Re: [Samba] trouble with file group owners with Samba 3.0.22.
Hi Ken, check Primary Group setting for user administrator. I think this is your problem. In w2k3 and w2k there is setting called Primary Group under the Member of tab in Properties of Administrator. Regards Tom Ken schrieb: We're running Samba 3.0.22 on a Debian system with kernel 2.6.16.16. The file system is jfs with POSIX ACL and Security labels support. We have setup winbind so our Samba server grabs the user names and passwords from our NT PDC. I have tried creating files with two users. One is called scanner2 and belongs to the windows group scanning. The other user is Administrator and belongs to the group Domain Admins. When I create the file with the user scanner2, the file's group owner is scanning, which we want. However, when I create a file with the user Administrator, the file's group owner is Domain Users. We would like it so anything created by Administrator has a group owner of Domain Admins. Any help would be greatly appreciated. Thanks. --Ken -- Thomas Dorsch IT Services EWT Multimedia GmbH Co. KG Volkhartstrasse 4-6 86152 Augsburg Tel. +49 821 3106 311 Fax. +49 821 3106 399 http://www.ewttss.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.22 w2k3 ad+sfu working but ls shows only uidNumber and not uid
Hi Guys, i have a problem getting id mapping to work as it should. My setup is as follows: Samba 3.0.22 on Debian Sarge 3.1 . I 've got SFU 3.5 installed on a W2K3 DC with SP1. I 'm using winbindd in idmap proxy only mode. Here 's my generic smb.conf: workgroup = METADS realm = META.XXX.XX it 's not the real realm, of course ! security = ADS server string = %h server (Samba %v) wins support = no wins proxy = no wins server = nbns dns proxy = no name resolve order = wins bcast log file = /var/log/samba/log.%m max log size = 1000 syslog only = no syslog = 0 loglevel = 3 passdb:5 auth:5 winbind:10 idmap:10 panic action = /usr/share/samba/panic-action %d unix charset = ISO8859-1 display charset = ISO8859-1 load printers = no encrypt passwords = true preferred master = no enable privileges = yes idmap uid = 3-4 idmap gid = 3-4 idmap backend = ad winbind nss info = template sfu winbind use default domain = yes winbind nested groups = yes template shell = /bin/bash [profiles] path = /var/profiles browseable = no read only = no create mask = 0600 directory mode = 0700 profile acls = yes csc policy = disable force user = %U [homes] comment = Home Directories path = /home/%U browseable = no writable = yes create mask = 0600 directory mask = 0700 # root preexec = /usr/sbin/mkhomedir %U %G [server] comment = Test Share path = /var/server browseable = yes read only = no create mask = 0660 directory mode = 0770 Ok, let 's get to the point. Winbind -u/g returns all the user and group information out of the AD as expected. Getent passwd/group works fine also. I have access to the shares and can view the ownership/rights via the security tab in windoof. Doing a chown dmg (this group exists only in AD !!) is also possible. But if i do a ls -la i only get the gidNumber (6000) of this group !! The same happens to the owner of the file, for example Administrator with uidNumber (37). I tried to get around this problem using idmap uid = 999-1000 and idmap gid 999-1000 as a workaround described in bug 3289 but this doesn 't fix my problem. Here is some debugging output: test:/var/server# ls -la total 3 drwxrwx--- 3 6340 6000 1024 May 23 17:01 . drwxr-xr-x 17 root root 1024 May 16 11:12 .. drwxrwx--- 3 37 6000 1024 May 24 08:49 test winbind output: [0]: request interface version [0]: request location of privileged pipe [0]: getgrgid 6000 Doing a chown administrator.dmg test/ gives: [0]: request interface version [0]: request location of privileged pipe [0]: getgrgid 6000 [0]: request interface version [0]: request location of privileged pipe [0]: getgroups root [ 2113]: lookupname METADS\root string_to_sid: Sid S-0-0 is not in a valid format. [0]: request interface version [0]: request location of privileged pipe [0]: getpwnam administrator.dmg [ 2113]: lookupname METADS\administrator.dmg rpc: name_to_sid name=METADS\administrator.dmg name_to_sid [rpc] administrator.dmg for domain METADS [0]: getpwnam administrator [ 2113]: lookupname METADS\administrator rpc: name_to_sid name=METADS\administrator name_to_sid [rpc] administrator for domain METADS [ 2113]: lookupsid S-1-5-21-2857693109-2026923775-3634067142-500 ads: query_user ads query_user gave Administrator [ 2113]: lookupsid S-1-5-21-2857693109-2026923775-3634067142-500 [ 2113]: sid to uid S-1-5-21-2857693109-2026923775-3634067142-500 Connected to LDAP server 10.33.8.108 got ldap server name [EMAIL PROTECTED], using bind path: dc=META,dc=XXX,dc=XX ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 ads_sasl_spnego_bind: got server principal name [EMAIL PROTECTED] ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or directory) Ticket in ccache[MEMORY:winbind_ccache] expiration Tue, 30 May 2006 19:17:30 CEST ad_idmap_get_id_from_sid mapped SID [S-1-5-21-2857693109-2026923775-3634067142-500] to POSIX UID 37 [0]: getgrnam dmg rpc: name_to_sid name=METADS\dmg name_to_sid [rpc] dmg for domain METADS No nmbd found Ok, only winbind is running ! cm_get_ipc_userpass: No auth-user defined Doing spnego session setup (blob length=111) got OID=1 2 840 48018 1 2 2 got OID=1 2 840 113554 1 2 2 got OID=1 2 840 113554 1 2 2 3 got OID=1 3 6 1 4 1 311 2 2 10 got [EMAIL PROTECTED] Doing kerberos session setup Ticket in ccache[MEMORY:cliconnect] expiration Tue, 30 May 2006 19:17:30 CEST rpc_pipe_bind: Remote machine EWT-MASTER pipe \lsarpc fnum 0xc00a bind request returned ok. Got challenge flags: Got NTLMSSP neg_flags=0x62890235 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60080235 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60080235 lsa_io_sec_qos: length c does not match size 8 Connected to
Re: [Samba] read only - write list
Sorry, typo error in write List. I meant user1 has write access Hi Eric, maybe this is what you ' re looking for: [share] comment = whatever path = /mnt/share_1 valid users = @group1 # both users have to be members of that group write list = user1 public = no writable = no create mask = 0750 force create mode = 0650 directory mask = 0750 force directory mode = 0750 Another important thing is that you set the right filesystem permissions for the share. Hope this helps ! Eric Velluet schrieb: Hello, I want to share à directory in read/write access for user1 and in read access for an user2. Y try this syntaxe without succes : [sharerep] valid users = user1, user2 public = no browseable = yes read only = yes write list = user1 Y try also read only = no but in this case the two users can read/write samba version 3.0.10 I have not understand something but what ? Best wishes. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] read only - write list
Hi Eric, maybe this is what you ' re looking for: [share] comment = whatever path = /mnt/share_1 valid users = @group1 # both users have to be members of that group write list = user2 public = no writable = no create mask = 0750 force create mode = 0650 directory mask = 0750 force directory mode = 0750 Another important thing is that you set the right filesystem permissions for the share. Hope this helps ! Eric Velluet schrieb: Hello, I want to share à directory in read/write access for user1 and in read access for an user2. Y try this syntaxe without succes : [sharerep] valid users = user1, user2 public = no browseable = yes read only = yes write list = user1 Y try also read only = no but in this case the two users can read/write samba version 3.0.10 I have not understand something but what ? Best wishes. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.21a Debian Sarge Files get listed twice with smbstatus -u .......
Hi list, recently upgraded from 3.0.10 to 3.0.21a on debian sarge. Congratulations guy 's many problems gone but .. a) a couple of users reported the following: If they open outlook for the first time they are not able to send/receive emails. If they close/open oulook the second time everything is fine. I 'd set a high debug level and observed the log but nothing that will point to a problem here. Maybe corrupted pst ? b) if i do a smbstatus -u i get the following output for example: 17244 DENY_WRITE 0x2019f RDWR NONE Mail/Outlook.pst Fri Jan 20 10:34:53 2006 17244 DENY_NONE 0x20089 RDONLY NONE Mail/Outlook.pst Fri Jan 20 12:31:10 2006 28885 DENY_WRITE 0x2019f RDWR NONE Mail/2005.pst Fri Jan 20 13:23:22 2006 28885 DENY_NONE 0x20089 RDONLY NONE Mail/2005.pst Fri Jan 20 13:23:36 2006 18249 DENY_WRITE 0x2019f RDWR NONE Mail/bis2002.pst Thu Jan 19 08:44:59 2006 18249 DENY_NONE 0x20089 RDONLY NONE Mail/bis2002.pst Thu Jan 19 08:46:36 2006 Every file gets opened twice. Once RW and RO ! Is this because of the rewrite that belongs to oplocks ? Also the output of smbstatus doesn 't show the full path anymore. For example: Mail/bis2002.pst should give /mnt/home/xMail/bis2002.pst ! Would be great if someone can give me a bit advice what 's going on here Regards Tom -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba