Re: [Samba] Samba - PANIC: sys_setgroups failed
On Tuesday 23 June 2009 07:24:26 am Jamen McGranahan wrote: [2009/06/22 09:31:44, 0] lib/util.c:smb_panic(1673) PANIC (pid 5473): sys_setgroups failed [2009/06/22 09:31:44, 0] lib/util.c:log_stack_trace(1827) unable to produce a stack trace on this platform [2009/06/22 09:31:44, 0] lib/fault.c:dump_core(231) dumping core in /usr/local/samba/var/cores/smbd Is your user in more than 16 groups? Solaris does not seem to like users with more than 16 groups. Christian McHugh Northern Arizona University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Question on proper handling of usernames
Hi all, I would like to try to start up a conversation about the proper handling of usernames by samba/winbind. I know our current active directory setup is not really considered supported via samba and I would like to know if the samba developers think this might change, or if there are any recommendations for my issues. *** Since this came out rather long, here is a quick summary... Samba with use default domain is able to serve \\server\JOINED- DOMAIN\username, but not \\server\OTHER-DOMAIN\username since it cannot lookup the user account in AD to be able to get the location of the home directory. In discussions with samba developers in the past I got the impression this is simply a WONT-FIX case, but for my environment I would really like it to work. I am just a lowly systems administrator, and do not posses the necessary skill set to provide a patch to implement this, do I have any options? *** ... and the long version Due to historical and political reasons, my university has two domains contained in a single forest: NAU for faculty and staff and NAU-STUDENTS for students. The problem arises in that many faculty/staff have at one point taken a class which means that they also have both an NAU and NAU-STUDENTS account. Additionally, we are using the rfc2307 AD attributes, and unix uid is the same for both accounts. So should a user log in from either domain they should be able to access the same mapped drive (I realize this is not technically supported by samba, but idmap_ad does work with this setup) Currently in my college, we run a samba fileserver and all of our users have its drive mapped (we also have UNIX/Linux clients that have nfs mounted home dirs). We are currently using a third party product to handle pam/nsswitch which interprets a username as just username. Meaning NAU-STUDENTS\mcm75 or NAU\mcm75 are considered the same (since they share the same uid). In testing samba 3.3 and later releases, as I stated, idmap_ad does seem to work (idmap_adex seems broken #5973) as far as a user from a windows host connecting. However, as an admin I do occasionally find myself needing to get into a user's homedirectory. In this case we have the admin users permission setup to allow this, as well as the use default domain parameter. This combination allows me to access home directories of users in the same domain as the server is joined, so in this case NAU-STUDENTS. The problem lies in trying to access home directories of users that only have accounts in NAU. At that point trying \\server\nau-only-username, samba/winbind are not able to resolve the username to lookup the location of the home directory to properly serve it out (#6188). I get the impression that the domain\username is considered more proper by the samba devs, but are there any plans to eventually support a domain lookup option? This could replace the current use default domain, such as: lookup domains = NAU NAU-STUDENTS where winbind when not finding a match on username, would first attempt a lookup on NAU\username followed by NAU-STUDENTS\username Alternatively, do I have any other options as far as supporting the \\server\nau-only-username admin access problem? Thank you, Christian McHugh Northern Arizona University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problems with idmap_adex module
On Thursday 26 March 2009 08:59:53 Gerald (Jerry) Carter wrote: I'm having problems getting the new idmap_adex module to work. Sorry about that. Not sure if it is related, but it looks like the problems in 5973 are from idmap_adex Christian McHugh -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] using winbind to map existing unix to AD users
On Tuesday 24 February 2009 09:23:57 Tom Lieuallen wrote: It seems winbind is the solution for this, however it seems to want to generate the uids rather than using getpwent to look that up. There are a few different plugins winbind can use to perform the uid-sid mapping. By default samba uses the tdb mapper which, as you describe, will generate uid maps on the fly. In my environment we have uid/gid info populated in active directory so our samba server is able to use the idmap_ad or idmap_adex modules to lookup uid info from ad. Depending on your environment you may be able to use the idmap_nss or idmap_ldap modules. See the idmap man pages on http://us6.samba.org/samba/docs/man/manpages-3/ Christian McHugh Northern Arizona University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba+acl problem on OSX
On Tuesday 17 February 2009 16:19:19 James Peach wrote: 2009/2/17 Eero Volotinen eero.voloti...@iki.fi: I have problem using samba+acl (ext3+acl) on OSX client. Access rights works fine on Linux and Windows series, but OSX Leopard says access denied to every directory that is using acl. Is OSX cifs client too stripped that it cannot use acl or is this OSX bug? Is there any solution on OSX that can access samba+acl directories? The Mac OS X client looks at the posix mode bits to preflight access checks. you can disable this on the server side by setting unix extensions = no Is that the only option? We've noticed the same behavior of osx clients recently, but we also have linux clients connecting and I don't wish to degrade the experience by disabling unix extensions. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba authentication PAM/LDAP
On Wed, Nov 12, 2008 at 03:53:51PM -0500, Lenny Shovsky wrote: Can Samba authenticate directly ( through pam_ldap ? ) via LDAP, which only has Unix uids password hashes ? Thank you. No. You need to store the NT hashes somewhere, either in LDAP or in another passdb backend. What about the nss winbind backend? Couldn't you setup nss_ldap and pam_ldap, and still run a samba server with the nss winbind backend? If anyone has any tips for doing this I'd really like to know. Thanks, Christian McHugh -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Fwd: Sol9 make failure of samba 3.2.2 with gcc 3.4.6 -- libtalloc.so.1
We are compiling samba on solaris 10 (also works on solaris 9) by installing the kerberos, openldap, and openldap-devel stuff from blastwave. With that done samba can be compiled by pointing to the csw locations: export CPPFLAGS='-I/opt/csw/include' export LDFLAGS='-L/opt/csw/lib' ./configure --prefix=/usr/local/samba --with-shared-modules=idmap_ad --with-pam --with-ads --with-krb5=/opt/csw After the configure finishes you must edit the Makefile to remove entries for -z text (see bug 5770) and change the /bin/sh entry to /bin/bash (bug 5765) after that a gmake gmake install should work To get samba to function once installed you will also have to edit the library path to add the location for the shared samba libraries: crle -c /var/ld/ld.config -l /lib:/usr/lib:/opt/csw/lib:/usr/local/samba/lib and that should do it! Good luck, Christian McHugh Northern Arizona University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] UIDGID no same at two server...
On Thursday 11 September 2008 05:19:47 Renato wrote: Hi, i found a solution Just to copie /var/lib/samba/winbindd_idmap.tdb ans restart smb winbind. I'it okay! There are multiple methods winbind can use to generate the uid-sid mapping. The default being tdb, which just generates a uid on the fly. As you noticed it does not necessarily sync between machines. If you need uid sync, you are better off looking at the rid module, which generates a uid based on the windows sid. Christian Mchugh -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [ANNOUNCE] Samba 3.3.0pre1 Available for Download
On Tuesday 26 August 2008 03:35:22 Karolin Seeger wrote: Major enhancements in Samba 3.3.0 include: Winbind: o Simplyfied idmap configuration. o Added new parameter winbind reconnect delay. As a lowly admin I can only beg: Has anyone looked at forward porting the patch from bug 3661? It would make my life much easier, and looks like it might close bugs 3661, 5363, and maybe 4069. Problem seems to be that idmap_ad only looks at the domain it is joined to and does not look up attributes for trusted domains. This forces us to use a third party product to lookup rfc2307 attributes from our two AD domains. Thanks, Christian McHugh Northern Arizona University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Slow and unpredictable Samba performance?
On Tuesday 26 August 2008 09:32:01 Jakov Sosic wrote: On Tuesday 26 August 2008 18:23:18 Andrew Morgan wrote: Why not open a support ticket with Sun then, since it is their packaging of Samba that seems to be slow? :) Because I use Solaris without support, and I tought this could be a version issue perhaps (3.0.23 vs 3.0.28)? Just a quick rant, but I've had a samba ticket open with Sun since October. They insist on statically compiling idmap_ad which breaks it. After I found out, I asked on #samba about statically compiling the module and was informed that it was a bad idea. I guess it is an untested path because when I try to use the rfc2307 module samba says it can't find rfc2307.so, even though it should not be looking for it because it is statically compiled. My case with Sun has just been closed as unbreaking the shipped version of samba is being called a request for enhancement and they want nothing more to do with it. Point being, Sun's support is not very handy. I've gone through 3 different support engineers and I had to explain the process of ./configure to each of them, and what it means to statically compile something. samba.org has been responsive and good to me. I wish I could say the same of the vendor we are paying money to. Sigh. Christian McHugh Northern Arizona University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind: SID2UID looks in own domain only ?
Gerald (Jerry) Carter wrote: This is a limitation of the idmap_ad pliugin currenytly (bug or RFE depending on how you look at it). The plugin doesn't have a proper connection mgr to contact more than its primary domain. Good to know. It has been a major problem for us, running multiple domains. https://bugzilla.samba.org/show_bug.cgi?id=5363 Are there any plans for fixing/enhancement? Christian McHugh Northern Arizona University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbind with multiple domains
We have a situation where we have two domains that can authenticate users. One for students, one for faculty/staff, both with rfc2307 attributes. Winbind does lookups properly to the domain that samba is joined to, but claims it cannot lookup sids in the other domain. There is an explicit trust relationship, and wbinfo -g and -u can see the users just fine. However, getent passwd still can not show user info. I've created a bug about this issue: 5363 Are there any ideas? Thanks, Christian McHugh Northern Arizona University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbind with multiple domains
We have a situation where we have two domains that can authenticate users. One for students, one for faculty/staff, both with rfc2307 attributes. Winbind does lookups properly to the domain that samba is joined to, but claims it cannot lookup sids in the other domain. There is an explicit trust relationship, and wbinfo -g and -u can see the users just fine. However, getent passwd still can not show user info. I've created a bug about the issue 5363, but are there any ideas? Thanks, Christian McHugh Northern Arizona University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba-3.2-pre2 feedback
Michael Adam wrote: My last issue is that I seem to be unable to join the domain again. net ads join -U mmchugh Enter mmchugh's password: Failed to join domain: failed to set machine spn: Constraint violation net rpc join -S students.froot.nau.edu -U mmchugh Enter mmchugh's password: [2008/03/06 05:02:47, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(393) Error in domain join verification (credential setup failed): NT_STATUS_INVALID_COMPUTER_NAME Unable to join domain NAU-STUDENTS. This is on a machine that was previously joined with 3.0.28 Could you provide level 10 logs and network sniffs (truss) of this problem? Maybe the samba-technical mailing list or bugzilla would be a more appropriate place for this. Thanks again for your feedback - much appreciated! Cheers - Michael Realized I forgot to copy the list... Thanks! I've created bug #5305, but I'm not sure how useful the logs will be. I tried tail -f'ing log.smbd but it does not seem to write on a net join. Thanks, Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba-3.2-pre2 feedback
Hi, As with the last few releases, compiling on solaris requires that I edit the Makefile and remove instances of -z text Also, once compiling and installing, it seems unable to start: ld.so.1: smbd: fatal: libtalloc.so: open failed: No such file or directory Killed ld.so.1: nmbd: fatal: libtalloc.so: open failed: No such file or directory Killed This is fixed by adding /usr/local/samba/lib to my LD_LIBRARY_PATH, but I don't recall ever having to do that in the past. And when I attempt to run samba applications other libraries are not found: ./net ads join ld.so.1: net: fatal: bin/libtdb.so: open failed: No such file or directory I was stuck at this point, but another recompile with gcc4/lib in the LD_LIBRARY_PATH and a --disable-pie at configure time seem to have fixed it. My last issue is that I seem to be unable to join the domain again. net ads join -U mmchugh Enter mmchugh's password: Failed to join domain: failed to set machine spn: Constraint violation net rpc join -S students.froot.nau.edu -U mmchugh Enter mmchugh's password: [2008/03/06 05:02:47, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(393) Error in domain join verification (credential setup failed): NT_STATUS_INVALID_COMPUTER_NAME Unable to join domain NAU-STUDENTS. This is on a machine that was previously joined with 3.0.28 Any ideas? Thanks, Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] configure for rfc2307
I am having problems getting samba to compile the rfc2307 module. I can't seem to find the correct args to ./configure to get it compiled and installed. I would prefer to have it statically compiled as there seem to be some loading issues on solaris at the moment. Can anyone help out? Thanks, Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] everyone acl
Howdy all, I was wondering if there was a known bug with the everyone acl. When looking at the security tab on windows the everyone acl has the read permission. If I unselect it to give everyone no permission and hit apply, read becomes checked again. If I select deny everyone read, then a warning pops up saying this will deny read for all users and it does. If after that I give read to another user, then everyone has read selected again. It seems the only way to unset read on everyone is to do it unix side. Is this a known problem or is there any solution? I'm tried running samba 3.0.27 and 3.0.28 on solaris 10 with these results. Thanks, Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba everyone read
Roel van Meer wrote: Please have a look at bugs 4929 and 5094. There are some patches there that fix this problem for me (but not for everyone). Thanks. The first part of the first patch did not apply cleanly for me, but manually deleting some stuff is not too bad. It works for me too. Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] idmap_ad and multiple domians
Has anyone else gotten samba functioning with idmap_ad and multiple domains? In our environment we have a domain with two child domains. There is one child domain for students, and another for faculty staff. Our servers are joined to the student domain, but need to be able to enumerate users in the staff domain. When attempting to lookup a user (wbinfo -i 'NAU\car3') that only exists in the staff domain, I see this in the log.winbindd-idmap: [2008/02/19 07:34:25, 4] nsswitch/winbindd_dual.c:fork_domain_child(1054) child daemon request 48 [2008/02/19 07:34:25, 10] nsswitch/winbindd_dual.c:child_process_request(479) process_request: request fn DUAL_SID2UID [2008/02/19 07:34:25, 3] nsswitch/winbindd_async.c:winbindd_dual_sid2uid(374) [ 8151]: sid to uid S-1-5-21-20713206-1263413069-421607344-5886 [2008/02/19 07:34:25, 10] nsswitch/idmap_util.c:idmap_sid_to_uid(105) idmap_sid_to_uid: sid = [S-1-5-21-20713206-1263413069-421607344-5886] [2008/02/19 07:34:25, 10] nsswitch/idmap.c:idmap_backends_sids_to_unixids(1115) Query backends to map sids-ids [2008/02/19 07:34:25, 10] nsswitch/idmap.c:idmap_backends_sids_to_unixids(1140) SID S-1-5-21-20713206-1263413069-421607344-5886 is being handled by NAU-STUDENTS [2008/02/19 07:34:25, 10] nsswitch/idmap.c:idmap_backends_sids_to_unixids(1161) Query ids from domain NAU-STUDENTS [2008/02/19 07:34:25, 7] nsswitch/idmap_ad.c:ad_idmap_cached_connection_internal(77) Current tickets expire in 35983 seconds (at 1203467648, time is now 1203431665) [2008/02/19 07:34:25, 10] nsswitch/idmap_ad.c:idmap_ad_sids_to_unixids(543) Filter: [((|(sAMAccountType=805306368)(sAMAccountType=805306369)(sAMAccountType=805306370)(sAMAccountType=268435456)(sAMAccountType=536870912))(|(objectSid=\01\05\00\00\00\00\00\05\15\00\00\00\F6\0E\3C\01\4D\27\4E\4B\B0\37\21\19\FE\16\00\00)))] [2008/02/19 07:34:25, 5] libads/ldap_utils.c:ads_do_search_retry_internal(64) Search for ((|(sAMAccountType=805306368)(sAMAccountType=805306369)(sAMAccountType=805306370)(sAMAccountType=268435456)(sAMAccountType=536870912))(|(objectSid=\01\05\00\00\00\00\00\05\15\00\00\00\F6\0E\3C\01\4D\27\4E\4B\B0\37\21\19\FE\16\00\00))) in dc=STUDENTS,dc=FROOT,dc=NAU,dc=EDU gave 0 replies [2008/02/19 07:34:25, 10] nsswitch/idmap_ad.c:idmap_ad_sids_to_unixids(553) No IDs found [2008/02/19 07:34:25, 10] nsswitch/idmap.c:idmap_can_map(918) idmap backend for SID S-1-5-21-20713206-1263413069-421607344-5886 is READONLY! [2008/02/19 07:34:25, 10] nsswitch/idmap_cache.c:idmap_cache_set_negative_sid(258) Adding cache entry with key = IDMAP/SID/S-1-5-21-20713206-1263413069-421607344-5886; value = 1203431785/IDMAP/NEGATIVE and timeout = Tue Feb 19 07:36:25 2008 (120 seconds ahead) [2008/02/19 07:34:25, 10] nsswitch/idmap_util.c:idmap_sid_to_uid(125) sid [S-1-5-21-20713206-1263413069-421607344-5886] not mapped to an uid [2,1,0] [2008/02/19 07:34:25, 10] nsswitch/winbindd_cache.c:cache_store_response(2260) Storing response for pid 8153, len 3240 [2008/02/19 07:34:25, 10] lib/events.c:get_timed_events_timeout(295) timed_events_timeout: 277/780278 [2008/02/19 07:39:02, 10] lib/events.c:run_events(240) Running event async_request_timeout 2c6fd0 [2008/02/19 07:39:02, 0] nsswitch/winbindd_dual.c:async_request_timeout_handler(181) async_request_timeout_handler: child pid 8152 is not responding. Closing connection to it. [2008/02/19 07:39:02, 10] lib/events.c:timed_event_destructor(66) Destroying timed event 2c6fd0 async_request_timeout [2008/02/19 07:39:02, 5] nsswitch/winbindd_dual.c:async_reply_recv(263) Could not receive async reply from child pid 8152 [2008/02/19 07:39:02, 5] nsswitch/winbindd_util.c:init_child_recv(425) Received child initialization response for domain NAU-STUDENTS [2008/02/19 07:39:02, 3] nsswitch/winbindd_util.c:init_child_recv(428) Could not init child [2008/02/19 07:39:02, 5] nsswitch/winbindd_dual.c:domain_init_recv(402) Domain init returned an error [2008/02/19 07:39:02, 1] nsswitch/winbindd_util.c:trustdom_recv(235) Could not receive trustdoms log.winbindd prints out: [2008/02/19 07:34:25, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(2300) Retrieving response for pid 8153 [2008/02/19 07:34:25, 5] nsswitch/winbindd_async.c:winbindd_sid2uid_recv(347) sid2uid returned an error [2008/02/19 07:34:25, 5] nsswitch/winbindd_user.c:getpwsid_sid2uid_recv(266) Could not query uid for user NAU\car3 Both the student and faculty domains have the rfc2307 attributes set, so I am unsure as to why I am only able to lookup users in the NAU-STUDENTS domain and not the NAU domain. Any thoughts? Thanks, Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] configure for rfc2307
Christian McHugh wrote: I am having problems getting samba to compile the rfc2307 module. I can't seem to find the correct args to ./configure to get it compiled and installed. I would prefer to have it statically compiled as there seem to be some loading issues on solaris at the moment. Now knowing that idmap_ad is responsible for the various mappings, it seems that it is a bit buggy. After statically compiling idmap_ad on solaris 10, I still see messages in the log about being unable to load the rfc2307 module. Sometimes it even says unable to load rfc2307.disabled_static. Any thoughts? Thanks, Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba everyone read
This is another plea for help with the samba bug of being unable to remove the read permission from the everyone entry. In the samba bugzilla the closest entry I can find is #4325. I made a note on the issue and would be happy to provide any log files or debug info needed. This is pretty critical as permissions cannot be adequately modified from windows. Any ideas? Thanks, Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: winbind - not ready for prime time
Guido Lorenzutti wrote: Jeremy Allison wrote: If you have a specific issue, ask it. If you have a specific bug, report it. You did none of those things. Im not a developer, Im a sysadmin and I been using samba for a lot of years know. When I read the post, I wasn't going to answear, 'coz I didn't feel related to the subject. I think I have a little experience in Samba and Winbind. If you need someone to write examples, docs, manpages, etc.. I don't have any problem to fill the blanks. Just tell me where I should start. Well, in an attempt at raising the signal to noise ratio, I've personally had problems deciphering exactly how to use winbind with idmap_ad. - In the smb.conf do I have an idmap decleration per domain, or is the example given in the man page ALLDOMAINS acceptable? - (As mentioned in an unanswered mail to this list) How do I go about compiling the rfc2307 module, either statically or dynamiclly? Once I get past the rfc2307 compile question, I think I'll have more questions. But since I don't have winbind running well in my environment (yet) I can bring those up later. Thanks, Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] configure for rfc2307
I am having problems getting samba to compile the rfc2307 module. I can't seem to find the correct args to ./configure to get it compiled and installed. I would prefer to have it statically compiled as there seem to be some loading issues on solaris at the moment. Can anyone help out? Thanks, Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] everyone acl
Howdy all, I was wondering if there was a known bug with the everyone acl. When looking at the security tab on windows the everyone acl has the read permission. If I unselect it to give everyone no permission and hit apply, read becomes checked again. If I select deny everyone read, then a warning pops up saying this will deny read for all users and it does. If after that I give read to another user, then everyone has read selected again. It seems the only way to unset read on everyone is to do it unix side. Is this a known problem or is there any solution? I'm tried running samba 3.0.27 and 3.0.28 on solaris 10 with these results. Thanks, Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: everyone acl
Jamrock wrote: Perhaps this article will shed some light on the issue. It explains how Samba works with Windows ACL's. http://searchenterpriselinux.techtarget.com/tip/0,289483,sid39_gci1080966,00.htm I understand how the acls should work. My issue seem to be more of a bug. For example: If I have the following setup... # owner: root # group: root user::rwx user:bin:rwx group::rwx mask::rwx other::r-- The other permission shows up in windows as the everyone acl having read. But If I uncheck the read permission, it just comes back. That is the problem. It should allow me to uncheck the read acl for everyone to perform the equivalent to chmod o-r but it does not work. After unchecking read for everyone, and hitting apply, the permission just returns. If I run chmod o-r from solaris, samba shows the proper permissions (everyone has nothing selected) and honors it. So something is broken with the implementation of the everyone acl. As a side note, I am able to add and remove acl's for other users and set their permissions just fine. It is just the everyone acl that seems to be special. Any ideas? Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] nfsv4 acl's on zfs
I noticed a while back in the lists that there was mention of supporting zfs' nfs4v acls. Does anyone know if this made it into 3.0.25pre1? Thanks, Christian McHugh Northern Arizona University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] multiple sid's one uid
Howdy all, Does anyone have any good advice for trying to serve to windows clients in a two domain enviroment? There is the possiblilty of users connecting with the same username and password from two different domains. As the accounts are generated from an ldap server, the identical usernames in the two domains share a single uid. Point being since the samba server is in one domain, it assumes that the username connecting from the same domain is the owner, while the same username, but different sid, from the other domain gets mapped as other. I realize this is pretty wacky, but is there some way to force both accounts to act as owner? I should also mention the uid is comming from the windows servers, not some winbind mapping. Thanks, Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba