Re: RESOLVED: (sorta) Re: [Samba] Oplocks question
Terry Haley wrote: Actually Dan that helps a lot. It tells me the amount of work and effort it takes to bend this application in order to fit a mold it was not intended for. In the end, I decided to bite the bullet and make my PDC double as my primary file server. 45 mins of swapping an FC-nic, remapping the lvm's and reconfiguring the smb.conf in order to make this a non-issue and prevent more complexity proliferation is well worth it. It's a shame it doesn't handle remote file systems more elegantly. Here are the steps: configure the 2nd samba server as a client, join it to the domain, add a dfs enabled share, dfs enable the PDC, create the filesystem link(s), done. Should take 5 minutes. -- tkb -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Changing samba PDC version but keeping the same IP address
Frank Bonnet wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Toby Bluhm wrote: Frank Bonnet wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello We are facing a bit boring problem We are on the way to upgrade our PDC from 2.2.8 to 3.2.11 as we do not want to reconfigure the PDC IP address on several hundreds of windows XP clients we have chosen to keep the same IP address for the new PDC. The problem is windows clients does not update the name of network drives and keep the old names even connected to the new PDC server and it's new shares ... I suspect there are some caching mechanisms that are not completely cleaned (!!!) by windows. Any infos on how to clean widows caches are welcome. If I understand you correctly, you mean everything is working just fine, but the server name displayed in file explorer for the network drive letter is still the old server name. If that's it, check the registry: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComputerDescriptions] Delete the entries for the server it will automatically refresh to the current setting. Hello Thanks for the answer, but I have a problem to do that on our ~800 windows PC ... Is it possible to do it remotely or automate-it during boot up time ? Thanks Something like this in your login script - should be all one line. reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ComputerDescriptions /v servername_or_IP /f -- tkb -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Changing samba PDC version but keeping the same IP address
Frank Bonnet wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello We are facing a bit boring problem We are on the way to upgrade our PDC from 2.2.8 to 3.2.11 as we do not want to reconfigure the PDC IP address on several hundreds of windows XP clients we have chosen to keep the same IP address for the new PDC. The problem is windows clients does not update the name of network drives and keep the old names even connected to the new PDC server and it's new shares ... I suspect there are some caching mechanisms that are not completely cleaned (!!!) by windows. Any infos on how to clean widows caches are welcome. If I understand you correctly, you mean everything is working just fine, but the server name displayed in file explorer for the network drive letter is still the old server name. If that's it, check the registry: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComputerDescriptions] Delete the entries for the server it will automatically refresh to the current setting. -- tkb -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Tunneling over SSH
Kevin Bailey wrote: We've had reasonable success with Netdrive accessing FTP shares from PC's for file reading and saving. I've tried SSH - no joy, SFTPShare is buggy and crashes Windows explorer. Also, tried using encrypted data/comms channels over FTP using Vsftpd - again problems with the Windows client. Have you tried WinSCP? http://winscp.net It's a Windows File Explorer looking gui connecting thru ssh, just a single executable file, no installation needed - quite handy. -- tkb -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Upgrade samba from 3.28 to 3.29 to fix winbind issue.
Turner, Justin H Contractor wrote: How do you upgrade samba from 3.0.28 to 3.0.29 to fix winbind issue? My OS is CentOS 4.5. I haven't been able to find a RPM above 3.0.28. for samba built from src will put stuff in places different from where an rpm package will put them - probably why it didn't work as an upgrade to a working RH type server for you. I needed 3.0.33 to fix a SolidWorks problem, so I did the following for WhiteboxLinux 4. I expect if it's changed where needed, should work for Centos 4. rpm -ihv samba-3.0.25b-1.el4_6.4.src.rpm Put samba-3.0.33.tar.gz in /usr/src/whitebox/SOURCES/ Remove the old /usr/src/whitebox/SOURCES/samba-3.0.25b.tar.gz Remove the /usr/src/whitebox/SOURCES/*.patch files Edit /usr/src/whitebox/SPECS/samba.spec: old: Version: 3.0.25b old: Release: 1%{dist}.4 new: Version: 3.0.33 new: Release: 1.4 remove: all lines with Patch remove: all lines with %patch remove: --with-mmap \ remove: --without-smbwrapper \ remove: %doc docs/REVISION docs/Samba3-ByExample.pdf docs/Samba3-Developers-Guide.pdf rpmbuild -bb /usr/src/whitebox/SPECS/samba.spec rpm -Uhv /usr/src/whitebox/RPMS/i386/samba*3.0.33-1.4.i386.rpm service smb stop service smb start I found the /usr/src/whitebox/BUILD/samba-3.0.33/packaging/RHEL/samba.spec file from the 3.0.33 tarball later on, but since my way was already working for me, I didn't bother trying it out. As always, YMMV. -- tkb -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] server change
Bill Szkotnicki wrote: Toby, I guess I am close to giving up on this but thank you for the suggestions. We are going to discuss the logistics of rejoining all of the windows XP machines that need to have more than one id logging on. Do you know anything about profiles? I want to run the logon.bat file but I do not want the server to provide a profile ( see my config below ) Is it possible to do this without having to set the windows XP profiles off with gpedit.msc? logon script = netlogon.bat logon drive = H: logon path = domain logons = Yes domain master = Yes preferred master = Yes os level = 255 wins support = Yes name resolve order = wins lmhosts I've never messed with roaming or server stored profiles, so I can't tell you this is the right way to disable them. I set logon script = netlogon.bat, stored the script in the netlogon share, assigned logon drive = and logon path = , drive mounts are handled in the logon script. The logon script section in the smb.conf man page has more details. The profiles stay local to the machine from the onset this way, we set no local policy or registry settings regarding profiles. Users normally only logon to their own PC, we backup the local profiles through a separate process. -- tkb -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] server change
Bill Szkotnicki wrote: Hi, Recently we changed our samba server to a bigger and more powerful system ( centos 5.2 ) The config file and smbpasswd and other passwd and group files were copied to the new server and it then assumed the same identity as the old one in the dns and ip address. It seems to have gone very well except we now seem to have a problem. There are windows XP workstations that were domain joined to the old server and now connect well to the new one. But if you try to login on one of these workstations with an ID that was not logged onto it previously it does not authenticate. The solution is to unjoin and then rejoin the workstation but there are a lot of them and we don't want to do that. Also it seems that this situation has arisen just recently and was working before on the new server and so I am wondering what could have happened earlier this week. That info is held in the *.tdb files. Centos stores them in /var/cache/samba/. If the old new server are both Centos, just copy them over from the old box. Stop samba first, make a backup copy - just in case, restart samba. The machines that you've rejoined to the new box will need to be rejoined again, but all others should be ok. The SID-to-UID mappings are in the tdb files too - it would probably be best to have all PCs reboot after the update - rejoin as needed. If the distros are different I think the tdb files are compatible, but I'm not sure. -- tkb -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] server change
Bill Szkotnicki wrote: Is there one particular .tdb file that is used for authentication? The new server has been running now for two weeks and I am thinking that I should be careful about replacing .tdb files. It is only this one issue of workstations where we want more than one userid to logon that needs solving. Copying all tdb files is the way you clone a samba server, which is what I thought you were trying to do, basically. Pick an off hours time, make backup copies, test it out on a few PCs. If it goes haywire, just restore the backup copies. You're sorta in between now. You can either do the work to move forward with the current setup or try to restore the old setup. You'll need to decide which way is better due to work for you, inconvenience to the users, pitfalls, etc. -- tkb -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] server change
Bill Szkotnicki wrote: OK now I have tried copying all of the /var/cach/samba files into the new server ( after stopping it and backing it up ) and we still have the same issue. Nothing seems yo be broken as far as I know now but unless we unjoin and rejoin a machine a guest user can not logon. Any other ideas? Another blast from the shotgun . . . When the guest id tries ( windows xp ) there is no recognition of an attempt in the log files. What do you mean by guest id? The XP guest account? A valid user in your samba domain? No log of the event seems to say it never contacted the samba server. Does the XP event viewer show anything? -- tkb -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] file monitoring in samba
Nelson Serafica wrote: Does anyone know how can I monitor files that was being open and access in the samba directory? If this was not possible, is there third party apps that can help me do what I want? The vfs:audit module may do what you need: http://samba.org/samba/docs/man/Samba-HOWTO-Collection/VFS.html -- tkb -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Configuring Samba with NIS
Harvey, Edward wrote: Hey all. I have a bunch of linux servers, all using NIS to maintain username/password/UID/GID information. I'm trying to make the filesystems browsable from Windows XP, while maintaining correct UID/GID info. It seems this would be really simple, just let the user login to \\linuxmachine with his/her linux username password, and everything they do happens as them. As you know - no such thing. :-( I'm using RHEL 4u4 x86_64, samba 3.0.10-1.4E.9, swat 3.0.10-1.4E.9 In swat, it seems to indicate available auth methods are guest sam winbind and some deprecated stuff I shouldn't use. I guess there is no auth method to use the local passwd/shadow files, or NIS database? Also, I guess there is no idmap backend to simply map UID/GID based on username? * I cannot use the essentially randomly generated UID/GID scheme. * I will have a very difficult time to use winbind (I don't have windows domain admin access, and those who do are difficult to convince they should type the domain admin pass on some prompt when they don't understand the prompt.) * I prefer not to use a cronjob on every machine to regenerate the smbpasswd all the time. Also, by looking around, it doesn't appear this is possible anyway. Is there any graceful solution here? I don't see the need for *yet* another password database... Thanks for any suggestions... I have been googling and browsing fanatically This will work if samba is setup as PDC. Add the NIS user to samba with smbpasswd -a username. Setup the passwd program. smb.conf: passwd program = /root/newpasswd %u /root/newpasswd: #!/bin/sh passwd $@ pushd /var/yp /usr/bin/make -f Makefile.passwd popd /var/yp/Makefile.passwd is just /var/yp/Makefile edited to only update passwd. A password change from Windows will now update both databases. But then there's the hassle of asking users for their existing NIS password so you can add it to smbpasswd. Instead, just set it to some_win_passwd, have the user login to Windows with some_win_passwd, password change from Windows will then sync both databases to the same new password. -- Toby Bluhm Alltech Medical Systems America, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Accessing member server prompts for credentials
Leon Stringer wrote: And when I do wbinfo -t I get: the trust secret via RPC calls succeeded but only for the first five minutes after starting winbindd. After five minutes I get: checking the trust secret via RPC calls failed error code was (0x0) Could not check secret My setup was over 2 years ago on RHEL4 at my previous job and I had the problem of winbind dieing every so often so I did a hack and setup a cronjob to check every 10 minutes restart it if needed. wbinfo -u does not work at any point. log.winbindd-idmap says: [2008/06/19 10:46:56, 0] nsswitch/winbindd_dual.c:async_request_timeout_handler(182) async_request_timeout_handler: child pid 21612 is not responding. Closing connection to it. [2008/06/19 10:46:56, 1] nsswitch/winbindd_util.c:trustdom_recv(229) Could not receive trustdoms Any more advice gratefully received. My experience was that winbind worked or it didn't. Never got the half working results you have. Here is the smb.conf I used. It was probably samba version ~ 3.0.10. I do remember that once I set 'ldap ssl = no' and 'allow trusted domains = no' it all started working for me. Also, when I was changing settings around, the tdb files would keep old info and mess things up for me. Since it was not in production yet, what I did was: stop samba rm /var/cache/samba/*.tdb rm /etc/samba/secrets.tdb Rejoin the domain start samba Just a warning - what worked for me back then may not be correct with today's version. 'testparm -v' will show you all smb.conf options and your current settings. [global] workgroup = DOMAIN realm = DOMAIN.EXAMPLE.COM server string = Samba Server Main security = ads log level = 0 vfs:2 log file = /var/log/samba/ALL.log max log size = 500 socket options = TCP_NODELAY load printers = No preferred master = No domain master = No dns proxy = No wins server = 192.168.100.100 netbios name = MAIN netbios aliases = PENGUIN ldap ssl = no idmap uid = 1-300 idmap gid = 1-300 template homedir = /users/%U template shell = /bin/bash winbind enum users = No winbind enum groups = No idmap backend = idmap_rid:DOMAIN=10-300 allow trusted domains = no username map = /etc/samba/smbusers name resolve order = wins bcast cups options = raw disable spoolss = Yes show add printer wizard = No os level = 1 winbind use default domain = yes host msdfs = Yes admin users = DOMAIN\admin20 admin20 -- Toby Bluhm Alltech Medical Systems America, Inc. 30825 Aurora Road Suite 100 Solon Ohio 44139 440-424-2240 ext203 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Accessing member server prompts for credentials
Leon Stringer wrote: I'm still struggling with this if anyone can help. I'm back tracking through the HOWTO and realised that I hadn't created a machine trust account. So I've done: # groupadd machines # /usr/sbin/useradd -g machines -d /var/lib/nobody -c Test Server -s /bin/false server1 # passwd -l server1 Locking password for user server1. # smbpasswd -a -m server1 Failed to modify password entry for user server1$ Please can anyone tell me why this last step fails? Those commands are for working with an NT4 domain. They're of no use if you're trying to join samba to an AD domain. From: Leon Stringer [EMAIL PROTECTED] Date: 2008/06/17 Tue AM 11:13:14 GMT To: samba@lists.samba.org Subject: [Samba] Accessing member server prompts for credentials Hi, I'm trying to join a server as an AD member but it isn't working. I do: kinit [EMAIL PROTECTED] which prompts for the password and displays nothing else. Then I do: net ads join -U Administrator%X which returns: Using short domain name -- DOMAIN1 Joined 'SERVER1' to realm 'DOMAIN1.CO.UK' So all looks OK, but when I try to browse the shares on \\server1 from another domain member I'm prompted for a username and password. Any valid domain credentials are rejected. The log file for the IP address for the computer I'm trying to connect from says: [2008/06/17 11:54:54, 1] smbd/sesssetup.c:reply_spnego_kerberos(316) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE! log.smbd says: [2008/06/17 11:55:47, 0] auth/auth_util.c:create_builtin_administrators(792) create_builtin_administrators: Failed to create Administrators [2008/06/17 11:55:47, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users smb.conf says: [global] workgroup = DOMAIN1 realm = DOMAIN1.CO.UK security = ADS Samba 3.0.30 on Fedora 8. Can anyone tell me where I'm going wrong? Actually, it all looks good so far, but you need a little more setup so samba can authenticate accounts against AD. Do you have winbindd running? What does 'wbinfo -t' tell you? Do you have the winbind sections in smb.conf configured correctly? Can you get a list of AD accounts with 'wbinfo -u'? Did you configure nsswitch.conf correctly? If 'id DOMAIN\user' returns useful info about the user, your machine is authenticating with AD correctly. Also, ntpd needs to sync the time very closely with the domain. 'date ; net time -w DOMAIN' should show times that are within seconds of each other. Go back to the Samba HOWTO and review Ch. 24 and 29. Any text in the HOWTO that mentions NT4 or PDC or BDC configuration is not for your situation. -- Toby Bluhm Alltech Medical Systems America, Inc. 30825 Aurora Road Suite 100 Solon Ohio 44139 440-424-2240 ext203 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Accessing member server prompts for credentials
Leon Stringer wrote: Thanks, that makes sense although it isn't very clear in the HOWTO. So I'm back to square 1: I can't access shares on the server. If I try to connect remotely I'm prompted for credentials. If I try a domain user account it's rejected, same for a local UNIX user account on the Samba box. Did you see my comments about winbind at the bottom of that message? -- Toby Bluhm Alltech Medical Systems America, Inc. 30825 Aurora Road Suite 100 Solon Ohio 44139 440-424-2240 ext203 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Maxtor NAS share problem
Rick Johnson wrote: Alex Harrington wrote: I was talking about saving the Linux filesystem info. Do your rsync to the NAS, then do a recursive getfacl, redirecting the output to a file on the NAS. When you do an rsync back from the NAS, correct the owner/perms with setfacl. Trouble is that I CAN'T do my rsync to the NAS drive because it doesn't give me the access privileges I need to write to the NAS. The rsync wants to change owner and the NAS won't let it do that. There are switches to modify that behaviour - -p, -o, -t, -g - and there are aliases (eg -a)that switch combinations of those on or off. What's the exact command line you're using to rsync? I was using a command of the form: rsync -avz /source /destination And if that had worked, I wouldn't have needed to ask this list for any help because ALL I was trying to do was use the NAS as a backup device. The permissions, symbolic links, etc. need to be preserved by the rsync so that the files can be restored correctly IF they ever need to be restored. Something like rsync -r /source/ /destination should work, regardless of the permissions, because rsync will write everything as whoever you're logged on as (or whoever the NAS translates that to be). As previously suggested you can then do a recursive getfacl over /source and write the output to /destination. That will create a text file with all your permissions etc included in it so they can be restored by setfacl if required. I'm afraid I don't understand what purpose the getfacl or setfacl serves? The files on my system never had any access control lists so how does creating them solve my problem? Understand that getfacl/setfacl captures/restores all file/dir attributes, ACL or not. A saved getfacl output, used as an input to setfacl will restore the attributes exactly - ACL or not. Have you read the man pages on rsync, getfacl, setfacl? It seems to me that what I REALLY need is access to the filesystem on the NAS so that I can set appropriate permissions there that will allow the original rsync -avz command to function properly. Which one is your goal: 1.) Get the rsync/NAS combo to work as you want/expect? 2.) Make reliable backups of your Linux box? If you say #1 , I think it's obvious you're going to have to manhandle the NAS box - install new firmware, hack your way in, get to the insides somehow - cause it ain't gonna work as is. If you say #2 , there's a lot of tools that can that done for you - right now. I think #2 should be your answer. PS - you could always yank the NAS disks out, install them into your Linux box, and make a real server. -- Toby Bluhm Alltech Medical Systems America, Inc. 30825 Aurora Road Suite 100 Solon Ohio 44139 440-424-2240 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Maxtor NAS share problem
Rick Johnson wrote: Toby Bluhm wrote: Rick Johnson wrote: Adam Williams wrote: what are the settings on the share you're trying to mount? does it have something like valid users = rickj Well, that is hard to determine. If you're asking whether the drive has something like an smb.conf file containing share settings the answer is no. The only access I have to the Maxtor drive is via a browser interface. I have used the menu in that to set all files for full public access, but beyond that I have no finer control. (I have So in public mode, it's probably going to throw all user info away and map everything to a universal id. Have you looked closely at the file perm/ownership from the Windows client? Saved files as joe user then jane user - does it keep the distinction? I'll venture no. There is no Windows client. The Maxtor shows up in My Netowrk Places and is mapped as just another drive from Windows; in my particular case, as the Z drive. I meant client = the Windows PC. If it's possible, have you tried setting up individual users through the nas interface? Yes. The drive has been set up with different users since the beginning. Could also just work with the fact that no perm/owner info will be kept. Collect that info store it to a file. A recursive getfacl to collect setfacl to restore could do the trick. Judging by what I see through the web interface, there must be SOME type of user info stored, but how or where I don't know and can't see. I was talking about saving the Linux filesystem info. Do your rsync to the NAS, then do a recursive getfacl, redirecting the output to a file on the NAS. When you do an rsync back from the NAS, correct the owner/perms with setfacl. Better yet, look into dar - http://dar.linux.free.fr - a tar like backup designed for saving to files on disk. It shouldn't care (much) about the filesystem it's stored on. found via www.openmss.org that the underlying filesystem of the drive is Linux - reiser I think - but beyond that I have no data on the filesystem other than what I see when I smbmount the drive.) Perhaps there's a way to break into the Linux the nas is running change stuff to your suiting. I think this is a possibility and I've been looking for more info; unfortunately without success so far. I've heard many times of people with an appliance trying to do something beyond its intended function hitting a brick wall. Your situation is why I never recommend an appliance to anyone other than a pure, non-hacker, non-power type Windows user. A NAS type distro or even a full distro on a junker PC would be a better solution. More work, but better results. You're probably right. But since I've already got the drive I need to figure out a way to use it. Rick J. -- Toby Bluhm Alltech Medical Systems America, Inc. 30825 Aurora Road Suite 100 Solon Ohio 44139 440-424-2240 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Maxtor NAS share problem
Rick Johnson wrote: Adam Williams wrote: what are the settings on the share you're trying to mount? does it have something like valid users = rickj Well, that is hard to determine. If you're asking whether the drive has something like an smb.conf file containing share settings the answer is no. The only access I have to the Maxtor drive is via a browser interface. I have used the menu in that to set all files for full public access, but beyond that I have no finer control. (I have So in public mode, it's probably going to throw all user info away and map everything to a universal id. Have you looked closely at the file perm/ownership from the Windows client? Saved files as joe user then jane user - does it keep the distinction? I'll venture no. If it's possible, have you tried setting up individual users through the nas interface? Could also just work with the fact that no perm/owner info will be kept. Collect that info store it to a file. A recursive getfacl to collect setfacl to restore could do the trick. found via www.openmss.org that the underlying filesystem of the drive is Linux - reiser I think - but beyond that I have no data on the filesystem other than what I see when I smbmount the drive.) Perhaps there's a way to break into the Linux the nas is running change stuff to your suiting. I've heard many times of people with an appliance trying to do something beyond its intended function hitting a brick wall. Your situation is why I never recommend an appliance to anyone other than a pure, non-hacker, non-power type Windows user. A NAS type distro or even a full distro on a junker PC would be a better solution. More work, but better results. -- Toby Bluhm Alltech Medical Systems America, Inc. 30825 Aurora Road Suite 100 Solon Ohio 44139 440-424-2240 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can't kill smbd process
Mathieu Beaudoin wrote: Hi, Sorry for not responding in a long time, I been really busy these days. To kill the process, I use kill -9 pid of the smbd process as root and it do nothing, no error message and the process still run. I found the possible source of this problem : each night we have a backup server (running opensuse 10.3) that connect to the file server (mount -t cifs ...) copy the files on his own hard drive, umount the share and then start transferring the files on tapes. When I check the swat status page in rsync would be a much, much better choice for that purpose. -- Toby Bluhm Alltech Medical Systems America, Inc. 30825 Aurora Road Suite 100 Solon Ohio 44139 440-424-2240 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] time server = yes
Adam Williams wrote: Helge wrote: Hi Adam, try this: How to configure an authoritative time server in Windows XP: Configuring the Windows Time service to use an external time source http://support.microsoft.com/kb/314054/EN-US/#EXTERNAL or http://support.microsoft.com/kb/314054/EN-US I had the same problem some months ago. Trying to set the client´s time in the user´s logon scripts always brought me an access denied error for the already given reasons. If I remember right, it was this article that finally helped me out. This way the system time is set but the users are prevented from changing the time themselves. Greetings, Petri Thanks for your and everyone else's replies. Unfortunately, the registry edits would require me to go to all 150 computers here and log in as local administrator to make the registry changes, which just really isn't an option. Luckily, I have WPKG installed on all 150 computers to handle automatic deploying of software, and it runs as local administrator on computer start up. So, I will see if I can use K9 or another free NTP program to handle time synchronization, or have WPKG execute a .bat with net time /set /yes \\server upon system start up. You don't need to install K9. Seems you could make the reg changes with wpkg http://wpkg.org/Category:Changing_Windows_settings http://wpkg.org/Adding_Registry_Settings http://wpkg.org/Time_synchronization -- Toby Bluhm Midwest Instruments Inc. 30825 Aurora Road Suite 100 Solon Ohio 44139 440-424-2240 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] time server = yes
Adam Williams wrote: I want my XP clients to update their clocks from my samba server. I have time server = yes in smb.conf, and running ntpd on the server, but my clients aren't updating their clocks. I tried running the command manually logged in as a domain user: net time /setsntp:10.8.2.3 but it just says System error 5 has occurred. Access is denied. Any ideas? The relationship of net time and a real ntp server seems to be a one time sync only anyway. However, you can have the PC really use ntp: :: setup ntp client :: need to be an admin - one time setup sc stop w32time w32tm /unregister w32tm /register net time /setsntp:ntpd-server sc config w32time start= auto sc start w32time w32tm /resync w32tm /stripchart /computer:ntpd-server /samples:1 Could instead use a real Policy or manually jam it into the registry: :: setup ntp client :: need to be an admin - one time setup reg add HKLM\SOFTWARE\Policies\microsoft\w32time /f reg add HKLM\SOFTWARE\Policies\microsoft\w32time\Parameters /f reg add HKLM\SOFTWARE\Policies\microsoft\w32time\TimeProviders /f reg add HKLM\SOFTWARE\Policies\microsoft\w32time\TimeProviders\NtpClient /f reg add HKLM\SOFTWARE\Policies\microsoft\w32time\Parameters /v NtpServer /d ntpd-server /f reg add HKLM\SOFTWARE\Policies\microsoft\w32time\Parameters /v Type /d NTP /f reg add HKLM\SOFTWARE\Policies\microsoft\w32time\TimeProviders\NtpClient /v Enabled /t REG_DWORD /d 0x1 /f reg add HKLM\SOFTWARE\Policies\microsoft\w32time\TimeProviders\NtpClient /v CrossSiteSyncFlags /t REG_DWORD /d 0x2 reg add HKLM\SOFTWARE\Policies\microsoft\w32time\TimeProviders\NtpClient /v ResolvePeerBackoffMinutes /t REG_DWORD /d 0xf reg add HKLM\SOFTWARE\Policies\microsoft\w32time\TimeProviders\NtpClient /v ResolvePeerBackoffMaxTimes /t REG_DWORD /d 0x7 reg add HKLM\SOFTWARE\Policies\microsoft\w32time\TimeProviders\NtpClient /v SpecialPollInterval /t REG_DWORD /d 0xe10 reg add HKLM\SOFTWARE\Policies\microsoft\w32time\TimeProviders\NtpClient /v EventLogFlags /t REG_DWORD /d 0x0 gpudate /target:computer /force -- Toby Bluhm Midwest Instruments Inc. 30825 Aurora Road Suite 100 Solon Ohio 44139 440-424-2240 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to make Add permission for folder in system with ntacl support?
Georgy Goshin wrote: Definitely possible in Samba. Start with the correct POSIX permissions on the directories, then follow the references below. This chapter, in general http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/AccessControls.html and this section, in particular http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/AccessControls.html#id374339 with or without POSIX acl's should explain how to do what you want. Please please please. I've tried already combinations this weekend, spen two days and lost any understanding of logic of file permissions and gived up! Please make someone for me small sample please! Thanks in advance, Georgy I believe your original message said you wanted a directory that users could only write to but not read? On samba server: sudo mkdir test sudo chown root.root test sudo chmod 733 test Now anyone should be able to copy a file to test directory, but not read it. Note - this will only work if you use copy in a cmd prompt. GUI file explorer tools typically want to read dir content first - not possible with these permissions. Perhaps you should explain what you're trying to achieve - there may be better ways to do it. -- Toby Bluhm Midwest Instruments Inc. 30825 Aurora Road Suite 100 Solon Ohio 44139 440-424-2240 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Q: how to collect user/group-names
Chris Osicki wrote: On 9/24/07, Chris Osicki osk at admin.swisscom-mobile.ch wrote: Hi Sorry if it's not 100% appropriate for this list, cannot think of better place to find people with lots of know-how from Unix and Windows. I'm currently working on replacing EMC's Celerra file servers by Linux/Samba. The SID to UID/GID mapping table on Celerra is very large, ~50'000 entries and I don't want to pollute my LDAP server with all this (using winbind with LDAP back-end). Most of those entries are there for historical reasons and are just useless. Now my question: does anybody know a tool working under Windows to scan a filesystem and collect all usernames/groupnames (or SIDS) used? Any Samba's tool having this capability? Thanks for your time. Regards, Chris Chris, Easy. Find is your friend. It can find anything and do whatever with the results. find /tmp/ -type f -printf %U \n | sort | uniq uids.txt find /tmp/ -type f -printf %G \n | sort | uniq gids.txt If you know the uid's and gid's + you got the mappings, it's easy to know which sid's you (don't) need. -- Frank Van Damme A: Because it destroys the flow of the conversation Q: Why is it bad? A: No, it's bad. Q: Should I top post in replies to mails or on usenet? Frank, thanks for your quick answer. Unfortunately it's not what I'm looking for. I want to find out what users or groups have been given any rights on a file or directory. In other words I want to collect user/group-names from ACL's. Or if you want, collect those information which you would see when under Windows you right click on a file/directory and select properties/security. And I'm looking for a way of do it automaticaly. A sort of Windows getfacl -R. Thanks for your time. Regards, Chris I don't know how useful this would be as it's just a raw listing of all files dirs with associated acls. It would need more massaging for any sort of scripted restore or data extract. Install gnuwin32 utils form sourceforge Install xcacls.exe from MS Resource Tools c:\path\to\gnuwin32\bin\find.exe X:\ c:\temp\find.log for /f usebackq delims== %i in (`type c:\temp\find.log`) do @xcacls.exe %i c:\temp\xcacls.log -- Toby Bluhm Midwest Instruments Inc. 30825 Aurora Road Suite 100 Solon Ohio 44139 440-424-2250 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Q: how to collect user/group-names
Chris Osicki wrote: A Windows admin run cacls /T /C on every share I'm interested in. Doh! Same output in one command . . . -- Toby Bluhm Midwest Instruments Inc. 30825 Aurora Road Suite 100 Solon Ohio 44139 440-424-2250 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Disapearing Drives: Urgent help needed
Ron Garcia-Vidal wrote: I need help on this urgently. Does anyone have any ideas? Is mine the only place that is experiencing this problem? The suits are making noises about getting a windows server in here, I don't want to see that happen, but I don't know how to fix this very serious Samba problem. + I don't have much of a clue as to what wrong with your system and this won't figure out the problem, but hey - anything to get things back to normal ( and keep Windows out.) Do you have a valid backup of the system before making the upgrade that broke things? You could reinstall the last working version of samba and do a restore of the pertinent samba config dirs files. Make a tarball of what you have now just in case the restore makes things worse. I had at one time totally hammered samba while messing with it. Fortunately, I did the tarball thing and saved myself. -- Toby Bluhm Midwest Instruments Inc. 30825 Aurora Road Suite 100 Solon Ohio 44139 440-424-2250 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Authenitcation Via Active Directroy
Brijesh Shukla wrote: Hi Samba/Active directory List Can any one please let me know, how can i authenticate a user on Samba Machine via Active Directory. Let me describe my question in more detail. I have Active directory as a domain controller on widows 2003 Server on the same network I have Linux machine that is running the Samba server under the domain contrller of Active Directory. I have list of registerd user on Active directory but all of them is not having the account on Samba machine, how can rest of the user who is not having linux account on Samba machine can access the shared folder on Linux (Samba server). Example, if x, y, z are the registerd user on Active directory and in the same Domian I have Samba server. I have created an account for x (Add user ) in Linux Samba machine, now x is able to access the samba server from any machine to linux. but rest of the other user (Y and Z) can not access the Samba server thoug they are registerd in Active directory as the same previlege ad X. Suppose If i have a 1000 of account in Active directory then I have to create 1000 of account in Samba server to make them eligible to access shared folder on Linux is it the case While in windows-XP enviroment and one of the registerd user in Active Directory can access any one Machine in same domain.. Kindly teach me... Thanks Regards Brijesh Shukla You will need to configure winbind. Have you reviewed the docs at samba.org? Official HowTo Collection - Chapter 2 Domain Member Server, Chapter 14 Identity Mapping. Samba3 By Example - Chapter 7 Adding Domain Member Servers and Clients -- -Toby -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Authenitcation Via Active Directroy
Jonathan C. Detert wrote: * Toby Bluhm [EMAIL PROTECTED] [070216 07:23]: Brijesh Shukla wrote: Hi Samba/Active directory List Can any one please let me know, how can i authenticate a user on Samba Machine via Active Directory. Let me describe my question in more detail. I have Active directory as a domain controller on widows 2003 Server on the same network I have Linux machine that is running the Samba server under the domain contrller of Active Directory. I have list of registerd user on Active directory but all of them is not having the account on Samba machine, how can rest of the user who is not having linux account on Samba machine can access the shared folder on Linux (Samba server). Example, if x, y, z are the registerd user on Active directory and in the same Domian I have Samba server. I have created an account for x (Add user ) in Linux Samba machine, now x is able to access the samba server from any machine to linux. but rest of the other user (Y and Z) can not access the Samba server thoug they are registerd in Active directory as the same previlege ad X. Suppose If i have a 1000 of account in Active directory then I have to create 1000 of account in Samba server to make them eligible to access shared folder on Linux is it the case While in windows-XP enviroment and one of the registerd user in Active Directory can access any one Machine in same domain.. Kindly teach me... Thanks Regards Brijesh Shukla You will need to configure winbind. I'm not sure that is true; I think one could use pam_ldap alone instead. However, I agree that winbind is a good choice. Have you reviewed the docs at samba.org? Official HowTo Collection - Chapter 2 Domain Member Server, Chapter 14 Identity Mapping. Samba3 By Example - Chapter 7 Adding Domain Member Servers and Clients The direct answer is, 'No', you don't have to create all 1000 accounts on the Samba server (though you may still have to create the homedirs). You can use winbind instead, as Toby pointed out, and the above mentioned documentation contains all you need to know. To give you a general idea of what you'll learn from the above documentation: Essentially, winbind maps unix uids and gids to Ms.ActiveDirectory sids. Winbind offerrs 2 or 3 mutually exclusive ways to do that mapping. The simplest way is for winbind to maintain its own, unshared map, local to the samba server. The uids and gids that winbind uses in this case, are unique to the local samba server (i.e. the same mapping cannot be used on some other host). Using idmap_rid will bypass that little mapping problem. It combines the Windows SID and a base number to form predictable UIDs/GIDs. More complex ways to make winbind do its sid- uid/gid mapping include: a) get the map from an ldap server b) get the map from an MsA.D. server that has had its schema extended with unix attributes (mssfu). I believe there is another mapping method too, that I don't know well enough to summarize. None of the winbind mapping strategies handle making home directories. If you need home dirs, you might be able to use pam_mkhomedir to make them automatically for you. -- -Toby -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ads_join_realm: Insufficient access
Brijesh Shukla wrote: Hi Samba List; Kindly help me, I am stuck with this problem since long time. I am trying to join windows 2003 Active Directory using Linux client. I am able to join Windows 2003 Active directory using administrator account (I mean if i am giving the command like net ads join -U administrator then it work perfectly ) Perfectly normal default operation. on the other hand if i try to with normal user account let say bshukla then I am always getting this problem...ads_join_realm: Insufficient access.. User bshukla does not have rights to add machines to the domain. Again, perfectly normal default operation. On the same time I am able to access Windows 2003 Active directory with bshukla account using windows-xp based PC.. I am astonish kerberos is working fine because I am able to get ticket on bshukla user account but net ads join -U bshukla is not giving desired result.. What are you trying to achieve? You are already able to add your Linux box to the domain and only need to do it once. By default, non-admin users cannot join machines to the domain. If you want user bshukla to be able to do that, the right will have to be granted in Windows AD. I am attaching the log of my work... Kindly suggest me what i have to do.. **LOG FILE* [EMAIL PROTECTED] ~]# kinit [EMAIL PROTECTED] Password for [EMAIL PROTECTED]: [EMAIL PROTECTED] ~]# net ads join -U bshukla [2007/02/09 20:21:36, 0] libads/ldap.c:ads_add_machine_acct(1405) ads_add_machine_acct: Host account for localhost already exists - modifying old account [2007/02/09 20:21:36, 0] libads/ldap.c:ads_join_realm(1763) ads_join_realm: ads_add_machine_acct failed (localhost): Insufficient access ads_join_realm: Insufficient access ***End of Log Thanks in advance Brijesh Shukla -- -Toby -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Connection dropped when copying large files to a SambaServer
Michelle Dupuis wrote: Not hijacking the thread here...just adding more info as I have the same issue. I run Samba 3.0.23c (on FC6 64 bit), and am backing up from a Windows box to my Samba share. Sometimes it works great; other times the samba share locks up (I need to restart the smb service); and last week samba caused a kernel panic. I can sometimes get 65GB onto the share before it locks up. I can backup to the share using NFS (using Windows Services for Unix) without issue, but not to Samba. My relevant smb.conf settings are: reset on zero vc = yes read raw = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 The current thinking on this list sez that SO_RCVBUF and SO_SNDBUF are not needed and may actually degrade performance. Try commenting those out test again. -- -Toby -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Connection dropped when copying large files to a SambaServer
Michelle Dupuis wrote: Not hijacking the thread here...just adding more info as I have the same issue. I run Samba 3.0.23c (on FC6 64 bit), and am backing up from a Windows box to my Samba share. Sometimes it works great; other times the samba share locks up (I need to restart the smb service); and last week samba caused a kernel panic. I can sometimes get 65GB onto the share before it locks up. I can backup to the share using NFS (using Windows Services for Unix) without issue, but not to Samba. My relevant smb.conf settings are: reset on zero vc = yes read raw = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 Recent thinking is that so_rcvbuf so_sndbuf are probably not needed anymore and may actually degrade performance. Try commenting them out test again. -- -Toby -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multi share point to the same drive letter
M Azer wrote: I have the same setup where all of my Dept shares under a parent share for example finance, sales, IT are all under the shares folder and i have setup a one login script in the user profile to map to the parent share net use P: \\samba\shares however if someone from the sales group log in he will see all 3 share but will only be permitted to go in the sales share same works with the other group members. What I am trying to do is when the sales user log in I only want the user to see the Sales folder 'share' only not the other two shares. I have set the right permission on all shares where the each group own the folder for example sales folder will be owned by the root and the group will be the sales group sales rwxrwx000 root sales however when someone not a member of the sales group logon they still see the sales folder 'share' Could use the ifmember.exe program in your netlogon.bat. \\samba\bin\xptools\ifmember.exe DOMAIN\Sales NUL if errorlevel 1 net use P: \\samba\shares\sales -- -Toby -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Move Vs Copy
Apparently, when you use MOVE or drag-n-drop in Explorer and the source dir and dest dir on the samba server are in the same filesystem, smb will essentially do a Unix mv command. Thus the file will retain the original permissions and ownership. As long as the user could write to the dir, it would ignore setguid, share modes, ACLs, etc. We had a special directory setup to pass docs on to another group and occasionally users would forget to COPY and not MOVE the files there. I used a dnotify script on the samba server to monitor that dir and change perms when new stuff showed up. The other group could then delete the files. M Azer wrote: [shares] comment = Deptartments Share path = /shares/ public = no browseable = yes writable = yes directory mask = 0770 create mask = 0770 under [share] i have the following 4 folders: [EMAIL PROTECTED] shares]# ls -l drwxrws--- 2 root devel 4096 Jan 31 17:41 devel drwxrws--- 3 root finance 4096 Jan 31 16:49 fin drwxrws--- 4 root it4096 Jan 31 17:22 it drwxrws--- 4 root Domain Users 4096 Jan 31 17:41 pub as you can see each folder is owned by its group and chmod g+s is set on all the folders to keep the group ownership to newly created folders/files Thanks for the reply On 2/1/07, Felipe Augusto van de Wiel [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/31/2007 08:49 PM, M Azer wrote: when MOVEing folders/files from dept share to pub share the folder/files retain the dept group ownership however if I COPY instead of using Move the folders/files group ownership will change to the pub group How do I get the same behavior to work with Move? How is your smb.conf with regards to these shares? Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFwepECj65ZxU4gPQRAq1+AJ9sQotC1QBv77RIsOhlDjQIf5IECwCgs17x 5dnV6kPbdIEsEgkxeRfi5xA= =sce3 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- -Toby -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Version control filessytem using Samba
Mario Fernandez wrote: I'm looking at implementing a version control filesystem and would like to know if it's possible to implement version control with Samba. Thanks Mario How do you plan for it to work? For example - every time I save \\server\home\mydoc.xls, it will somewhere keep a copy or diff of the previous version? -- -Toby -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Move Vs Copy
I had kept our dept at just two drives, home=H:, everything else=X:. I dislike the yet-another-drive-letter approach. :-) M Azer wrote: I assign the pub share a different a drive letter in my login script: P: public H: userhome y: Dept share and the MOVE command worked as the COPY command. now when i mv folders/files between the three different shares the folders/files get assigned the appropriate permissions as well as the appropriate group ownership and it doesn't retain the original permissions and ownership. -- -Toby -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Giving AD group members access to Samba server
Joshua Penix wrote: Here's my situation, hoping that some of you who are running Samba in an AD environment will have insight: Samba is acting as a member file server in an AD domain. In addition to the domain containing Samba, there are two other domains in the AD forest. All three domains have full trust between them. Each domain has a Global Security Group called ACAD_ENGR. Samba (through winbind) sees them as DOM1+ACAD_ENGR, DOM2+ACAD_ENGR, and DOM3+ACAD_ENGR. I'd like members from all three groups to have write access to a particular directory. This needs to be done with filesystem permissions, not share permissions, because underneath each directory there are further subdirectories that have varying access rights matched to other groups in the three domains. Thoughts? Is this possible with Samba? --Joshua Penixhttp://www.binarytribe.com Binary Tribe Linux Integration Services Network Consulting Have you tried using ACLs? -- -Toby -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Login and logout scripts
Maybe use preexec? It's a share thing, but you should be able to script something . . . Maurício Szabo wrote: But what I want to do is a login / logout script that runs *on the samba server*, so when a user logs in, I could make a backup of his home share before he logs... On 1/24/07, *Toby Bluhm* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Charles Marcus wrote: If you are just using a samba server as the PDC with no MS Windows domain controller then yes you can have login scripts. You can also use group membership comparisons within the login script using a windows tool called ifmember.exe. Both the vbs/bat files and ifmember.exe go /etc/netlogon. Correction: it is ISMEMBER.EXE, not ifmember.exe. ismember.exe osver.exe are third party tools. ifmember.exe is part of MS Resource Kit. -- -Toby -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] access users homes share
You want the users' share to initially be private? Users can selectively have another user or users access to their private share? If that's what you're looking for and samba is the PDC, I would: [homes] comment = user share browseable = no writeable = yes create mask = 0660 directory mask = 2770 oplocks = true Give all users their own private default group and change permissions. Example: user joe, default group is joe. Configure joe's directories: chown -R joe.joe /home/joe find /home/joe -type d -exec chmod 2770 {}\; find /home/joe -type f -exec chmod 660 {}\; If user joe wants to let user jim access his stuff, add jim to joe group. When joe is tired of jim stomping on his stuff: remove jim from joe's group find /home/joe -user jim -exec chown joe {} \; Sascha wrote: yes, but whats the better way ;( maybe the solution for that is tooo simple so that we cant find it :) am i the only person who has this problem ? - Original Message From: Maurício Szabo [EMAIL PROTECTED] To: Sascha [EMAIL PROTECTED] Sent: Tuesday, January 23, 2007 5:05:46 PM Subject: Re: [Samba] access users homes share Well, you can write force create mask = 0777 in the user's home share. user1 and user2 will both have control of the files in the folder, and no other user will have control because they can't enter on user1 or user2 home share. Besides, I think there must be a better way of doing this :-) On 1/23/07, Sascha [EMAIL PROTECTED] wrote:do u mean sticky bit or suid ? that does not work. i looking for a way to let samba do the chmod. something with force user. i currently use force user = %U but that wont work because with that option the user who connects to the share will get the permission. - Original Message From: M Azer [EMAIL PROTECTED] To: Sascha [EMAIL PROTECTED] Cc: samba@lists.samba.org Sent: Tuesday, January 23, 2007 3:36:48 PM Subject: Re: [Samba] access users homes share I hope this is what you are looking for. basically you need to set the sticky bit for the owner - I assume that the user1 home folder is owned by user1. chmod u+s user1 home folder this way any file/folder gets created will be owed by user1. http://www.zzee.com/solutions/chmod-help.shtml On 1/23/07, Sascha [EMAIL PROTECTED] wrote:now theres another problem: when i access a share and create a file the user will be forced to %U and not to the user who owns the homes share. when i set force user =%S then everyone can connect to the share. is there a chance that when i give user1 the rights to connect to user2 homes share (via setfacl) and user1 creates a file that this file will be chown to user2. i dont want to create a special share or groups because when i do it that way i would have 50 extra shares in my smb.conf. thanks for your help again and best regards - Original Message From: Sascha [EMAIL PROTECTED] To: samba@lists.samba.org Sent: Tuesday, January 23, 2007 12:39:20 PM Subject: Re: [Samba] access users homes share thanks for your help. i just did a setfacl on the users home directory and i could access it. really nice :) thanks again for the help best regards - Original Message From: Maurício Szabo [EMAIL PROTECTED] To: Sascha [EMAIL PROTECTED] Sent: Tuesday, January 23, 2007 12:27:32 PM Subject: Re: [Samba] access users homes share You can add user1 to a group that user2 is currently in, and set permissions of the user2 home share to be group-readable. For example, user2 is a member of the group foo, so you can add user1 to foo group, add user2's home share to foo group, and finally do a chmod g+wxr to user2's home folder. On 1/23/07, Sascha [EMAIL PROTECTED] wrote: hey list, we are currently migrating our users from novell to samba. now we have one problem: in novell we could give e.g. user1 access to users2 home share so he could modify, delete or add files on this share. in samba we defined a global homes share that is mapped on logon. so how can we give user1 the needed rights? here is the definition of the homes share in smb.conf: [homes] comment = user share browseable = no writeable = yes write list = %U create mask = 0600 directory mask = 0700 force user = %U force group = Administrators oplocks = true do we need to add a special share and group? thanks for help and best regards -- -Toby -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] request_oplock_break: no response received to oplock break request
Hello, I've been running samba 2.0.7 for a couple years now on a DEC alpha with Tru64 4.0D. I't pertty much a default smb.conf as far as oplocks that sort of stuff. Anyway, the other day some users started having troubles with saving ms-word files. The smbd processes have always been running as root. But now the users with the problem own their smbd process. And they get errors like such in the log file: for dev = 810, inode = 17169, tv_sec = 3e22d418, tv_usec = 931fe [2003/01/13 12:46:27, 0] smbd/oplock.c:(1204) request_oplock_break: no response received to oplock break request to pid 5755 on port 1450 for dev = 810, inode = 144022 for dev = 810, inode = 144022, tv_sec = 3e22dc57, tv_usec = d9670 [2003/01/13 12:46:30, 0] smbd/oplock.c:(1204) request_oplock_break: no response received to oplock break request to pid 4265 on port 1395 for dev = 810, inode = 17312 for dev = 810, inode = 17312, tv_sec = 3e22d418, tv_usec = 887d2 [2003/01/13 12:46:30, 0] smbd/oplock.c:(1204) request_oplock_break: no response received to oplock break request to pid 5755 on port 1450 for dev = 810, inode = 144022 for dev = 810, inode = 144022, tv_sec = 3e22dc57, tv_usec = d9670 It seems since some of the smbd processes is owned by root, the process owned by the users cannot control the root owned process. Is this a correct assumption? How or why would it start doing this? And the user will have several smbd processes started in their name. Seems to be only NT4 clients, although I've not verified that yet. The only recent change I made was the IP address of the server. The client have had their new IPs for some time now. I'm not tying samba to any specific interface or IP. ANy clues as to how to fix this? Thanks -tkb -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba