Re: [Samba] Acl & backup issue
Problem is solved : Rsync 2.6.6 sources contain a patch to manage ext3 acls and works fine. Max -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Acl & backup issue
Hello all, I'm sorry, I know that it isn't the good place to post such a question but, probably, some of you know the problem. I've created samba shares acls enabled and I would like to set up a simple incremental backup on these shares keeping acls permissions on another local disk. But the problem is that rsync does not support ext3 acls. If anyone knows a simple and efficient way to do that, it will be appreciated. Thx for help. Max -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SRVTOOLS issues
Hello, I use Samba 3.0.14a acting as simple PDC (using tdbsam), ext3 acls and kernel 2.6.5. All work fine What is the correct configuration to obtain a maximum compatiblity with USRMGR ? : add user script = /usr/sbin/useradd -s /bin/false -d /dev/null %u add group script = /usr/sbin/groupadd %g add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null -g machines %u delete user script = /usr/sbin/userdel %u delete group script = /usr/sbin/groupdel %g delete user from group script = /usr/sbin/deluser %u %g with groupmaps : System Operators (S-1-5-32-549) -> -1 Domain Admins (S-1-5-21-1234032427-2839496750-1210694437-512) -> admins Secretariat (S-1-5-21-1234032427-2839496750-1210694437-5003) -> secretariat Replicators (S-1-5-32-552) -> -1 Guests (S-1-5-32-546) -> -1 Domain Guests (S-1-5-21-1234032427-2839496750-1210694437-514) -> nobody Finances (S-1-5-21-1234032427-2839496750-1210694437-3007) -> finances Power Users (S-1-5-32-547) -> -1 Domain Users (S-1-5-21-1234032427-2839496750-1210694437-513) -> users Print Operators (S-1-5-32-550) -> -1 Administrators (S-1-5-32-544) -> admins Stagiaires (S-1-5-21-1234032427-2839496750-1210694437-3009) -> stagiaires Account Operators (S-1-5-32-548) -> -1 Backup Operators (S-1-5-32-551) -> -1 Users (S-1-5-32-545) -> users Domain Computers (S-1-5-21-1234032427-2839496750-1210694437-3011) -> machines Technique (S-1-5-21-1234032427-2839496750-1210694437-3005) -> technique The problem is that doing operations on groups (changing primary group of a user, adding a user to a group, etc...) lead error messages and strange behaviour. For example, user joe is initially created with primary group "Domain Users" When I add another group "technique" and set it to its primary group, It works (set in tdbsam but not in /etc/group /etc/passwd) but when trying to deleted joe from "Domain Users", access is refused... Thx for help (not man or samba howto plz, I've already red them) Max -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Missing 'HAVE_SYS_ACL_H'
Second point : Are acl libs/headers installed on your system ? http://acl.bestbits.at/ Max Shawn Wright a écrit : I'm building 3.0.14a on Mandrake 10.2, trying to use the same config as my other servers (3.0.11), but ACLs are not working. In checking the outout of smbd -b, I see this line is missing: System Headers: HAVE_SYS_ACL_H . But I am specifying ./configure --with-acl-support ... Adding an acl using 'setfacl -m 'NTDOMAIN+NTUSER' file does successfully add an ACL for the NT domain user at the CLI, but Samba won't show it. Clearly I'm missing a vital piece somewhere, but I'm not sure where. This is the first machine with 2.6 kernel (stock kernel so far)... could that be the issue? -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Shawn Wright, I.T. Manager Shawnigan Lake School http://www.sls.bc.ca [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Missing 'HAVE_SYS_ACL_H'
Hello ! Check your kernel config : are ext2/ext3 acl/extended attributes checked in fs options ? Max Shawn Wright a écrit : I'm building 3.0.14a on Mandrake 10.2, trying to use the same config as my other servers (3.0.11), but ACLs are not working. In checking the outout of smbd -b, I see this line is missing: System Headers: HAVE_SYS_ACL_H . But I am specifying ./configure --with-acl-support ... Adding an acl using 'setfacl -m 'NTDOMAIN+NTUSER' file does successfully add an ACL for the NT domain user at the CLI, but Samba won't show it. Clearly I'm missing a vital piece somewhere, but I'm not sure where. This is the first machine with 2.6 kernel (stock kernel so far)... could that be the issue? -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Shawn Wright, I.T. Manager Shawnigan Lake School http://www.sls.bc.ca [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Acl and mask issue
Hello all, I've set up a samba 3.0.14a on debian with kernel 2.6.5 with ext3 and acl support. Samba is running as a simple PDC just to share efficiently and to manage permissions on shares. My problem is really simple : How to force file creation mode to rwxr-x--- (0640) and directory creation mode to rwxr-x--- (0750) for all users of the same group ? I've set a lot of parameters to manage this but result is always the same : files are created with rwxrwx--- permissions directories are created with rwxrwxr-x permissions Notice : Files and directories are created from an XP pro box the root share : # getfacl /share user::rwx group::r-x other::r-x default:user::rwx default:group::r-x default:other::r-x From windows as Administrator, I created a dedicated directory for group RD and give to it full control (with security panel): # getfacl /share/RD user::rwx group::r-x group:RD:rwx mask::rwx other::--- default:user::rwx default:group::r-x default:group:RD:rwx default:mask::rwx default:other::--- Then from windows as an RD member, if I create a file or a directory in RD directory, the group flag "w" is set... I don't want it. My configuration : [share] hide dot files = yes writable = yes path = /share public = no force create mask = 0640 force directory mask = 0750 directory security mask = 0775 security mask = 0774 valid users = %U admin users = Administrator root vfs object = recycle:recycle recycle:repository = .deleted recycle:keeptree = yes recycle:touch = yes recycle:versions = yes nt acl support = yes ; inherit acls = yes (should I uncomment it ? I've tried but doesn't change anything) oplocks = no level2 oplocks = no locking = yes blocking locks = yes Thx for help, I'm becoming crazy. Max -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba filenames & cpoy
Lars a écrit : -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hey I'm having problems with speciel characters such as Ü, ö and etc. Plus copying files. I have 2 Harddrive with 2 Partition being shared with samba on a Debian Sarge server. After googling around i think that this i a samba problem, and it only occurs on the samba shares. 1) The character are being changes from ó to _ or sim. Hello, For your characters problems, try in the global section of your smb.conf : display charset = ISO8859-15 (this value is for Western Europe (France), use an appropriated one) unix charset = the value of the default system charset (for more precisions, man smb.conf) Restart samba and this should work. If it doesn't work, look at your kernel supported native languages in file systems section, select those which are needed (never uncheck UTF8) and recompile it. I hope it helps you. For your second issue, I don't know Max -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File locks issue
Thx for your help. Another question : What does this exactly means : vfs object = recycle:recycle recycle:repository = .deleted recycle:keeptree = Yes recycle:touch = Yes recycle:versions = Yes ? Max Liz Ackerman wrote: Maxime, you are still not telling me what files users are accessing and getting the message. Are they Microsoft Word and Excel and Access documents? Microsoft Office default templates??? I will explain what my users are doing and how I made that work. Each user has their own folder. They create, update, change and delete files in this folder and must have all ownership and accesses. In a Terminal session I ran a command of: chown ownername *.* -R to make the owner the user chgrp ownername *.* -R to make the group the user (if you setup users as groups too, I used a group called Everyone which all users are a member of) Then chmod g+s *.* -R to set the group and user on everything. The -R is to ensure that the permissions flow down the file structure, so all folders and files get set. In my Samba shares, here is how I set permissions: [home2]- this where all users have their own directory, so me I am liza comment = Everyone's Home Directory path = /home2 writeable = yes guest ok = yes [accting] - this is where the Accounting department have their Quickbooks files, you can see where I commented out things that didn't work :) I also use the force group and force user. Quickbooks is in multiuser mode, and it was the most challenging to get to work properly. Make sure you have a good backup copy of the database files if they get corrupted. We had several corruptions before I could get it to work. comment = Accounting Volume path = /accting writeable = yes valid users = liza, rhea, stephen, tammy oplocks = no level2 oplocks = no ; veto oplock files = /*.*db/*.ldb/*.mde/*.xls/*.qb*/*.QB*/*.LDB/*.L*/*.*/ ; blocking locks = no ; locking = yes ; strict locking = no ; share modes = no force group = accounting force user = root inherit permissions = yes create mask = 0771 directory mask = 0771 ; force create mode = 0777 ; force directory security mode = 0777 vfs object = recycle:recycle recycle:repository = .deleted recycle:keeptree = Yes recycle:touch = Yes recycle:versions = Yes [Data] - this is where all other folders and documents live. Anyone can access here and anyone can do anything to a file. Mostly Word and Excel, Powerpoint files. comment = Data path = /home2/Data writeable = yes guest ok = yes veto oplock files = /*.mdb/*.ldb/*.mde/ oplocks = no level2 oplocks = no blocking locks = no locking = no strict locking = no share modes = yes Hopefully you can try some of this and see if it works. Liz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] File locks issue
Hello, I try to enable files locking with samba, but I didn't succeed in. I've red samba official howtos but I'm not sure I've understood everything. (Samba 3.0.14a as aPDC, ext3 with acls, debian) I've tried : enable privileges = yes nt acl support = yes acl compatibility = auto security = user passdb backend = tdbsam lock directory = /var/lib/samba/locks (with chmod 777, to be sure) admin users = Administrator root socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 encrypt passwords = yes wins support = yes # wins server = yes os level = 50 domain master = yes local master = yes preferred master = yes name resolve order = lmhosts host wins bcast preserve case = yes short preserve case = yes unix password sync = no defer sharing violations = yes max log size = 1000 [netlogon] path = /var/lib/samba/netlogon admin users = Administrator root guest ok = yes browseable = no locking = no [share] writable = yes path = /share public = no create mask = 0640 directory mask = 0750 directory security mask = 0755 security mask = 0774 valid users = %U admin users = Administrator root nt acl support = yes inherit acls = yes level2 oplocks = yes locking = yes I've tried to modify some windows (2k, XP pro) registry keys as said in howtos but nothing goes well. No message like "File will be open in read only because it is used by another user/application" appears. I'm sure there is a few modifications to do but I don't know which ones. Thx for help (not "see man or howto"). Max -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba, win xp and acls
Hello all, I'm working and searching for a few days to obtain this result : * I want to share some directories between differents users and groups (windows XP clients) using a minimum but efficient configuration with samba and posix acls. * I would like that users windows configuration stay on locals machines (no roaming accounts), * When registering users and computers on the domain, users must keep there configuration, * I want to manage users and groups using srvtools.exe I use tdbsam, posix acls work fine and samba (3.0.14a) runs as a PDC. My problems are : * On windows (with administrator account), some directories don't have the acl (security) panel, * On other directories, the panel is present but I cannot modify permissions, * Users configurations are never stored locally, * Creating new users with srvtools not possible, * How to keep old users windows configuration when entering the domain ? * No way to find a good tutorial answering my needs... Here is my configuration : smb.conf : [global] interfaces = 192.168.1.120/24 enable privileges = yes nt acl support = yes security = user netbios name = FSERVER workgroup = FWSERVER passdb backend = tdbsam server string = File Server add user script = /usr/sbin/useradd -m '%u' add group script = /usr/sbin/groupadd '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null '%u' logon script = scripts\logon.bat logon path = logon drive = H: domain logons = yes username map = /etc/samba/smbusers admin users = root socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096 encrypt passwords = yes wins support = yes os level = 50 domain master = yes local master = yes preferred master = yes name resolve order = lmhosts host wins bcast preserve case = yes short preserve case = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . [public] writable = yes path = /share/public public = yes create mode = 0777 directory mask = 0777 admin users = root nt acl support = yes [technique] writable = yes path = /share/technique public = no create mode = 0770 directory mask = 0770 valid users= @technique, @admins admin users = root nt acl support = yes [stagiaires] writable = yes path = /share/stagiaires public = no create mode = 0770 directory mask = 0770 valid users= @stagiaires, @admins admin users = root nt acl support = yes [secretariat] writable = yes path = /share/secretariat public = no create mode = 0770 directory mask = 0770 valid users= @secretariat @admins admin users = root nt acl support = yes [finances] writable = yes path = /share/finances public = no create mode = 0770 directory mask = 0770 valid users = @finances @admins admin users = root nt acl support = yes --- My groupmaps seems to be good : System Operators (S-1-5-32-549) -> -1 Replicators (S-1-5-32-552) -> -1 Guests (S-1-5-32-546) -> -1 Domain Admins (S-1-5-21-3171617769-241562045-158900556-512) -> admins Power Users (S-1-5-32-547) -> -1 Domain Guests (S-1-5-21-3592376627-3846121942-908627037-514) -> -1 Domain Users (S-1-5-21-3592376627-3846121942-908627037-513) -> -1 Print Operators (S-1-5-32-550) -> -1 Administrators (S-1-5-32-544) -> admins Domain Users (S-1-5-21-3171617769-241562045-158900556-513) -> ntusers Account Operators (S-1-5-32-548) -> -1 Secretariat (S-1-5-21-3171617769-241562045-158900556-3003) -> secretariat Technique (S-1-5-21-3171617769-241562045-158900556-3005) -> technique Finances (S-1-5-21-3171617769-241562045-158900556-3007) -> finances Stagiaires (S-1-5-21-3171617769-241562045-158900556-3009) -> stagiaires Domain Guests (S-1-5-21-3171617769-241562045-158900556-514) -> -1 Backup Operators (S-1-5-32-551) -> -1 Users (S-1-5-32-545) -> -1 Thx for help. Max -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
