Re: [Samba] Has anybody got ACL to work w/ debian, winbindd in a w2k mixeddomain?
Hi again, Can u give me the exact names of the packages you apt-getted? I need those because winbindd is acting strange and I need to find out what the problem is. regads, Jacob From: "Anthony J. Breeds-Taurima" <[EMAIL PROTECTED]> To: Jacob Malmberg <[EMAIL PROTECTED]> CC: [EMAIL PROTECTED] Subject: Re: [Samba] Has anybody got ACL to work w/ debian, winbindd in a w2k mixed domain? Date: Tue, 10 Dec 2002 10:07:43 +0800 (WST) On Mon, 9 Dec 2002, Jacob Malmberg wrote: > Neat. How did you do that, any how-to or something? Im really stuck with > this problem. Those sid packages you are talking about, what are those and > where do I find them. I hope you help me out on this one as Im really > bugged. I can tell you roughly what I did. If you need clarification then don't hesitate to ask. 0) Install woody to your satisfaction. 1) Modified my /etc/apt/preferences file to: --- Package: * Pin: release l=Debian-Security Pin-Priority: 999 Package: * Pin: release a=stable Pin-Priority: 600 Package: * Pin: release a=unstable Pin-Priority: 500 --- and add the appropriate unstable lines to /etc/apt/sources.list. The only reason I need the unstable lines and the apt preferences is to get the current acl/attr libraries prepackaged. I don't see that I need to do extra work (especially when a nice DD has done it for me). 2) follow the instructions at: http://acl.bestbits.at/steps.html for a new install. I only varied it by using the prepackaged .debs for acl/attr (including the -dev packages). 3) After booting into the new kernel (in my case 2.4.19, As set there aren't any patches for 2.4.20) and mounting /home with the "acl" option. I testing {set,get}facl and all was good. 4) I then build samba from source. I was doing 2.2.6-pre1 but I've since upgraded to 2.2.7 with no issues. 5) From there I followed the instructions in "man 8 winbindd" to get the winbind daemon working and join the domain. I then tested ssh and {set,get}facl with the DOMAIN_user accounts. Once I had that working (actually there was nothing to do it just worked) I tried setting/adding/removing ACLS from a win2k box. So far the only problem I've come across is the 8 (of 2000 odd) accounts don't have a an rid to convert name->sid. This would be more of a problem if the accounts weren't going to be deleted in about 3 days. I also have enabled quota support in the kernel and samba and that works great! Yours Tony Jan 22-25 2003 Linux.Conf.AUhttp://linux.conf.au/ The Australian Linux Technical Conference! _ STOP MORE SPAM with the new MSN 8 and get 3 months FREE*. http://join.msn.com/?page=features/junkmail&xAPID=42&PS=47575&PI=7324&DI=7474&SU= http://www.hotmail.msn.com/cgi-bin/getmsg&HL=1216hotmailtaglines_stopmorespam_3mf -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Has anybody got ACL to work w/ debian, winbindd in a w2k mixeddomain?
I dont get the #1-part. Can you please explain a little more in detail what you add to sources.list? Also, I dont have /etc/apt/preferences. Can I just make one with the contents of the one you pasted here? And the #3: I mount /dev/hda1 as /mnt/asd with this line: mount -t ext2 -o acl -o user_xattr /dev/hda1 /mnt/asd/ setfacl works as a charm on /mnt/asd after that. However, if I mount the partition with /home/ and /lib/ and all the other stuff with the line: mount -t ext2 -o acl -o user_xattr /dev/hda2 /mnt/hdd/ Then setfacl returns this: setfacl: directory/file: Operation not supported. I set the acl by the command setfacl -m u:user:rwx /path. I used to run 2.4.20 before you mailed me with the same result so I gave your solution a shot with the same result. What am I doing wrong? I have all the different packages installed... regards, Jacob From: "Anthony J. Breeds-Taurima" <[EMAIL PROTECTED]> To: Jacob Malmberg <[EMAIL PROTECTED]> CC: [EMAIL PROTECTED] Subject: Re: [Samba] Has anybody got ACL to work w/ debian, winbindd in a w2k mixed domain? Date: Tue, 10 Dec 2002 10:07:43 +0800 (WST) On Mon, 9 Dec 2002, Jacob Malmberg wrote: > Neat. How did you do that, any how-to or something? Im really stuck with > this problem. Those sid packages you are talking about, what are those and > where do I find them. I hope you help me out on this one as Im really > bugged. I can tell you roughly what I did. If you need clarification then don't hesitate to ask. 0) Install woody to your satisfaction. 1) Modified my /etc/apt/preferences file to: --- Package: * Pin: release l=Debian-Security Pin-Priority: 999 Package: * Pin: release a=stable Pin-Priority: 600 Package: * Pin: release a=unstable Pin-Priority: 500 --- and add the appropriate unstable lines to /etc/apt/sources.list. The only reason I need the unstable lines and the apt preferences is to get the current acl/attr libraries prepackaged. I don't see that I need to do extra work (especially when a nice DD has done it for me). 2) follow the instructions at: http://acl.bestbits.at/steps.html for a new install. I only varied it by using the prepackaged .debs for acl/attr (including the -dev packages). 3) After booting into the new kernel (in my case 2.4.19, As set there aren't any patches for 2.4.20) and mounting /home with the "acl" option. I testing {set,get}facl and all was good. 4) I then build samba from source. I was doing 2.2.6-pre1 but I've since upgraded to 2.2.7 with no issues. 5) From there I followed the instructions in "man 8 winbindd" to get the winbind daemon working and join the domain. I then tested ssh and {set,get}facl with the DOMAIN_user accounts. Once I had that working (actually there was nothing to do it just worked) I tried setting/adding/removing ACLS from a win2k box. So far the only problem I've come across is the 8 (of 2000 odd) accounts don't have a an rid to convert name->sid. This would be more of a problem if the accounts weren't going to be deleted in about 3 days. I also have enabled quota support in the kernel and samba and that works great! Yours Tony Jan 22-25 2003 Linux.Conf.AUhttp://linux.conf.au/ The Australian Linux Technical Conference! _ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Has anybody got ACL to work w/ debian, winbindd in a w2k mixeddomain?
Neat. How did you do that, any how-to or something? Im really stuck with this problem. Those sid packages you are talking about, what are those and where do I find them. I hope you help me out on this one as Im really bugged. regards, Jacob From: "Anthony J. Breeds-Taurima" <[EMAIL PROTECTED]> To: Jacob Malmberg <[EMAIL PROTECTED]> CC: [EMAIL PROTECTED] Subject: Re: [Samba] Has anybody got ACL to work w/ debian, winbindd in a w2k mixed domain? Date: Mon, 9 Dec 2002 14:56:13 +0800 (WST) On Mon, 9 Dec 2002, Markus Amersdorfer wrote: > On Sun, 08 Dec 2002 23:06:45 + > "Jacob Malmberg" <[EMAIL PROTECTED]> wrote: > > > Ppl also tell me this is because of some bug in > > debian. So, as the subject says, anybody got acl to work w/ debian 3, > > winbindd in a domain? > > I wrote down my process of getting XFS and Samba-with-ACL working with > Debian 3 here: http://homex.subnet.at/~max/comp-12_xfs.php > Mind: I did not play 'round with winbindd. Sorry I missed the original post. Yes I have gotten samba 2.2.7 working with ACL's (ext3) and winbindd on a woody box with <12 sid packaages. Yours Tony Jan 22-25 2003 Linux.Conf.AUhttp://linux.conf.au/ The Australian Linux Technical Conference! _ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Has anybody got ACL to work w/ debian, winbindd in a w2k mixed domain?
Im seriously thinking about changing dist. due to acl won't work as they should with debian woody. Ppl also tell me this is because of some bug in debian. So, as the subject says, anybody got acl to work w/ debian 3, winbindd in a domain? If not, hello redhat.. Jacob _ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] "checking whether to support ACLs... no"
Hi, This problem is really getting frustrating. I have set up my debian 3 box w/ kernel 2.4.2 patched for ext2/3 ACL support. I have also installed all utilies, both attr and ACL. I have joined the box to my domain using winbind and smbpasswd. I can set permissions all right using setfacl with domain+user but when I try to change permissions via LAN using w2k/xp I get access denied/or it just erases my changes. Also, the permissions do not seem to be the same on samba and the rest of the system, since my changes using setfacl doesnt show up if I try to change permission with w2k/xp. Im using samba 2.2.7 and the latest acl patch. Any thoughts anybody? Help is very appreciated. regards, Jacob _ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and ACL problems.
Ive joined my smbcomputer to my AD-domain using samba 2.2.7 and smbpasswd -j domain -r pdc -Uadmuser. However, when I try to set file/dir permissions from one of the windows (xp,2k) clients I get this error in the smbd.log: "smbd/posix_acls.c:create_canon_ace_lists(823) create_canon_ace_lists: unable to map SID S-1-5-21-1624733417-2918206790-2146600570-2560 to uid or gid.". I have mounted my ext2 fs with mnt -t ext2 -o acl -o user_xattr device mntpnt. Im using kernel 2.4.20 which ive patched for ext2/ext3 ACL support. Is there anyway to set domain permissions with the command setfacl just to try if it works? It works fine when using users on the smbcomputer but not at all when Im using users from the AD-domain. Im using debian 3 woody. regards, Jacob _ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Unknown parameter encountered: "ads server" - Samba in ADS.
Hi, Im running debian 3 woody using kernel 2.2.x and samba 2.2.7. When I try to join the box to my ADS using smbpasswd -j DOM -r DOMPDC -Uusr%pass it says "Unknown parameter encountered: "ads server"". It also says "Unknown parameter encountered: "realm"". Then it says that it'll ignore those lines. I have the krb5user-package and the libkrb5-dev-package. Have I missed some package anywhere? I installed everything with apt-get except samba which I compiled from source. regards, Jacob _ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] How to join a linux machine to a Active Directory Domain using Samba.
Hi, having read through tons of different how-to's about how to do this specific task has made me quite sick. Do someone know a good guide for this or can she/he make a quick how-to? I am atm using samba 3.0 alpha 20 but I gladly change to 2.xx if that would do the trick. Anyone? regards, Jacob Malmberg _ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba