move/academic/CIRA valid users = +cira force group = cira read only = No create mask = 0770 directory mask = 02770 inherit acls = Yes vfs objects = zfsacl nfs4:mode = special [atmos] comment = ATMOS path = /XKA1/temp-move/academic/Atmos
Re: [Samba] Strange errors in Samba Logs
Haven't seen any response to this question. I'm also seeing the same errors: [2010/01/31 09:33:32, 2] lib/util_sock.c:442(set_socket_options) Failed to set socket option SO_KEEPALIVE (Error Invalid argument) [2010/01/31 09:33:32, 2] lib/util_sock.c:442(set_socket_options) Failed to set socket option TCP_NODELAY (Error Invalid argument) My socket line: socket options = TCP_NODELAY Why am I even getting invalid SO_KEEPALIVE when I don't even have it listed in smb.conf? These are valid socket options according to my systems man pages. Running 3.4.5 on Solaris 10 Sparc. Ganju Yadav wrote: All, I see recurring error messages in my "smbd" log file. Any ideas how to fix this? [2010/01/29 09:17:27, 0] lib/util_sock.c:set_socket_options(261) Failed to set socket option TCP_NODELAY (*Error Invalid argument*) [2010/01/29 09:17:27, 0] lib/util_sock.c:set_socket_options(261) Failed to set socket option IPTOS_LOWDELAY (*Error Invalid argument*) [2010/01/29 09:17:27, 0] lib/util_sock.c:get_peer_addr(1232) getpeername failed. Error was Transport endpoint is not connected Here is how my smb.conf reads: socket options = TCP_NODELAY IPTOS_LOWDELAY Thanks in advance. Ganju -- C. J. Keist Email: cj.ke...@colostate.edu UNIX/Network ManagerPhone: 970-491-0630 Engineering Network ServicesFax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301 All I want is a chance to prove 'Money can't buy happiness' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] vfs objects - zfsacl
Looking to see if any one else is having this issue. Running 3.4.5 on solaris 10 with ZFS file system. When I add the vfs objects = zfsacl, Windows clients seem to fine but all my Mac OS X clients can no longer access folders on the share. They can mount the share fine but permissions are not being followed for Mac clients. "The folder "Name" could not be opened because you do not have sufficient access privileges". Without the zfsacl Mac clients are fine. smb.conf: [global] workgroup = ENGR_DOM server string = Samba Server security = DOMAIN lanman auth = No client NTLMv2 auth = Yes client lanman auth = No client plaintext auth = No log level = 2 log file = /XKA2/var/log/samba/logs/log.%m deadtime = 10 socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 load printers = No domain master = No dns proxy = No kernel oplocks = No lock directory = /XKA2/var/samba/locks pid directory = /XKA2/var/samba/locks homedir map = usershare path = /XKA2/var/samba/locks/usershares host msdfs = No oplocks = No strict locking = No dos filetimes = No [ens] comment = ENS Groups path = /XKA2/admin/ENS valid users = +admin force group = admin read only = No create mask = 0770 directory mask = 02770 inherit acls = Yes vfs objects = zfsacl nfs4:acedup = merge nfs4:chown = yes nfs4:mode = special -- C. J. Keist Email: cj.ke...@colostate.edu UNIX/Network ManagerPhone: 970-491-0630 Engineering Network ServicesFax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301 All I want is a chance to prove 'Money can't buy happiness' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Compiling zfsacl support
For 3.4.5 how do you get zfsacl support compiled in? I do not see any flags in configure for this. -- C. J. Keist Email: cj.ke...@colostate.edu UNIX/Network ManagerPhone: 970-491-0630 Engineering Network ServicesFax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301 All I want is a chance to prove 'Money can't buy happiness' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba shares freezing
Jermey, Will work on getting a trace back with gdb. I'm now seeing in the log files for clients this error: [2010/01/21 09:19:01, 0] smbd/oplock.c:317(oplock_timeout_handler) Oplock break failed for file mozilla/thunderbird/pluginreg.dat -- replying anyway What's strange is this error only occurs with our terminal servers, where we have multiple users logged in. All other single clients do not show this error at all? And it is with our terminal server users that are seeing the most problems with the shares freezing up or acting very slow. Jeremy Allison wrote: On Wed, Jan 20, 2010 at 03:53:06PM -0700, CJ Keist wrote: Jermey, Thank you for your response. I don't have gdb installed but here is truss of my share until it froze. It's blocked in an fcntl lock call on file descriptor 13. Unfortunately your truss trace doesn't show the open of fd 13, so I don't know what file this is. As it's an wait lock I'm guessing this is a tdb file. Install gdb next, and get the backtrace for more details. Jeremy. -- C. J. Keist Email: cj.ke...@colostate.edu UNIX/Network ManagerPhone: 970-491-0630 Engineering Network ServicesFax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301 All I want is a chance to prove 'Money can't buy happiness' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba shares freezing
All, Looking for some help here. Not finding anything on the net that looks the same as what I'm seeing. Running Solaris 10 Sparc, on a Sunfire 5220, 16Gb of RAM. Samba version 3.4.5 and using ZFS file systems with user quotas. All cifs clients shares to this server freeze after about 10 to 15 minutes of connectivity. Only fix is to restart samba. I'm not getting any errors from samba or on the /var/adm/messages or /var/log/syslog files. Totally stumped here. This freezing also happened with 3.4.0. Compile of samba ./configure --with-quotas --disable-shared-libs Config: # Samba config file created using SWAT # from UNKNOWN (���) # Date: 2010/01/20 14:18:59 [global] workgroup = ENGR_DOM server string = Samba Server security = DOMAIN password level = 8 lanman auth = Yes client NTLMv2 auth = Yes map untrusted to domain = Yes log level = 1 syslog = 2 log file = /var/log/samba/logs/log.%m max open files = 1 socket options = TCP_NODELAY IPTOS_LOWDELAY load printers = No preferred master = Auto domain master = No dns proxy = No wins server = xxx.xx.xxx.xxx kernel oplocks = No lock spin time = 3 remote announce = xxx.xx.xxx.xxx acl check permissions = No acl group control = Yes oplocks = No level2 oplocks = No strict locking = No [top] comment = Top of the Tree path = /top read only = No create mask = 0755 directory security mask = 0755 [projects] comment = Project space path = /XKA1/projects read only = No create mask = 0775 directory mask = 02771 inherit permissions = Yes inherit acls = Yes [profiles] comment = Windows Roaming Profiles path = /XKA1/profiles valid users = +admin, +ens-students, +ACother read only = No profile acls = Yes [ens$] path = / valid users = name, name2, name3 force user = root read only = No acl map full control = No [dean] comment = Dean Group path = /XKA2/admin/Dean valid users = +Dean force group = Dean read only = No create mask = 0770 directory mask = 02770 inherit acls = Yes [ens] comment = ENS Groups path = /XKA2/admin/ENS valid users = +admin force group = admin read only = No create mask = 0770 directory mask = 02770 inherit acls = Yes [ebo] comment = EBO path = /XKA2/admin/EBO valid users = +ebo, +ebostdnt force group = ebo read only = No create mask = 0770 directory mask = 02770 inherit acls = Yes [adr] comment = Associate Dean for Researc path = /XKA2/admin/ResearchDean valid users = +adr force group = adr read only = No create mask = 0770 directory mask = 02770 inherit acls = Yes [adu] comment = Associate Dean for UnderGraduates path = /XKA2/admin/AcadAffairs valid users = +adu force group = adu read only = No create mask = 0770 directory mask = 02770 inherit acls = Yes [wmep] comment = Women&Minority in Engineering Programs path = /XKA2/admin/WMEP valid users = +wmep force group = wmep read only = No create mask = 0770 directory mask = 02770 inherit acls = Yes [development] comment = Engineering Development path = /XKA2/admin/Development valid users = +Devel force group = Devel read only = No create mask = 0770 directory mask = 02770 inherit acls = Yes [ce] comment = Civil Engineering path = /XKA2/academic/CE valid users = +CEgroup force group = CEgroup read only = No create mask = 0770 directory mask = 02770 inherit acls = Yes [cira] comment = CIRA path = /XKA2/academic/CIRA valid users = +cira force group = cira read only = No create mask = 0770 directory mask = 02770 inherit acls = Yes [atmos] comment = ATMOS path = /XKA2/academic/Atmos valid users = +Atmosfac force group = Atmosfac read only = No create mask = 0770 directory mask = 02770 inherit acls = Yes [ece] comment = Electrical and Computer Engineering path = /XKA2/academic/ECE valid users = +ECEgroup force group = ECEgroup read only = No create mask = 0770 directory mask = 02770 inherit acls = Yes [me] comment = Mechanical Engineering path = /XKA2/academic/ME valid users = +MEgroup
[Samba] drop-box permission issues with Mac OSX
I've just upgraded to 3.4.0 Samba on Solaris 10 x86. We have folders all users home areas called drop-box. Its a folder for other users to drop files into but cannot access or read what is in the drop-box. On unix the permissions are set 2733. This works fine with Window clients. But is not working on Mac OSX clients using either smb or cifs protocols for mounting the cifs share on the Solaris box. Has anyone else seen this? This hasn't worked in previous versions of Samba as well with Mac's but wanting to see if there is a fix for this or not. Config below, the share with the drop-box is "students". [global] workgroup = MY_DOM server string = Samba Server security = DOMAIN password level = 8 lanman auth = Yes client NTLMv2 auth = Yes map untrusted to domain = Yes log level = 1 log file = /var/log/samba/logs/log.%m max log size = 50 deadtime = 10 max open files = 1 socket options = TCP_NODELAY IPTOS_LOWDELAY load printers = No preferred master = Auto dns proxy = No wins server = xxx.xxx.xxx.xxx kernel oplocks = No lock spin time = 3 remote announce = xxx.xxx.xx.xxx acl group control = Yes oplocks = No strict locking = No [homes] comment = Home Directories read only = No create mask = 0640 directory mask = 0751 inherit permissions = Yes inherit owner = Yes level2 oplocks = No [students] comment = Students home dirs path = /data/students read only = No create mask = 0770 directory mask = 02770 inherit owner = Yes level2 oplocks = No [student_orgs] comment = Student Orgs space path = /data/student_orgs read only = No create mask = 0770 directory mask = 02770 inherit permissions = Yes inherit acls = Yes level2 oplocks = No -- C. J. Keist Email: cj.ke...@colostate.edu UNIX/Network ManagerPhone: 970-491-0630 Engineering Network ServicesFax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301 All I want is a chance to prove 'Money can't buy happiness' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] net join problems
John, Thanks that was it!! John H Terpstra - Samba Team wrote: CJ Keist wrote: My last install of Samba was 3.2.2 on Solaris 10 Sparc platform. Had no problems. I'm now trying to install 3.4.0 on Solaris 10 x86 platform. With 3.2.2 I would join our Windows domain as such: net join -S servername -w DOMAIN_NAME -U username All worked fine. Now with 3.4.0 I'm getting usage error trying to do the same thing. Yes - a small change. Just use: net rpc join -S servername -W domain_name -U username Note: The change is the specification of the join method "rpc". - John T. -- C. J. Keist Email: cj.ke...@colostate.edu UNIX/Network ManagerPhone: 970-491-0630 Engineering Network ServicesFax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301 All I want is a chance to prove 'Money can't buy happiness' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] net join problems
My last install of Samba was 3.2.2 on Solaris 10 Sparc platform. Had no problems. I'm now trying to install 3.4.0 on Solaris 10 x86 platform. With 3.2.2 I would join our Windows domain as such: net join -S servername -w DOMAIN_NAME -U username All worked fine. Now with 3.4.0 I'm getting usage error trying to do the same thing. Here is my config: # ./testparm Load smb config files from /opt/samba-3.4.0/lib/smb.conf Processing section "[homes]" Processing section "[students]" Processing section "[student_orgs]" Processing section "[homes]" Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] workgroup = MY_DOM server string = Samba Server security = DOMAIN password level = 8 lanman auth = Yes client NTLMv2 auth = Yes map untrusted to domain = Yes log level = 1 log file = /var/log/samba/logs/log.%m max log size = 50 deadtime = 10 max open files = 1 socket options = TCP_NODELAY IPTOS_LOWDELAY load printers = No preferred master = Auto dns proxy = No wins server = xxx.xxx.xxx.xxx kernel oplocks = No lock spin time = 3 remote announce = xxx.xxx.xxx.xxx acl group control = Yes oplocks = No strict locking = No [homes] comment = Home Directories read only = No create mask = 0640 directory mask = 0751 inherit permissions = Yes inherit owner = Yes level2 oplocks = No [students] comment = Students home dirs path = /data/students read only = No create mask = 0770 directory mask = 02770 inherit owner = Yes level2 oplocks = No [student_orgs] comment = Student Orgs space path = /data/student_orgs read only = No create mask = 0770 directory mask = 02770 inherit permissions = Yes inherit acls = Yes level2 oplocks = No Has something changed with net join? -- C. J. Keist Email: cj.ke...@colostate.edu UNIX/Network ManagerPhone: 970-491-0630 Engineering Network ServicesFax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301 All I want is a chance to prove 'Money can't buy happiness' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba 3.0.28 and dropboxes
James, That would be great if you can find the patch. For, now I will drop back to 3.0.6a samba. Happy Holidays and Happy New Year. James Peach wrote: On 20/12/2007, CJ Keist <[EMAIL PROTECTED]> wrote: All, I searched archives and found one related to our problem, with subject "samba 3.0.26a and dropboxes", but there was no solution. So posting this again for hopes of a fix. We have dropboxes where users can drop files in someone else's dropbox folder. You have write permissions but not read for the folder. In UNIX the dropbox permision is set as 2733. This all worked fine with Samba 3.0.6a. But now have upgraded to Samba 3.0.28 and they are no longer working. I think that's a Samba bug, There was a change in the directory handling code that started requiring the ability to read the directory. I have a patch for this somewhere - I'll try to dig it up in the new year. -- C. J. Keist Email: [EMAIL PROTECTED] UNIX/Network ManagerPhone: 970-491-0630 Engineering Network ServicesFax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301 All I want is a chance to prove 'Money can't buy happiness' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0.28 and dropboxes
Yes, UNIX permissions are all set correctly, 2733. Full access for the user that owns the dropbox folder, and just write and execute for group and other. With set gid enabled. User accounts in UNIX and Windows domains are the same. Everything else with the share works fine. Just not to these dropbox folders with 2733 permissions. If set to 2773, giving group read/write then everyone in the group can copy files into the dropbox. But that is not the function we want. We only want the owner of the dropbox having read access. Again this all worked great in samba-3.0.6a, so looking like I'm going to have to revert to the older version as dropbox folder functionality is imperative for us. New options I have enabled for the share to try and make this work are: inherit permission = yes inherit owner = yes dos filemode = yes John Drescher wrote: On Dec 21, 2007 10:12 AM, CJ Keist <[EMAIL PROTECTED]> wrote: "no longer working" is you can no longer move or copy files into the dropbox folder from Windows 2000, XP, Vista or even MacOSX. You get access denied error. Have you verified that that unix permissions allow writing for the admin group? John -- C. J. Keist Email: [EMAIL PROTECTED] UNIX/Network ManagerPhone: 970-491-0630 Engineering Network ServicesFax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301 All I want is a chance to prove 'Money can't buy happiness' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0.28 and dropboxes
What is "command line", don't see that key on my keyboard anywhere! If Option "Read Only" is NO. Doesn't that imply writing is allowed?? Anyway, put in the writeable Option and set to "Yes" and still getting access denied error when try to copy or drag and drop file on the dropbox folder. [global] workgroup = MY_DOMAIN server string = Samba Server security = DOMAIN password server = server1,server2 passwd program = /usr/local/bin/passwd username map = /etc/smbusers password level = 8 client NTLMv2 auth = Yes client lanman auth = No client plaintext auth = No log level = 1 log file = /var/log/samba/logs/log.%m max log size = 50 name resolve order = lmhosts host wins bcast deadtime = 10 socket options = TCP_NODELAY IPTOS_LOWDELAY load printers = No dns proxy = No kernel oplocks = No ldap ssl = no remote announce = 169.168.0.34 winbind cache time = 15 oplocks = No strict locking = No dos filemode = Yes [ens] comment = ENS Groups path = /top/admin/ENS valid users = +admin force group = admin read only = No writeable = Yes create mask = 0770 directory mask = 02770 inherit permissions = Yes inherit acls = Yes inherit owner = Yes And I do restart the samba services every time I edit the smb.conf file. If you don't have anything constructive to say don't bother replying to my posts. Charles Marcus wrote: On 12/21/2007, CJ Keist ([EMAIL PROTECTED]) wrote: There is no "writable" option in Swat that I can see even with Advance mode. Ever heard of the command line? -- C. J. Keist Email: [EMAIL PROTECTED] UNIX/Network ManagerPhone: 970-491-0630 Engineering Network ServicesFax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301 All I want is a chance to prove 'Money can't buy happiness' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0.28 and dropboxes
There is no "writable" option in Swat that I can see even with Advance mode. The shares work fine otherwise, just not to our dropbox folders that have the permissions of 2733. Get "access denied" error when you try and copy a file or drag and drop a file onto the dropbox folder. Alex Harrington wrote: But now have upgraded to Samba 3.0.28 and they are no longer working. Try adding "writable = yes" to the share definition? Cheers Alex -- C. J. Keist Email: [EMAIL PROTECTED] UNIX/Network ManagerPhone: 970-491-0630 Engineering Network ServicesFax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301 All I want is a chance to prove 'Money can't buy happiness' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0.28 and dropboxes
"no longer working" is you can no longer move or copy files into the dropbox folder from Windows 2000, XP, Vista or even MacOSX. You get access denied error. Ryan Novosielski wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CJ Keist wrote: All, I searched archives and found one related to our problem, with subject "samba 3.0.26a and dropboxes", but there was no solution. So posting this again for hopes of a fix. We have dropboxes where users can drop files in someone else's dropbox folder. You have write permissions but not read for the folder. In UNIX the dropbox permision is set as 2733. This all worked fine with Samba 3.0.6a. But now have upgraded to Samba 3.0.28 and they are no longer working. My settings for the share is: [ens] comment = ENS Groups path = /top/admin/ENS valid users = +admin force group = admin read only = No create mask = 0770 directory mask = 02770 inherit permissions = Yes inherit acls = Yes inherit owner = Yes dos filemode = Yes This is on Solaris 9 UFS filesystem with quotas enabled. You do realize how vague "no longer working" is, right? - -- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II |$&| |__| | | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHa1Bomb+gadEcsb4RAl7JAKCqVRj97RmjGPSiLXUTF0r7oOuLmACg0CzY TfOFCrrKmDM2OcqJD4+pzCY= =pWNy -END PGP SIGNATURE- -- C. J. Keist Email: [EMAIL PROTECTED] UNIX/Network ManagerPhone: 970-491-0630 Engineering Network ServicesFax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301 All I want is a chance to prove 'Money can't buy happiness' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.0.28 and dropboxes
All, I searched archives and found one related to our problem, with subject "samba 3.0.26a and dropboxes", but there was no solution. So posting this again for hopes of a fix. We have dropboxes where users can drop files in someone else's dropbox folder. You have write permissions but not read for the folder. In UNIX the dropbox permision is set as 2733. This all worked fine with Samba 3.0.6a. But now have upgraded to Samba 3.0.28 and they are no longer working. My settings for the share is: [ens] comment = ENS Groups path = /top/admin/ENS valid users = +admin force group = admin read only = No create mask = 0770 directory mask = 02770 inherit permissions = Yes inherit acls = Yes inherit owner = Yes dos filemode = Yes This is on Solaris 9 UFS filesystem with quotas enabled. Thanks... -- C. J. Keist Email: [EMAIL PROTECTED] UNIX/Network ManagerPhone: 970-491-0630 Engineering Network ServicesFax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301 All I want is a chance to prove 'Money can't buy happiness' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] changing file permissions problems
For samba 2.2.8a Well, I have found that the problem I'm seeing is that in W2K it will not let you remove all permissions from say Everyone. For example in UNIX the file permission is set to 0644. I want to remove the read permission for Everyone from W2K. In the Security tab, when I try to uncheck the read for Everyone and then hit "Apply" the read just gets re-checked. Now I can check the write for Everyone hit "Apply" and that takes. I can then uncheck the read just fine. But I cannot uncheck the write. Also, in the Security tab, when I have selected "Everyone" and then try to click the Deny for read, when I hit the "Apply" button it ends up removing my Group instead!!! Any help here would be greatly appreciated... --- C. J. Keist Email: [EMAIL PROTECTED] UNIX/Network ManagerPhone: 970-491-0630 Engineering Network ServicesFax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301 All I want is a chance to prove 'Money can't buy happiness'" -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 2.2.8a file permissions not working
Yes, same thing is happening to me. This looks to be a bug, which has gotten worse as file permission changing didn't fully work in 2.2.7a. On Thursday, August 7, 2003, at 11:08 AM, [EMAIL PROTECTED] wrote: Are you able to select a new permission (user or group) yet after you apply, the perm. goes away? If so that is the problem I am having and have found no resolution. I have the same problem w/ 2.2.8 and 3.0 Regards, Matthew Twigg Network Administrator SunGard Insurance Systems | 313 Speen Street Natick, MA 01760 (508) 903-1758 Copyright © 2003 by SunGard Data Systems Inc. (or its subsidiaries, "SunGard"). All rights reserved. No parts of this document may be reproduced or transmitted without SunGard's prior written permission. This document contains SunGard's confidential or proprietary information. By accepting this document, you agree that: (A)(1) if a pre-existing contract containing disclosure and use restrictions exists between your company and SunGard, you and your company will use this information subject to the terms of the pre-existing contract; or (2) if no such pre-existing contract exists, you and your Company agree to protect this information and not reproduce or disclose the information in any way; and (B) SunGard makes no warranties, express or implied, in this document, and SunGard shall not be liable for damages of any kind arising out of use of this document. CJ Keist <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 08/07/2003 12:04 PM To: [EMAIL PROTECTED] cc: Subject:[Samba] Samba 2.2.8a file permissions not working We have upgraded from Samba 2.2.7a to 2.2.8a. We have samba running our our two UNIX file servers, one is Solaris 8 and the other RedHat Linux 7.3. Samba was compiled as follows: configure --prefix=/opt/samba --with-acl-support --with-quotas Right now it doesn't looks like changing file/folder permissions are working from W2K. When we right click on a file/folder and go to the security tab it show the current file permissions fine. But when you try to change them it is being ignored. No error messages are being shown. No matter what we do no changes are happening on the UNIX side. This occurs on the Linux file server too. This did work in 2.2.7a and compiled the same way as above. Is there something different in 2.2.8a, or is this a bug Thanks... --- - --- C. J. Keist Email: [EMAIL PROTECTED] UNIX/Network ManagerPhone: 970-491-0630 Engineering Network ServicesFax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301 All I want is a chance to prove 'Money can't buy happiness'" -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba --- C. J. Keist Email: [EMAIL PROTECTED] UNIX/Network ManagerPhone: 970-491-0630 Engineering Network ServicesFax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301 All I want is a chance to prove 'Money can't buy happiness'" -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 2.2.8a file permissions not working
We have upgraded from Samba 2.2.7a to 2.2.8a. We have samba running our our two UNIX file servers, one is Solaris 8 and the other RedHat Linux 7.3. Samba was compiled as follows: configure --prefix=/opt/samba --with-acl-support --with-quotas Right now it doesn't looks like changing file/folder permissions are working from W2K. When we right click on a file/folder and go to the security tab it show the current file permissions fine. But when you try to change them it is being ignored. No error messages are being shown. No matter what we do no changes are happening on the UNIX side. This occurs on the Linux file server too. This did work in 2.2.7a and compiled the same way as above. Is there something different in 2.2.8a, or is this a bug Thanks... --- C. J. Keist Email: [EMAIL PROTECTED] UNIX/Network ManagerPhone: 970-491-0630 Engineering Network ServicesFax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301 All I want is a chance to prove 'Money can't buy happiness'" -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 2.2.8a file permissions not working
The ACL is not the issue here, but being able to change the basic user,group.other permissions on files/folders. Right now 2.2.8a seems to ignore any permission changes you make from W2K. In playing around some more I find that it will remove permissions, but you cannot add permissions. On Thursday, August 7, 2003, at 02:46 PM, Errol Neal wrote: Or our two UNIX file servers, one is Solaris 8 and the other RedHat Linux 7.3. Samba was compiled as follows: configure --prefix=/opt/samba --with-acl-support --with-quotas Right now it doesn't looks like changing file/folder permissions are working from W2K. When we right click on a file/folder and go to the security tab it show the current file permissions fine. But when you try to change them it is being ignored. No error messages are being shown. No matter what we do no changes are happening on the UNIX side. This occurs on the Linux file server too. This did work in 2.2.7a and compiled the same way as above. Is there something different in 2.2.8a, or is this a bug In order to use '--with-acl-support', your kernel needs to have acl-support, and that is dependant upon the file system you are running. Red Hat 9 does not have ACL support in the default kerner NOR do Red Hat's modified kernels up to 2.4.21, so my guess is your RH 7.3 does not have ACL support either. Errol Errol Neal, Systems/Network Administrator [EMAIL PROTECTED] Enhanced Technologies Inc. http://www.enhtech.com 703-924-0301 or 800-368-3249 703-924-0302 Fax --- C. J. Keist Email: [EMAIL PROTECTED] UNIX/Network ManagerPhone: 970-491-0630 Engineering Network ServicesFax: 970-491-5569 College of Engineering, CSU Ft. Collins, CO 80523-1301 All I want is a chance to prove 'Money can't buy happiness'" -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba