[Samba] Re: Mac OSX doesn't retain file timestamp when copying to SAMBA share
I had a similiar issue recently, also on Solaris. I was running samba 3.0.14a. The clients where Win XP but anyhow a programmer that uses a share noticed one day that one of the timestamps of a file she was copying from somewhere else lost its timestamp. In general though we could copy files over to the share and the timestamps would be retained fine. After lots of experimentation I finally figured out the culprit was when she was copying over top an existing file and she was not the owner of the existing file. She had permission to clobber over the file via her group permission but in that specific case, clobbering over a file she didn't actually own, the file copied would get a fresh timestamp. The first thing I did was try Samba 3.0.23d to see if perhaps it was fixed in that version. Lo and behold it was, the issue went away immediately upon upgrading to 3.0.23d. Tom Schaefer On Tue, 16 Jan 2007 08:30:06 +1100 Troy Kenah <[EMAIL PROTECTED]> wrote: > > Hi All, > > I'm not sure what's causing this but every time I copy a file from one > of the Macs (details below) to the Samba server the file timestamp is > changed to the copy time rather than retaining the last modified time. > Does anyone know what could be causing this? > > Systems: > Mac OSX (versions 10.3.x -> 10.4.x) > Windows 2000 Professional > Solaris 10 running Samba 3.0.11 > > Tests... > Mac OSX -> Mac OSX retains timestamp > Mac OSX -> W2K share retains timestamp > Mac OSX -> Solaris Samba share REPLACES timestamp with copy time > W2K -> Solaris Samba share retains timestamp > > smb.conf > [global] >workgroup = OTP >server string = OTP Server >security = share >load printers = yes >log file = /usr/local/samba/var/log.%m >max log size = 50 >socket options = TCP_NODELAY >dns proxy = no > [otpserver] >comment = OTP Server >browseable = no >writable = yes > [printers] >comment = All Printers >path = /var/spool/samba >browseable = no >guest ok = no >writable = no >printable = yes > [otpdata] >comment = OTP Data >path = /otp/Shared >guest ok = yes >read only = no >writable = yes >public = yes > [ftpdata] >comment = FTP Data >path = /otp/user/guest >guest ok = yes >read only = no >writable = yes >public = yes > > > Regards, > Troy. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: security=share, who needs it ?
On Fri, 17 Mar 2006 09:12:52 -0600 "Gerald \(Jerry\) Carter" <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Tom, > > I've got to step up for Carsten here. > > Tom Schaefer wrote: > > > Carsten Schaub <[EMAIL PROTECTED]> wrote: > >> the security=shre setting does not behave as many admins > >> expect. Access > > > > It behaves exactly as this admin expects and I would absolutely > > hate to see it to go. > > No. it really doesn't. For the record, Carsten brought > this issue up on the samba-technical ml. Every developer agrees > that our security = share code is fundamentally broken because > it tries to shoe horn a userless security model onto a user/password > authentication system. > I don't know if it behaves as other admins expect but it is does behave as I expect. I've tinkered with it, read the man pages, and learned how it behaves. I know Carsten brought the issue up on samba-technical because as soon as I saw his post here I kind of phreaked out fearing the conversation might be occurring elsewhere as well. Its a conversation I don't want to see anywhere, so I Googled it and to my dismay I found the big discussion you all are having over on Samba technical. I've read pretty much all of it. > People try to do all sorts of silly things with security = share > like using a 'write list' option. What is that supposed to mean? > You want a userless authentication but a user based authorization > system? That's just wrong. > Well I've never attempted to do that and a quick review of the man page tells me I can't do it under Samba 3 even if I want to. So, I'm not going to address it other than to say what you trying to bang over my head as well - share level security is not a "userless authentication" in Samba and its presumptuous to assume thats what the admin wants. Perhaps the admin understands that even under share level security Samba always makes the connection as somebody, understands whom that somebody is can easily be controlled, and finds it advantageous to do so. > If the only think people need is a guest server, we can do that > very easily with 'security = user'. We can even mix guest and > non-guest servers using virtual servers. > With security=user you've still got to successfully connect as some user in the first place before you can even request a guest share. This leads to all sorts of fun. You'll still have situations where Joe User is going to find it difficult at best to actually connect to a guest share because he doesn't know his password, why should he need to know his password to access the guest share? (Its a rhetorical question I understand the technical reason why) Enter "map to guest", more fun, he'll make a typo on his username or password and get connected to the guest share as the guest account and subsequently not be able to connect to his non guest shares. With security=share a guest share is always a guest share is always a guest share, no issues, no hassles, no muss, no fuss, it just works, always. As far as virtual servers, they confuse people. Also, they don't work unless you disable port 445.. %L the NetBIOS name of the server. This allows you to change your config based on what the client calls you. Your server can have a ``dual personality''. This parameter is not available when Samba listens on port 445, as clients no longer send this information. I can go on about virtual servers Jerry, just ask me. > >> to all shares are mapped to the guest account and if the underlying unix > >> permissions don't permit that access you get errors and the access > >> doesn't work as expected. > > > > Thats wrong. You connect to a Samba server using security=share > > as the guest account or as any user you want. The method used > > for determining whom you connect to a particular share as is > > spelled out in the section "NOTE ABOUT USERNAME/PASSWORD VALIDATION" > > of the smb.conf man page. > > Tom, I think it is a little more complicated that you realize. > The problem is not getting 'security = share' to work with the > current code base, but rather how easy it is to misconfigure > the server. And I'll add that if we implemented share mode > security as it should be, your configuration would probably > not work any more. > So, you're going to yank it out to protect me from myself. It wasn't THAT long ago it was the DEFAULT. I think making security=user the default as you've already done is sufficient to protect admi
[Samba] Re: security=share, who needs it ?
On Tue, 14 Mar 2006 23:05:48 +0100 Carsten Schaub <[EMAIL PROTECTED]> wrote: > Hi list, > > the security=share setting does not behave as many admins expect. Access It behaves exactly as this admin expects and I would absolutely hate to see it to go. > to all shares are mapped to the guest account and if the underlying unix > permissions don't permit that access you get errors and the access > doesn't work as expected. Thats wrong. You connect to a Samba server using security=share as the guest account or as any user you want. The method used for determining whom you connect to a particular share as is spelled out in the section "NOTE ABOUT USERNAME/PASSWORD VALIDATION" of the smb.conf man page. > > Also is security=share a global parameter. This given, there is no > distinction between guest and authenticated access per share possible > yet. > No, no. Here are a few shares from the smb.conf file of a single security=share server I have. Homes only works for a given user if they give their correct password , the second share anyone who knows what the password is can access, and the guest share is a guest share so it works for everybody with no authentication. [Homes] comment = Home Directories username = %S valid users = %S writeable = Yes map archive = No browseable = No [birdastudent] path = /accounts/faculty/birda follow symlinks = No username = birdastudent valid users = birdastudent writeable = No map archive = No browseable = No [guest] path = /accounts/research/samba_guest guest only = Yes guest ok = Yes > Further you can archieve the security=share setting behavior with > setting > -smb.conf > [global] > security = user # thats the default of current releases > map to guest = bad user > username map = /etc/samba/smbusers > > smbusers- > foo = * > > What reasons prevent removing 'security=share' ? > > One nice thing about security=share is that in an environment I'm in where there is little to no correlation between MS Windows usernames and UNIX account usernames I don't have to worry about trying to keep it all sorted out in some behometh username map file thanks to username = %S. Another nice thing about it is I don't have to worry about the way MS Windows clients will only let you connect to a single server as a single user at a time. With share level security I can have people authenticate to a single UNIX system as several different UNIX usernames from a single Windows box. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Unicode, ASCII, and Samba3 ...
I work at a university and when I upgraded from 2 to 3 only 1 user ever complained, a professor in the foreign languages department. I started to go down the road of conversion utilities and fiddling with code pages and character sets. Then a potential easy solution occurred to me. We have several Samba servers and the Unix boxes have a lot of disk in common; I still had Samba 2 on some systems. On the UNIX side I moved her files to where they where once again being shared by a Samba 2 server. As would be expected, from the client side, MS Windows, all the file names where instantly intact again. I copied all her files down from the Samba 2 server to local disk of a MS Windows box. From the MS Windows box I then copied the files up to the Samba 3 server. Ta da. Now they where on the Samba 3 server with file names intact. Of course doing something like that may not be feasible in your case. Good luck. Tom Schaefer On Wed, 26 Oct 2005 16:57:56 +0200 "Julien Ailhaud" <[EMAIL PROTECTED]> wrote: > > > Problem summary : > Files created with samba2 are now unreadable with samba3. I tested all > possible settings in samba, rebuild it with libiconv, already posted here > without reply ... without success. > > Today I analyzed the traffic between my station and the server, and I found an > interresting thing : > > With both version, filenames are transmited in ascii > code 130 gives "é" > code 135 gives "ç" > code 151 gives "ù" > > But ... > > In packets exchanged by my Samba2 server and the stastion, the flag "unicode > strings" is set to Zero ( --> ASCII ) > > In packets exchanged by my Samba3 server and the stastion, the flag "unicode > strings" is set to One ( --> UNICODE ) > > > I think that the problem is here, but I can't find how to change it, forcing > my Samba to use ASCII there. > > Any Idea ?? > > Thanks. > > > Ce message est protégé par les règles relatives au secret des > correspondances. Il est donc établi à destination exclusive de son > destinataire. Celui-ci peut donc contenir des informations confidentielles. > La divulgation de ces informations est à ce titre rigoureusement interdite. > Si vous avez reçu ce message par erreur, merci de le renvoyer à l'expéditeur > dont l'adresse e-mail figure ci-dessus et de détruire le message ainsi que > toute pièce jointe. > > This message is protected by the secrecy of correspondence rules. Therefore, > this message is intended solely for the attention of the addressee. This > message may contain privileged or confidential information, as such the > disclosure of these informations is strictly forbidden. If, by mistake, you > have received this message, please return this message to the addressser > whose e-mail address is written above and destroy this message and all files > attached. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: File access rights on a NFS share: please help !
On Mon, 19 Sep 2005 17:03:34 +0200 Sabrina Lautier <[EMAIL PROTECTED]> wrote: > Ex: > [EMAIL PROTECTED] id -a > uid=16783675(NCEDOM\toto) gid=16777217(NCEDOM\domain users) > groups=16777217(NCEDOM\domain users),16777328(NCEDOM\dev-iis) > > [EMAIL PROTECTED] cd /nfs_share > [EMAIL PROTECTED] ls -ls > 0 drwxrwx--- 2 root NCEDOM\dev-iis 80 2005-09-07 14:16 iis > [EMAIL PROTECTED] cd iis > -bash: cd: iis: Permission denied > > As you can see toto's primary group is NCEDOM\domain users but he also > belongs to group NCEDOM\dev-iis. > Yet directory iis belongs to group NCEDOM\dev-iis. > But this work fine on a local FS. > Well possibly the problem is what Jeremy said. Something I'd look at though is the actual gid of the iis directory by simply using ls -n and verify for sure that the gid of the iis directory is 16777328. Possibly you have two gids both named NCEDOM\dev-iis and it isn't gid 16777328 that the iis directory belongs to. Tom Schaefer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Read-only and POSIX ACLs
Yes Jeremy, I think that would be a good thing. To the best of my knowledge, other than the particular situation we are discussing, a user connected to a writeable share via Samba always has the exact same ability to operate on files as if they where logged into the box via a UNIX shell. That is how I as an admin have come to expect it to operate and how I want it to operate. Now obviously parameters such as force group and so forth are going to change what a user can do but by default I'm saying the user should always have the same ablity via Samba as if using a shell. Incidentally, the situation you are talking about arises even if you take ACL's completely out of the picture and have write access via the file's standard group permissions if the owner doesn't have write. If you do change Samba to remedy the ACL situation I'd hope you remedy it in this case too. As far as an option to enable the current behaviour, sheesh I can't decide. How many admins would you guess are using the current behaviour as a feature? I'd guess very few if any. On the other hand, now that I know about this current oddity of Samba behaviour it almost seems like something I myself could potentially make use of as a feature. In summary my votes are: Make the change? yes Option to allow current behaviour? no opinion Tom Schaefer On Tue, 10 May 2005 12:25:49 -0700 Jeremy Allison <[EMAIL PROTECTED]> wrote: > Hi all, > > I can make a simple change to smbd for the next stable > release that will cause POSIX ACLs to be checked before returning > the DOS mode of a file is "read-only". This will fix the case > that people are complaining about where a POSIX ACL allows write > access to a file but the standard owner "w" bit is missing (smbd > currently returns DOS read-only for that case if the DOS attributes > are not being stored in EA's). > > The question is, shall I make that change and if so should I have > a fallback parameter to turn off the behaviour if people require > it ? > > Comments please (btw: I have to be out in the UK all this week > but will try and work on things intermittently). > > Jeremy. > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Minimal Samba
Nice example John. But, at least in my experience and the smb.conf man page would seem to concur, it won't work at all under Samba 3.x unless you add the line "smb ports = 139". The following two sections of the smb.conf man page more or less spell out the problem.. smb ports (G) Specifies which ports the server should listen on for SMB traffic. Default: smb ports = 445 139 %L the NetBIOS name of the server. This allows you to change your config based on what the client calls you. Your server can have a ``dual personality''. This parameter is not available when Samba listens on port 445, as clients no longer send this information. Tom Schaefer On Tue, 26 Apr 2005 08:31:23 -0600 John H Terpstra <[EMAIL PROTECTED]> wrote: > > It is possible. > > Master smb.conf file: > > [global] > workgroup = FORTKNOX > security = user > netbios name = ARMEDGUARD > netbios aliases = BANDIT > include = /etc/samba/smb.conf.%L > > [homes] > read only = No > > > > > Now for the 'bandit' smb.conf: > > [global] > workgroup = FORTKNOX > security = share > netbios name = BANDIT > guest ok = Yes > > [cashpool] > path = /money > read only = yes > guest only = yes > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: still ACL bug in 3.0.14a
On Tue, 19 Apr 2005 20:44:24 -0500 "Jeremy Allison" <[EMAIL PROTECTED]> wrote: > This is actually a separate (non-ACL) issue. It's not a bug in > the ACL code. I reproduced it last night and am preparing a > response - the problem is the DOS attributes code sees it as > read-only. Do a attrib command from a Windows client > and you'll see +r at the attribute. It's not strictly a Samba > bug, more a design issue. > I agree, its more of a design issue. Jeremy since you "haven't yet decided exactly what semantics make sense here.".. My 2cents (which I realize no one has asked for but thats the beauty of internet mailing lists) is that by default for any writeable share the user & group on whos behalf Samba is acting should have the exact same permission to modify a file or delete it or whatever that they'd have where they actually logged into the Samba server via a UNIX shell. That is how I as a Systems Administrator have come to expect Samba to behave and to the best of my knowledge is how it does behave outside the particular issue we are discussing. As for the read only attribute on a file, I think if the user & group combination on who's behalf Samba is acting would have the ability to write to the file where they sitting at a UNIX shell then the read only flag should not be set and vice versa. > I'm at LinuxConfAu at the moment but 2619 isn't a real bug > as if you typed "attrib -r " it would fix the problem. > Only if dos filemode = yes By the way, this whole "issue" is not a new one. I set up this same scenario last night on an old Linux Mandrake 8 box running Samba 2.2.7a and the behavior was exactly the same. Tom Schaefer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: still ACL bug in 3.0.14a
Hello, I've kind of been hanging with Peter on this whole issue so didn't want to just abandon him when Jeremy issued the Solaris patch that fixed things for me. I went and took a hard look at bug report 2619 that Peter filed and tried to duplicate it. He is doing ACLs on specific files, not directories as I was. When specifically following Peter's bug report, I CAN duplicate the bug Peter found under Solaris even with the all inclusive force group/Solaris patch Jeremy issued yesterday installed. I put the new patch on the Linux box, and as Peter is saying, the problem is still there as well. I noticed Jeremy requesting level 10 debug logs on the bug tracking page. I'll send some as soon as I can. Tom Schaefer On Tue, 19 Apr 2005 09:45:46 +0200 Peter Kruse <[EMAIL PROTECTED]> wrote: > Hello again, > > Jeremy Allison wrote: > > On Mon, Apr 18, 2005 at 06:35:12PM +0200, Peter Kruse wrote: > > > >> > >>bad news, my problem is not fixed with 3.0.14a > > > > > > The log file helped. Try this patch (applies against > > raw 3.0.14a). Problem was Solaris was returning 2 in a > > place I expected a 1 > > > > tried it, makes no difference here. I'm neither using "force group" nor > using Solaris. Sorry to confuse you, there are probably two different > problems in the same thread, although the subject is valid for both. > But as the Solaris issue seems to be resolved, maybe you could > have a look at my bug report: > https://bugzilla.samba.org/show_bug.cgi?id=2619 > The bug report includes exact instructions how to reproduce it. > I get the impression that the acl implementation is wrong. It looks > to me that if any user doesn't have write permission then the > group settings are ignored. > Jeremy, if you create such a file, do you get correct behaviour? > > Thx, > > Peter > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] still ACL bug in 3.0.14a
Hi Peter, Bad news at this end too. Peter, Jeremy put out a patch over the weekend, if you browse back through this thread a little bit you should find it. He actually posted it twice as I recall. Perhaps the patch would fix things for you. It fixed things for at least the one person, Eric Stewart, who was having the same troubles as we are of being able to create & modify files but not delete or rename them. Although from the way I read Eric's postings, although he was having the same error as us in the end, to me he seemed to be doing things quite differently to get there. Like in the beginning when he was having the problem, I don't even think he was using ACLs at all. Then it came out that compiling --with-acl-support might fix things for us. Eric specifically went back and remounted his file system with ACL support and recompiled Samba with ACL support but in the example file listings he posted it still didn't look like he was actually making any use of ACLs whatsoever. But he was having the same symptoms. Jeremy wrote a patch and it fixed it for him. He was doing a force group which apparently was the root of his ills. Which worries me a bit because I do a lot of force group on my actual servers. In this testing mode I've been in since Friday I've just been keeping things as basic and simple as possible. I did get it to work on Linux by compiling --with-acl-support but I was not doing any force groups or anything the least bit exotic. I have yet to get it work properly on Solaris. I'm in the process of putting together a level 10 debug log and anything else I think might be useful for him and sending it off to Jeremy. Jeremy had suggested that the patch he wrote for Eric might fix my trouble on Solaris as well. It did not. I noticed there is a new message in this thread posted from Yannick Bergeron stating he applied the patch and rebuilt 3.0.14a from scratch this morning and the problem persists for him as well. Tom Schaefer On Mon, 18 Apr 2005 11:35:12 -0500 "Peter Kruse" <[EMAIL PROTECTED]> wrote: > Hello, > > bad news, my problem is not fixed with 3.0.14a > > Jeremy Allison wrote: > > On Sat, Apr 16, 2005 at 08:29:31PM -0500, Schaefer Jr, Thomas R. > > wrote: > > > >> I'm modifying what I wrote this morning. Compiling > >> --with-acl-support DOES fix the problem on Linux. Jeremy is right. > >> Although I had compiled it that way this morning I was accidentally > >> running one of my earlier compiles. Sorry. > > > > > > I have email access now, but not much of a test environment yet. > > > > This happens a *lot*. People, if you reconfigure and try again and it > > still doesn't seem to fix the problem please try and ensure that > > you're running your new binaries. This seems to be a common failure. > > > > > > I double and triple checked, I am running 3.0.14a and it's the > binary, made a debian package and installed that which also removes the > old 3.0.13 installation. > And also checked that --with-acl-support is used on configure, this > is included in the debian/rules Makefile. > Stopped all nmbd, winbind and smbd instances and ran the 3.0.14a > binaries it says in the logfiles: > log.nmbd: Netbios nameserver version 3.0.14a-Debian started. > log.smbd: smbd version 3.0.14a-Debian started. > So it is 3.0.14a and the bug is still there. Exactly the same > as described in https://bugzilla.samba.org/show_bug.cgi?id=2619 > > If you create a file with the mentioned acls do you have > a different behaviour? > > Peter > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: still ACL bug in 3.0.14a
Solaris guy here. Since my last posting I HAVE managed to replicate this problem with 3.0.14a on Linux. Red Hat Enterprise Advanced Server version 3 to be exact. Although I did not specify --with-acl-support as a configure option. I have never needed to compile --with-acl-support in order to have Samba properly make use of the ACLs I've set up. Actually, that had crossed my mind ealier today. I was reasonably sure the configure script picked and compiled in ACL support automatically on Solaris. Anyhow, I just got done reconfiguring and compiling on Solaris. In the same directory full of Samba 3.0.14a source code that I used this morning. ./configure --sbindir=/usr/local/samba/bin --with-acl-support I did not do a make dist clean first or anything like that though. Maybe I need to do that because what I ended up with STILL has the same problem. I've got to go. I'm usually at the daycare loading the kids into the car at this time of day and thats 12 miles or so from here. Jeremy, thankyou much for all your hard work and prompt support. Tom Schaefer On Fri, 15 Apr 2005 13:31:40 -0700 Jeremy Allison <[EMAIL PROTECTED]> wrote: > I'm starting to think this is the cause of the problems for people. > I can check this by compiling without acl support and seeing if I > can reproduce the bug. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] still ACL bug in 3.0.14a
Sigh. Good catch Peter but I set up my test environment (Sparc Solaris 8, UFS filesystem) to match what Jeremy used and still have the same problem. I set it up like this... [EMAIL PROTECTED]:/accounts/staff/schaefer/tmp bash# ls -ld crap d---rwx---+ 2 root root1024 Apr 15 13:53 crap/ [EMAIL PROTECTED]:/accounts/staff/schaefer/tmp bash# getfacl crap # file: crap # owner: root # group: root user::--- user:schaefer:rwx #effective:rwx group::rwx #effective:rwx group:203:rwx #effective:rwx group:cfusion:rwx #effective:rwx mask:rwx other:--- User schaefer still can't rename or delete files in the crap directory. How frustrating. Jeremy we don't do a lot of Linux around here but yes I should be able to cobble a test together. Also, Peter, I know you use Linux and have been seeing these exact same symptoms, but have you actually tried it against 3.0.14a yet? Tom Schaefer On Fri, 15 Apr 2005 13:49:10 -0500 "Peter Kruse" <[EMAIL PROTECTED]> wrote: > Hello, > > (please see below) > > Jeremy Allison wrote: > >>[EMAIL PROTECTED]:/accounts/staff/schaefer/tmp bash# getfacl crap > >> > >># file: crap > >># owner: root > >># group: root > >>user::--- > >>group::--- #effective:--- > >>group:203:rwx #effective:rwx > >>group:cfusion:rwx #effective:rwx > >>mask:rwx > >>other:--- > >> > > > # getfacl crap > > > > # file: crap > > # owner: root > > # group: root > > user::--- > > user:jeremy:rwx > > group::--- > > group:jeremy:rwx > > mask::rwx > > other::--- > > > > User jeremy can create/delete and modify files from a cmd.exe shell > > and Windows explorer to his hearts content, no problems. > > > > The difference is that you gave write permissions to user jeremy. In > the other example, permissions are granted _only_ to the group the > user belongs to. So you have to remove the user:jeremy:rwx to > see the bug. > > Peter > > > It's possible this is a Solaris specific issue. Can you reproduce > > the problem with 3.0.14a on a Linux box ? > > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] still ACL bug in 3.0.14a
Sparc Solaris / UFS file system. I have some ACL's set up for a handful of users and its all worked flawlessly with every incarnation of Samba I've used over the past couple years, which would be most. Last Friday evening I upgraded from 3.0.11 to 3.0.13 and some of the users I have some ACL's set up for promptly found Monday that they couldn't save new Excel files, they'd be informed the file already exists be prompted to overwrite and then be informed the folder is marked read only. They end up with two 0 byte files, one with the name they where trying to save the Excel file as and another of the form fsaxx.tmp. So Tuesday afternoon I reverted the less crucial Samba servers back to 3.0.11 and came in at 6:30AM Wednesday to revert the other servers back to 3.0.11. Everything is gravy with 3.0.11 as it always been. I noticed 3.0.14 and 3.0.15pre had been up and back down. But the change logs where there and mentioned items dealing with ACLs so I thought I'd hold off posting to this forum and see if a new Samba would fix it. I downloaded 3.0.14a today, compiled, and tested. Sadly, No! The same problem is there. Just before I began posting this very message I came across the thread "ACL and delete files" and it turns out what the numerous messages in that thread are describing is exactly what I'm seeing to. I had thought it was more of an Excel thing but as I've tested it today in conjunction with 3.0.14a it turns it is a general thing, exactly as that thread describes - a file can be created or modified, but not deleted or renamed. Actually, I have determined one additional interesting item not in that other thread -- Windows XP SP1 works fine with a directory using ACLs with 3.0.13 and 3.0.14a IF AND ONLY IF you do not have Microsoft patch KB885835 installed. XP with SP2 is always screwed. I've only tested with one Win 2K system and it exhibits the same problem with the new Sambas as well. The problem is totally reproducible across different boxes here and even using the most very basic of a smb.conf. User schaefer should be able to connect to his home share, go into his tmp/crap/ folder and create, modify, and delete files as he pleases. In any Samba 3.0.11 or prior he can. Haven't tried 3.0.12. 3.0.13 and 3.0.14a he can't... [EMAIL PROTECTED]:/accounts/staff/schaefer/tmp bash# ls -ld crap d-+ 2 root root 512 Apr 15 11:15 crap/ [EMAIL PROTECTED]:/accounts/staff/schaefer/tmp bash# getfacl crap # file: crap # owner: root # group: root user::--- group::--- #effective:--- group:203:rwx #effective:rwx group:cfusion:rwx #effective:rwx mask:rwx other:--- [EMAIL PROTECTED]:/accounts/staff/schaefer/tmp bash# id schaefer uid=241(schaefer) gid=60003(cfusion) [EMAIL PROTECTED]:/accounts/staff/schaefer/tmp bash# cat /usr/local/samba/lib/smb.conf # Samba config file created using SWAT # from TOMCAT.umsl.edu (134.124.15.21) # Date: 2001/08/31 11:24:37 # Global parameters [global] hosts allow = 134.124. 128.206. workgroup = UMSL netbios name = HUCKFINN interfaces = 134.124.15.26 127.0.0.1 bind interfaces only = Yes security = SHARE encrypt passwords = Yes nt acl support = No name resolve order = lmhosts wins bcast host os level = 19 preferred master = no wins server = 134.124.45.45 username map = /usr/local/samba/lib/usernamemap unix extensions = no # unix charset = ISO8859-1 smb ports = 139 [Homes] comment = Home Directories username = %S valid users = %S writeable = Yes map archive = No browseable = No create mask = 664 directory mask = 775 force create mode = 664 force directory mode = 775 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: How to get samba 3.X to authenticate using NIS on Solaris
Adding the following line to your smb.conf file ought to do the trick.. encrypt passwords = no I believe that was the default in 2.x whereas in 3.x encrypt passwords = yes is the default. On Tue, 12 Apr 2005 15:44:12 -0400 "Faleti, Ade" <[EMAIL PROTECTED]> wrote: > > I am in the process of upgrading samba to version 3.X but cannot get any > of the > 3.x versions to authenticate users on Solaris using NIS (It does not use > the /etc/passwd file either) > but will use the smbpasswd file? > > How can I get samba 3.X to authenticate using NIS the way 2.X does? > > > Ade Faleti > > > > > > The contents of this e-mail and any attachments are intended solely for the > use of the named addressee(s) and may contain confidential and/or privileged > information. Any unauthorized use, copying, disclosure, or distribution of > the contents of this e-mail is strictly prohibited by T. Rowe Price and may > be unlawful. If you are not the intended recipient, please notify the sender > immediately and delete this e-mail. > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: how to automatically create user homedir
This may or may not apply to your case as I'm not doing ldap authentication, however the "add user script" directive in smb.conf has served me very well for the past couple of years. Tom Schaefer On Tue, 5 Apr 2005 12:12:58 +0100 Luís Miguel Silva <[EMAIL PROTECTED]> wrote: > Hello all, > > Im using samba 3.0.11 and openldap. > I need a way to auto create my users home when they connect to their HOME > share. > > How can i do that?! > > PS: i tried the preexec directive but it didnt work! :o| > > Thanks! > + > | Luís Miguel Ferreira da Silva > | Network Administrator @ISPGaya > | Instituto Superior Politécnico Gaya > | Rua António Rodrigues da Rocha, 291/341 > | Sto. Ovídio _ 4400-025 V. N. de Gaia > | Tel: +351 223745730/3/5 > | GSM: +351 912671471 +351 936371253 > + > > > > Este email foi enviado via o webmail do ISPGaya > Instituto Superior Politécnico Gaya > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Windows XP & greyed-out Guest user password prompt
Look at the username directive in the smb.conf man page. I believe it could solve things for you. In the section for a particular share just specify "username = validuser1, validuser2" etc. and then samba will attempt to validate whatever password the XP system with the greyed out username field supplies against all the usernames specified in the username directive for the share. Username = %S is very useful for homes shares. Check it out, I really think it could do the trick for you. Tom Schaefer On Wed, 30 Mar 2005 17:33:45 -0800 Jules Agee <[EMAIL PROTECTED]> wrote: > Tom Schaefer wrote: > > It is because you are using > > > > security = share > > > > which is emulating the old Win9x way of sharing where the username is > > irrelevant, which is why XP just sets it to guest and greys it out, and> > all that matters is knowing the password to the particular share. > > > > Share a folder from Win9x using the type of sharing where you set a > > password to access a folder and then access it from XP. You'll see the> > same thing - greyed out guest. > > > > Tom Schaefer > > I'm sure you're right. But I'm stuck using security=share, and Windows > 2000 clients behave just fine with the exact same server and the same > shares, prompting the user for a username *and* password if using the > local system authentication data fails. > > Right now, the only idea I have is to force people to use the same > username and password on their local config as in our ldap database, and > train them to keep the info in sync themselves. Setting up a domain > server isn't an option. > > Thanks for your time! > -Jules > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Windows XP & greyed-out Guest user password prompt
It is because you are using security = share which is emulating the old Win9x way of sharing where the username is irrelevant, which is why XP just sets it to guest and greys it out, and all that matters is knowing the password to the particular share. Share a folder from Win9x using the type of sharing where you set a password to access a folder and then access it from XP. You'll see the same thing - greyed out guest. Tom Schaefer On Wed, 30 Mar 2005 10:01:49 -0800 Jules Agee <[EMAIL PROTECTED]> wrote: > Tony Earnshaw wrote: > > Jules Agee: > > > > > >>(replying to self again) > >>Update: > >>The Windows XP (SP2, BTW) client tries three times to log in to the > >>Samba server with the Windows username, which is different from the > >>Samba username. As one would expect, Samba replies to each of the three> >>requests with a "STATUS_WRONG_PASSWORD" message, and in the same packets> >>the Action segment reads 0x0001 "Guest: Logged in as GUEST". If a new XP> >>user is created with the same username and password as the Samba account,> >>the problem goes away. But if either the XP username or the XP password> >>differs from Samba's info, the user is never prompted for the real> >>username or password. > > > > > > I don't understand. One either logs onto the domain (which has a name) or> > onto the local machine (which has a different name). One can't logon to> > both at the same time, the choice is given at logon time. The advantage of> > the domain logon is, that users can move from machine to machine (for> > example in a teachers' common room, as I have) and just carry on with> > their work in a familiar environment. Why would you want to synchronize> > local and domain accounts? > > There is no domain, and no domain server. Due to circumstances out of my > control, we are only using workgroup shares. The samba servers are set > "security = share" in smb.conf. They share authentication data via an > LDAP server, but that information is not accessible to or synchronized > with the local desktop logins at this time. > > I don't want to synchronize them. What I want is for Windows XP to > *prompt* the user for which username they would like to use to access > the share on the Samba server, since the local Windows username will > always fail for the Samba server login. Instead, they are only presented > with a prompt for the Guest password. > > I should have been clearer in my earlier message. Here is the > blow-by-blow for the authentication dialog: > > XP: Negotiate Protocol Request, what are your capabilities? > Samba: Negotiate Protocol Response, I can do this and this and this > XP: I'd like to make an anonymous connection to the $IPC share, please. > Samba: OK, no problem. You're successfully connected as Guest. > XP: How about you let me log in as (local XP uid, local XP pw) instead > of Guest? > Samba: Nope, sorry, STATUS_WRONG_PASSWORD but Action = 0x0001 (you're > still logged in as Guest) > XP: Aww, c'mon, lemme log in as (local XP userid, local XP pw) > Samba: Nope, sorry, STATUS_WRONG_PASSWORD but you're still logged in as > Guest > XP: PLEZE let me log in as (local XP userid, local XP pw) > Samba: Uh-uh. STATUS_WRONG_PASSWORD. You're still logged in as Guest > > The local XP userid doesn't exist in Samba's authentication data source, > and it's not supposed to. When XP is unsuccessful doing the above > negotiation with a Windows 2000 or 2003 server, then it prompts the user > for a different username and password. But when the user does the exact > same thing with a Samba server, it doesn't allow the user to choose a > different username. It just presents a dialog asking for the Guest login > password. > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: bit by 3.0.8 username map affect on homes share, Solution
Thanks to nobody I came up with a solution on my own. All my username map entries now require two mappings, the domain one which is used for authentication and just the username by itself which does the homes share. Like so... fred = MYDOMAIN\fredw fredw On Fri, 19 Nov 2004 15:40:36 -0600 Tom Schaefer <[EMAIL PROTECTED]> wrote: > Samba is a domain member server authenticating to a MS-Windows domain > controller. > > With 3.0.7 and all previous version for the past few years I could map a > Windows to Unix userid in the username map file like so.. > > fred = fredw > > His home directory was then accessible as \\servername\fredw so > \\servername\%username% from a Windows NTx client. > > I make EXTENSIVE use of that functionality. > > I missed the 3.0.8 release where I take it this actually changed but after > spending hours today with the 3.0.9 release today I eventually figure out > that my username map now has to have entries like so.. > > fred = MYDOMAIN\fredw > > fine I can deal with that, but what's killing me is that then a share > named fredw doesn't get automatically created via the [homes] section like > it used to. > > With previous versions of Samba \\servername\fred, > \\servername\homes, and \\servername\fredw where all available. > > With the new Samba only \\servername\fred and \\servername\homes are > created, no fredw. > > A Windows NT client trying to connect to \\servername\%username% is out of > luck since its effectively using \\servername\fredw. I have thousands of > such clients. > > I have about 14,000 users and over 2500 of them require username mappings > in my username map file and they all access their home share as > \\servername\%username%. > > Have mercy on me oh gods of Samba. > > Thankyou, > Tom Schaefer > Unix Admistrator > University of Missouri St. Louis -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] bit by 3.0.8 username map affect on homes share
Samba is a domain member server authenticating to a MS-Windows domain controller. With 3.0.7 and all previous version for the past few years I could map a Windows to Unix userid in the username map file like so.. fred = fredw His home directory was then accessible as \\servername\fredw so \\servername\%username% from a Windows NTx client. I make EXTENSIVE use of that functionality. I missed the 3.0.8 release where I take it this actually changed but after spending hours today with the 3.0.9 release today I eventually figure out that my username map now has to have entries like so.. fred = MYDOMAIN\fredw fine I can deal with that, but what's killing me is that then a share named fredw doesn't get automatically created via the [homes] section like it used to. With previous versions of Samba \\servername\fred, \\servername\homes, and \\servername\fredw where all available. With the new Samba only \\servername\fred and \\servername\homes are created, no fredw. A Windows NT client trying to connect to \\servername\%username% is out of luck since its effectively using \\servername\fredw. I have thousands of such clients. I have about 14,000 users and over 2500 of them require username mappings in my username map file and they all access their home share as \\servername\%username%. Have mercy on me oh gods of Samba. Thankyou, Tom Schaefer Unix Admistrator University of Missouri St. Louis -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 3.x & Solaris 8 lockups
Is anybody experiencing what I have twice now -- Samba 3.x running fine on Sparc/Solaris 8 for a week or more then one day out of the blue it'll just go all haywire? So haywire that in both my instances of this I had to change Samba versions to get the servers back to life. Long boring story short on any useful detail below... Recently I had to go from 2.x to 3.x series since there aren't going to be any more patches released for 2.x. I started in July with 3.0.2a obtained as a package from sunfreeware.com and it worked flawlessly for about a week. Then one day the smbd processes kept freezing and new ones would get spawned for the same already connected user. You had to use a -9 to get them all shut down. I needed to get it back in action quick since it is a production server so I couldn't really spend time troubleshooting. I had recently compiled 3.0.5 myself so I swapped that in, using the exact same smb.conf and what not. Blamed it on never knowing exactly what you're getting from sunfreeware and/or older version of samba. Never had a problem with that server since. A little over a week ago I migrated that server from 3.0.5 and 5 other servers from 2.x to version 3.0.7 which I compiled myself. I installed that same compile on all 6 servers. Everythings been great for the past 10 days or so since the upgrade then today all of a sudden one of the servers is acting like the one other one did back on me in July. Horrible performance from end users perspective, smbds not responding so new ones being launched until the server ran out of swap space, even after rebooting that server same problem today, stopped and started samba a few times, have to use pkill -9 smbd to get rid of them all, that server just refuses to run 3.0.7 today so I had to revert back to the 2.2.8a that I'd upgraded from. I really can't provide any detail since in both cases it was extremely urgent that I just get them working again ASAP and didn't have time to experiment and turn up the log level and what not. Outside of these two instances though its been great on all 6 servers and a couple test ones. Tom Schaefer -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 smbstatus not as good
Andrew, I dug into it a bit and managed to steal the few relevant lines of code from 2.2.8a status.c and replace the ones in 3.0.5 to make my own smbstatus. Now it works perfectly for me displaying any forced users and groups just like it did in Samba 2.x. I still don't really get why you took the uid/gid info out of the shares listing in the first place. You say the information is "not valid" but how do you mean that? Not valid in the sense that I'm seeing effective uids and gids and not the "true" uid/gid of the connected user or not valid as in "screwed up"? Tom Schaefer bash# /usr/local/bin/diff -u status.c.orig status.c --- status.c.orig 2004-07-20 11:28:15.0 -0500 +++ status.c2004-08-02 10:42:59.590002000 -0500 @@ -540,11 +540,10 @@ return 0; } - d_printf("%-10.10s %5d %-12s %s", - crec.name,(int)crec.pid, - crec.machine, - asctime(LocalTime(&crec.start))); - + d_printf("%-10.10s %-8s %-8s %5d %-8s (%s) %s", + crec.name,uidtoname(crec.uid),gidtoname(crec.gid),(int)crec.pid, + crec.machine,crec.addr, + asctime(LocalTime(&crec.start))); return 0; } @@ -654,8 +653,8 @@ if (brief) exit(0); - d_printf("\nService pid machine Connected at\n"); - d_printf("---\n"); + d_printf("\nService uid gid pid machine\n"); + d_printf("--\n"); tdb_traverse(tdb, traverse_fn1, NULL); tdb_close(tdb); On Sat, 31 Jul 2004 22:54:27 +1000 Andrew Bartlett <[EMAIL PROTECTED]> wrote: > On Sat, 2004-07-31 at 01:05, Tom Schaefer wrote: > > I use a lot of "force user" and "force group" directives on various > > shares. With smbstatus of Samba 2 I could always verify with a glance > > what uid and gid a particular service is being accessed as, with Samba 3 > > you can't. I'd REALLY like to see that come back to smbstatus. > > > > Here's a real world example of my complaint... > > > Basically this message is just a plea to the Samba developers to put back > > the uid and gid information. > > The problem is, that information is not valid, except in > 'security=share' and 'force user' cases. In all other cases, the user > that connects to the share is not necessarily connected to the user > actually accessing the share. > > This is why the information was split up the way it has been. > > Andrew Bartlett > > -- > Andrew Bartlett [EMAIL PROTECTED] > Authentication Developer, Samba Teamhttp://samba.org > Student Network Administrator, Hawker College [EMAIL PROTECTED] > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 smbstatus not as good
At 07:54 AM 7/31/04, Andrew Bartlett wrote: The problem is, that information is not valid, except in 'security=share' and 'force user' cases. In all other cases, the user that connects to the share is not necessarily connected to the user actually accessing the share. Thankyou very much for responding Andrew. I guess the rub is that you are assuming what I want to know with smbstatus is the true user/group that initially connected. That is nice to know but to me it is more valuable to know the effective user/group that is connected to the share, essentially as a means of verifying my "force user" and/or "force group" directives worked. Tom Schaefer -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3 smbstatus not as good
I use a lot of "force user" and "force group" directives on various shares. With smbstatus of Samba 2 I could always verify with a glance what uid and gid a particular service is being accessed as, with Samba 3 you can't. I'd REALLY like to see that come back to smbstatus. Here's a real world example of my complaint... Samba 2 smbstatus output... Samba version 2.2.8a Service uid gid pid machine -- htdocs schaefert cfusion 8004 medusa (192.168.0.5) Fri Jul 30 09:21:18 2004 optometryschaefert cfusion2 8004 medusa (192.168.0.5) Fri Jul 30 09:21:22 2004 Samba 3 smbstatus output... Samba version 3.0.2a PID Username Group Machine --- 293 schaefert cfusion medusa (192.168.0.5) Service pid machine Connected at --- htdocs 293 medusa Thu Jul 29 15:31:47 2004 optometry 293 medusa Thu Jul 29 15:30:45 2004 With Samba 3 I am connected to the optometry share with gid cfusion2 but there's no way to know that. Btw, no, smbstatus -v doesn't show it either. Basically this message is just a plea to the Samba developers to put back the uid and gid information. Thankyou, Tom Schaefer -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Automatic Folder Creation
I think what you are looking for is the "root preexec" directive. Its explained in the smb.conf man page. On Wed, 18 Feb 2004 11:13:23 -0800 Norman Zhang <[EMAIL PROTECTED]> wrote: > > I checked useradd only creates home folders but not others. I could > write a bash script > > SHARED=/sharepartition/$1 > md $SHARED > chmod 777 $SHARED > chown $1.$1 $SHARED > > But how can I link this with the uid connecting to Samba? > > Regards, > Norman > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Virtual network using ssh tunneling on Windows 2K/XP.Please help.
Win 2K to a samba server through a secure shell tunnel definately works. There's a binary distribution of OpenSSH compiled for Win32 which is what I use. Hunt with Google a minute or two and you should be able to locate it. Make sure you have any file and printer sharing disabled on the Win2K box otherwise Win2K will already have port 139 tied up. I use this command line on the Win 2K box where myserver.foo.bar is the samba server... ssh -N -L139:myserver.foo.bar:139 -l myusername myserver.foo.bar Login with ssh and then \\127.0.0.1\sharename like you are doing ought to work, or what I do is put an entry in c:\winnt\system32\drivers\etc\lmhosts like... myservername 127.0.0.1 And then you can get to it as \\myservername\sharename Tom Schaefer Information Technology Services University of Missouri Saint Louis On Mon, 9 Feb 2004 09:06:19 - "Paul Gardiner" <[EMAIL PROTECTED]> wrote: > From: "Paul Gardiner" <[EMAIL PROTECTED]> > > From: "Jérôme Fenal" <[EMAIL PROTECTED]> > > > Paul Gardiner wrote: > > > > Hi, > > > > I'm trying to connect to a samba server via an ssh tunnel. I'm running> > > > ssh on my W2K machine. If I try to connect from another machine that> > > > is running an OS called RiscOS and a NetBIOS client called LanMan98> > > > then it works perfectly, but if I try to connect from the another Windows> > > > machine running XP, or from the W2k machine (uisng loopback), I get> > > > > > > > "Windows cannot find \\127.0.0.1\sharename. Check the spelling and try again,> > > > or try searching for the item by clicking the Start button and then clicking> > > > Search." > > > > > > > > I've found claims on the net of this working. So what am I doing wrong> > > > (other than using Windows in the first place :-) )? > > > > > > What are ports that you tunnel with SSH ? > > > Did you forget to tunnel 445 ? > > > > I did, but I've added it now, and I'm still getting the same error message. I> > also tried forwarding 138 and 137, with no effect. > > > > Any other ideas? > > > > > > BTW, to forward 445, I had to stop W2K binding it, but I found info on > > a registry change that did the job. > > I'm still getting nowhere with this. Its strange: I can get LanMan98 (under RiscOS)> and smbmount (under Linux) to mount this share via the ssh tunnel with only port 139> forwared, but I can't find a way to tell Windows XP to just use port 139.> > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Another Samba and Mac OS 10.3 Question
Question - Can the Mac users write to the share if you open a terminal (shell) on the Macintosh and just copy files with the cp command? I don't have a Mac readily available at the moment but if you just go to a shell and type mount it will show you the path to where the Samba share is mounted on the Mac. Then just see if you can copy a file there with the cp command. If so I think you are up against the same problem I've been making noise about since mid summer - the ability to copy files from the shell but not in the Finder. Maybe if we get some more voices speaking up like yourself and consequently some more data points as to what might exactly the problem might be somebody can figure out the fix. Tom Schaefer On Wed, 14 Jan 2004 14:01:52 EST [EMAIL PROTECTED] wrote: > I have a different Samba and Mac OS 10.3 question. I have a small network in > my office with a Linux box acting as a file server, mostly Windows XP clients, > and a couple of Macs. When I create Samba shares on the Linux box, I have no > problem getting my Windows XP users to be able to read and write to the > shares. The login name and password on the XP boxes are the same as the > corresponding Linux AND Samba usernames and passwords -- and all users are in the same > common group called "writers" > > From the Mac, however, it's a different story. Mac users can mount the Samba > shares and gain READ access, but they are UNABLE TO WRITE to the shares. > Again, the Mac usernames and passwords are the SAME as the corresponding Linux and > Samba usernames and passwords. > > Is there something that I have to do on the Mac to allow users to write to > the common shares? > > By the way, I'm using Samba 3.0.0. I'll upgrade to 3.0.1 when there's a > Mandrake rpm. > > Here's my smb.conf file: > > [global] >workgroup = WRITERS >netbios name = WRITERSPACE >server string = WRITERSPACE %v >map to gues = Bad User >log file = /var/log/samba3/log.%m >max log size = 50 >printcap name = cups >dns proxy = No >wins support = Yes >printer admin = @adm >printing = cups > > [homes] >comment = Home Directories >read only = No >browseable = No > > [printers] >Not relevant here > > [print$] >Not relevant here > > [pdf-generator] >Not relevant here > > [InProgress] > comment = Stories > path = /home/raid/InProgress > write list = @staffwriters > read only = No > guest ok = Yes > # Option 1 Use the following line to make all new files editable by all users> # inherit permissions = yes > > # Option 2 Use the following two lines to make all new files editable by all > users > create mask = 0775 > directory mask = 0775 > # Option 3 Use the following 2 lines to get Mac users to be able to write to > directory as well as PC Users > # force user = theboss > # force group = staffwriters > > > I would prefer to use Option 2 or maybe Option 1 but they don't seem to work > with the Mac. Option 3 does give Mac Users read/write access, but there are > reasons why I don't want to use it. > > Any ideas about getting the Macs to cooperate with Option 2 or 1? > > Thanks in advance > > Andy Liebman > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RH 9, Samba 2.2.8 and Mac OS X Clients
Right, I can't drag a file in the finder to a mounted samba 3.0 share, I'll get an "insufficient privileges error". But if open the Terminal I can copy the file onto the samba share no problem with the cp command. You've got me thinking though - the whole unicode, UTF8, character set conversion, codepages, all that bundle of fun, I could see that perhaps being a problem, I'm going to dig into that. Thanks, Tom On Wed, 3 Dec 2003 17:29:58 -0600 "Philip Edelbrock" <[EMAIL PROTECTED]> wrote: > Re: [Samba] RH 9, Samba 2.2.8 and Mac OS X Clients > > What happens w/ 3.0? You get permission errors when trying to copy files? > > I have a couple servers here running Baltra+Samba 3.0. Just as a sanity > check, I logged in using my laptop (10.3.1) to a test server, created a > new directory, copied a directory containing some files (an application > folder), renamed, moved a folder inside another, and deleted it. No > problems. > > Here's a relevent section of my smb.conf: > > ---snip--- > ; UTF-8 encoding to match Baltra > >unix charset = UTF8 >unicode = yes > > dos charset = ASCII > > ; Allows you to save your password on the client (OS-X as well as WinXP) > encrypt passwords = yes > smb passwd file = /usr/local/samba/private/smbpasswd > > ; Hide some irrelevent files > veto files = /Temporary Items/Network Trash > Folder/TheFindByContentFolder/TheVolumeSettingsFolder/ > > ; When deleting, remove those hidden veto files as well. > delete veto files = yes > ---snip--- > > Make sure you aren't blocking the creation/deletion of dot files (as > Will suggested). > > Phil > > Tom Schaefer wrote: > > >Thanks but yes I've tried 3.0, I should have mentioned that in my post. > > > >Thanks though, > >Tom > > > >At 03:16 PM 12/3/03 -0600, you wrote: > > > > > >> > >> It seems to solve a lot of the issues OS-X > >> btw-Samba 3.0 is what is used in OS-X as the SMB > >>server service. > >> Phil > >>http://www.baltra.org Tom Schaefer wrote: > Yes, I experience that > >>exact same issue with Mac OS > >> > >> > >>>10.2.x and like you was waiting for 10.3 which I got to try for the first > >>> As you say > >>>everything works fine if you drop to a shell prompt you can do all the cp > >>>-r, mv, rm whatever you want but in the GUI you get insufficient > >>> In fact I know > >>> From a post I > >>>found elsewhare I gather 10.2 is fine but then it all got mucked up with > >>>the subsequent releases 10.2.x and now 10.3. > >>> > >>> Now in my case > >>>its not Redhat, its Sparc/Solaris and the weird weird thing about it is > >>>that its only a problem if I'm running a Samba compiled for Sparc as a > >>> A 32bit compile of Samba keeps the Macintoshes happy but thats > >>>really not an option for me due to a bug in Solaris where if you are > >>>running a 32bit samba you are limited to 255 users which is not nearly > >>>enough in my case. > >>> > >>> But since then I've > >>>gathered up a bunch of postings, mostly from www.apple.com/support (most > >>>of which have expired off that server but I still have copies) of people > >>>describing these exact same symptoms on Redhat, Suse, Gentoo, Mandrake, > >>>and FreeBSD, and possibly IRIX (the guy wasn't specific enough to say for > >>> And now that I think about someone I work with was in touch with > >>>another site running Solaris like us and having the same problem. > >>> > >>> I don't know if its an Apple problem or something in > >>> All I know is its been broke quite a while - at least for a > >>> I tried Samba on Redhat back > >>>in July to see if I could replicate the problem I was having with Mac OS > >>> In my experiment Redhat worked fine, go > >>>figure, thats why I thought it was a Sun problem until I've seen all the > >>>subsequent posts like the one from yourself. > >>> > >>>If you figure out anything about it whatsoever please drop me a note as > >>>this is about to become a HUGE headache for me as the university I work > >>>for just bought a classroom full of these OS 10 boxes and expect the > >>>students to be able to mount their disk space just like how they get a > >>> So I'm scrambling > >>&
Re: [Samba] RH 9, Samba 2.2.8 and Mac OS X Clients
My feeling is that yes it has something to do with the resource fork files since you are right, thats what is different when copying files through the Finder vs. the terminal. But I've already barked up that tree as you put it. There was a guy in the newsgroups who was intentionally vetoing the dot files just because he didn't like all the clutter and he was having problems pretty much exactly as what I'm seeing. He figured out he needed to quit vetoing those files and that fixed it for him. Problem is, I'm not vetoing anything. Dot files are "hidden" by default, I don't know why it would matter but I'm going to try a "hide dot files = no" today. Thanks, Tom Schaefer On Wed, 3 Dec 2003 16:25:33 -0500 "William Enestvedt" <[EMAIL PROTECTED]> wrote: > Is this related to handling of files with resource forks? >Manipulating files in Terminal, IIRC, ignores the resource fork -- but Finder > actions (like dragging a folder to upload it) include those resources. >You might try barking up this tree. :7) (Sorry I can't make any concrete > suggestions.) > -wde > -- > Will Enestvedt > UNIX System Administrator > Johnson & Wales University -- Providence, RI > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] mapping home directories using samba/ADS when users accts don't match
Its pretty simple really, just check out the "username map" parameter. Tom Schaefer UNIX Administrator University of Missouri Saint Louis On Wed, 03 Dec 2003 17:35:08 -0500 Lisa Smith <[EMAIL PROTECTED]> wrote: > Am currently migrating from a samba/nis authentication scheme to > authentication thru Active Directory. I currently have everything set > up and "ready to go" with one minor caveat. > > new users are set up correctly, with authentication through AD and have > a unix drive mapped to their W2k work stations. > > however, pre-existing student accounts are not synchronized. There is > no way to tell at this point whether jsmith1 on the samba box matches > jsmith on the AD. > > Shortly, I will have the data I need from the registrar to match our > user list against theirs, but I'm not sure how to get samba to "read" > this information. Where can I go about in (samba?) setting up a > configuration that will read a mapping of samba/unix uid to the windows > AD/uid. > > Does this make *any* sense? > > All I want at this point is to RTFM, so if someone can point me to a FAQ > about incorporating prior users into a new AD/Samba authentication/drive > mapping scheme, that would be great. > > thank you, > Lisa > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RH 9, Samba 2.2.8 and Mac OS X Clients
Welcome to the club. Yes, I experience that exact same issue with Mac OS 10.2.x and like you was waiting for 10.3 which I got to try for the first time today. Like you it didn't fix anything. Its crazy. As you say everything works fine if you drop to a shell prompt you can do all the cp -r, mv, rm whatever you want but in the GUI you get insufficient privileges errors. Yes, to Windows 2K systems its fine. In fact I know first hand Mac OS 10 - 10.1.x to my Samba server are fine. From a post I found elsewhare I gather 10.2 is fine but then it all got mucked up with the subsequent releases 10.2.x and now 10.3. I originally posted about this problem back in early July. Now in my case its not Redhat, its Sparc/Solaris and the weird weird thing about it is that its only a problem if I'm running a Samba compiled for Sparc as a 64bit app. A 32bit compile of Samba keeps the Macintoshes happy but thats really not an option for me due to a bug in Solaris where if you are running a 32bit samba you are limited to 255 users which is not nearly enough in my case. Back in July I thought it was probably a Sun problem. But since then I've gathered up a bunch of postings, mostly from www.apple.com/support (most of which have expired off that server but I still have copies) of people describing these exact same symptoms on Redhat, Suse, Gentoo, Mandrake, and FreeBSD, and possibly IRIX (the guy wasn't specific enough to say for sure). And now that I think about someone I work with was in touch with another site running Solaris like us and having the same problem. Something is up. I don't know if its an Apple problem or something in Samba. All I know is its been broke quite a while - at least for a scattering of cursed souls like you and me. I tried Samba on Redhat back in July to see if I could replicate the problem I was having with Mac OS 10.2.x clients to Solaris. In my experiment Redhat worked fine, go figure, thats why I thought it was a Sun problem until I've seen all the subsequent posts like the one from yourself. If you figure out anything about it whatsoever please drop me a note as this is about to become a HUGE headache for me as the university I work for just bought a classroom full of these OS 10 boxes and expect the students to be able to mount their disk space just like how they get a mapped drive letter served out from Samba to the PCs. So I'm scrambling for a solution. Tom Schaefer UNIX Administrator University of Missouri Saint Louis On Thu, 06 Nov 2003 17:15:42 + Jinn Koriech <[EMAIL PROTECTED]> wrote: > Been having very similar problems on RedHad-7.3 with Samba 2.2.7-3.7.3. > Currently users can create folders, but they can't copy files. An entry > is created for the file on the server, but no data ever gets transfered. > > I've found that if you manipulate the files from the Terminal there is > no problem. That is, cp, mv, touch all work fine in the terminal. > > I conclude that it is the Aqua interface. I found that while native > Aqua apps can't get a handle on the shares, an app such as jEdit on OSX > _does_ work without a glitch. > > I waited for OSX 10.3 (panther) to come out in the hope that the problem > would be resolved, but no luck! Still broken! > > On the other hand, it appears that shares from a Windoze 2000 Server > work fine, so I'm not sure what to make of it - is it a Samba issue or > an Apple problem? > > Does anyone else experience anything like this? > > Jinn > > > > > > On Tue, 21 Oct 2003 09:00:20 +0200, Götz Reinicke wrote: > > Hi, > > > > we run a RH9 samba 2.2.8 ext3 Server and have some problems with MacOS X > > Clients: They aren't allowed to write directories containing files to > > any of our shares. > > > > I connect to the sambaserver with smb://servername/sharename and a samba > > user. This user is allowed to create new folders and he can copy files > > into this folder. > > > > But if he tries to copy the local folder containing files to the share > > or into a newly created folder on this share, ther is an errormessage > > saying, that the user has not the necessary access rights :-( > > > > An other RH9 Server with samba 2.2.8 did'nt have this problem > > > > I controlled the writelist option, the directory permissions. > > > > Any ideas?? > > > > Thanks > > > > Götz Reinicke > > > > -- > > Götz Reinicke > > IT Koordinator - IT OfficeNet > > > > Tel. +49 (0) 7141 - 969 420 > > Fax +49 (0) 7141 - 969 55 420 > > [EMAIL PROTECTED] > > > > Filmakademie Baden-Württemberg > > Mathildenstr. 20 > > 71638 Ludwigsburg > > www.filmakademie.de > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RH 9, Samba 2.2.8 and Mac OS X Clients
Welcome to the club. Yes, I experience that exact same issue with Mac OS 10.2.x and like you was waiting for 10.3 which I got to try for the first time today. Like you it didn't fix anything. Its crazy. As you say everything works fine if you drop to a shell prompt you can do all the cp -r, mv, rm whatever you want but in the GUI you get insufficient privileges errors. Yes, to Windows 2K systems its fine. In fact I know first hand Mac OS 10 - 10.1.x to my Samba server are fine. From a post I found elsewhare I gather 10.2 is fine but then it all got mucked up with the subsequent releases 10.2.x and now 10.3. I originally posted about this problem back in early July. Now in my case its not Redhat, its Sparc/Solaris and the weird weird thing about it is that its only a problem if I'm running a Samba compiled for Sparc as a 64bit app. A 32bit compile of Samba keeps the Macintoshes happy but thats really not an option for me due to a bug in Solaris where if you are running a 32bit samba you are limited to 255 users which is not nearly enough in my case. Back in July I thought it was probably a Sun problem. But since then I've gathered up a bunch of postings, mostly from www.apple.com/support (most of which have expired off that server but I still have copies) of people describing these exact same symptoms on Redhat, Suse, Gentoo, Mandrake, and FreeBSD, and possibly IRIX (the guy wasn't specific enough to say for sure). And now that I think about someone I work with was in touch with another site running Solaris like us and having the same problem. Something is up. I don't know if its an Apple problem or something in Samba. All I know is its been broke quite a while - at least for a scattering of cursed souls like you and me. I tried Samba on Redhat back in July to see if I could replicate the problem I was having with Mac OS 10.2.x clients to Solaris. In my experiment Redhat worked fine, go figure, thats why I thought it was a Sun problem until I've seen all the subsequent posts like the one from yourself. If you figure out anything about it whatsoever please drop me a note as this is about to become a HUGE headache for me as the university I work for just bought a classroom full of these OS 10 boxes and expect the students to be able to mount their disk space just like how they get a mapped drive letter served out from Samba to the PCs. So I'm scrambling for a solution. Tom Schaefer UNIX Administrator University of Missouri Saint Louis On Thu, 06 Nov 2003 17:15:42 + Jinn Koriech <[EMAIL PROTECTED]> wrote: > Been having very similar problems on RedHad-7.3 with Samba 2.2.7-3.7.3. > Currently users can create folders, but they can't copy files. An entry > is created for the file on the server, but no data ever gets transfered. > > I've found that if you manipulate the files from the Terminal there is > no problem. That is, cp, mv, touch all work fine in the terminal. > > I conclude that it is the Aqua interface. I found that while native > Aqua apps can't get a handle on the shares, an app such as jEdit on OSX > _does_ work without a glitch. > > I waited for OSX 10.3 (panther) to come out in the hope that the problem > would be resolved, but no luck! Still broken! > > On the other hand, it appears that shares from a Windoze 2000 Server > work fine, so I'm not sure what to make of it - is it a Samba issue or > an Apple problem? > > Does anyone else experience anything like this? > > Jinn > > > > > > On Tue, 21 Oct 2003 09:00:20 +0200, Götz Reinicke wrote: > > Hi, > > > > we run a RH9 samba 2.2.8 ext3 Server and have some problems with MacOS X > > Clients: They aren't allowed to write directories containing files to > > any of our shares. > > > > I connect to the sambaserver with smb://servername/sharename and a samba > > user. This user is allowed to create new folders and he can copy files > > into this folder. > > > > But if he tries to copy the local folder containing files to the share > > or into a newly created folder on this share, ther is an errormessage > > saying, that the user has not the necessary access rights :-( > > > > An other RH9 Server with samba 2.2.8 did'nt have this problem > > > > I controlled the writelist option, the directory permissions. > > > > Any ideas?? > > > > Thanks > > > > Götz Reinicke > > > > -- > > Götz Reinicke > > IT Koordinator - IT OfficeNet > > > > Tel. +49 (0) 7141 - 969 420 > > Fax +49 (0) 7141 - 969 55 420 > > [EMAIL PROTECTED] > > > > Filmakademie Baden-Württemberg > > Mathildenstr. 20 > > 71638 Ludwigsburg > > www.filmakademie.de > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] per user smb.conf
No offense, I mean I like the creativity of what you are doing, but on the other hand this strikes me as an incredibly stupid security risk. Has it occured to you that a user could stick something like the following in her .smb.conf file?... [owned] path = / valid users = %U force user = root writeable = yes Tom Schaefer UNIX Administrator University of Missouri Saint Louis On Sun, 28 Sep 2003 18:34:20 +0200 LeVA <[EMAIL PROTECTED]> wrote: > LeVA wrote: > > Tom Dickson wrote: > > > >> -BEGIN PGP SIGNED MESSAGE- > >> Hash: SHA1 > >> > >> No. Samba will check (and reload if necessary) your smb.conf once a > >> minute, I think. > > > > > > Hi! > > > > Thanks! This is realy works and it's great! But :) do you know a > > solution that is done automagicaly. You know now the root has to add > > this include line for each user. And there are realy a lot of users, and > > and it's a lot work (adding an include line per a user). Is there a way > > to setup this "user maintained" sharing with a single line. I mean for > > example: > > > > include = /home/$alluser/.smb.conf (or something like that) > > > > Thanks! > > > > Daniel > > Sorry! I have already found the answer for this question. I have to add > the above include line with uppercased U. Like /home/%U/.smb.conf, > instead /home/%u/.smb.conf. > > Anyway thanks for helping me to solve this problem! > > Daniel > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] per user smb.conf
No offense, I mean I like the creativity of what you are doing, but on the other hand this strikes me as an incredibly stupid security risk. Has it occured to you that a user could stick something like the following in her .smb.conf file?... [owned] path = / valid users = %U force user = root writeable = yes Tom Schaefer UNIX Administrator University of Missouri Saint Louis On Sun, 28 Sep 2003 18:34:20 +0200 LeVA <[EMAIL PROTECTED]> wrote: > LeVA wrote: > > Tom Dickson wrote: > > > >> -BEGIN PGP SIGNED MESSAGE- > >> Hash: SHA1 > >> > >> No. Samba will check (and reload if necessary) your smb.conf once a > >> minute, I think. > > > > > > Hi! > > > > Thanks! This is realy works and it's great! But :) do you know a > > solution that is done automagicaly. You know now the root has to add > > this include line for each user. And there are realy a lot of users, and > > and it's a lot work (adding an include line per a user). Is there a way > > to setup this "user maintained" sharing with a single line. I mean for > > example: > > > > include = /home/$alluser/.smb.conf (or something like that) > > > > Thanks! > > > > Daniel > > Sorry! I have already found the answer for this question. I have to add > the above include line with uppercased U. Like /home/%U/.smb.conf, > instead /home/%u/.smb.conf. > > Anyway thanks for helping me to solve this problem! > > Daniel > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Question on "read only" behavior in smb.conf
It should behave as you expect, a read only share is a read only share period no matter what the UNIX permissions are. At least thats been my experience with it and what the man page seems to suggest. I am very surprised at what you are seeing. Tom Schaefer UNIX Administrator University of Missouri Saint Louis On Fri, 26 Sep 2003 17:59:13 -0400 "Sullivan, James (NIH/CIT)" <[EMAIL PROTECTED]> wrote: > Hi All, > > I've built Samba v2.2.8a on a RedHat 7.2 system and it seems to work ok. > However > I cannot understand the "read only" parameter in the following situation: > > smb.conf file: > --- > [global] >security=user >encrypt passwords=yes > [foo] >path=/tmp/foo >read only=yes > > The owner&mode of /tmp/foo is: > -- > % ls -ld /tmp/foo > drwx-r-xr-x 3 joe joe 1024 Sep 23 13:52 /tmp/foo > > I've setup a smbpasswd file containing users "joe" and "sue", both with > passwords. > I can connect to \\mymachine\foo as "joe" or "sue" ok from my Windows 2000 > PC. > I connect it to drive K: and can see all the files in /tmp/foo. > > However: > -when connected via samba as "joe" I can successfully paste files into > /tmp/foo. (not expected) > -when connected via samba as "sue" I cannot paste files into /tmp/foo. > (expected) > > It appears the UNIX file permissions are overriding the Samba configuration. > I thought Samba worked the other way around but without allowing more rights > than the UNIX permissions provide. > In other words, why does "joe" have write access to a samba service defined > as "read only" in the samba configuration? > > I also checked the "Properties/Security" of the share from my Windows 2000 > PC and it says: > Allow Joe Full Control > Allow EveryoneRead & Execute > > If this is how it is supposed to work then life gets difficult in the > following circumstance: > If I have a directory I want to make mountable from Samba as read only, > I need to be careful and check all directory and file permissions to ensure > no one connecting > via Samba will have a UNIX write permission that overrides the Samba setting > of "read only". > > Is this correct behavior for Samba? Is there a way to make a service truely > read only no matter > who is connected and who ownes the files? I also discovered that if sue's > group matches the group > ownership of /tmp/foo, then sue has write access IF /tmp/foo is group > writeable. > > Thanks in advance. Samba set up quickly and seems to work great, except for > this > little bit of strangeness. > > -Jim > > > James E. Sullivan | Northrop Grumman IT > Building 12B| on site at: NIH/CIT/DCSS/SOSB > Room 2N207 | Phone:301-451-6372 > Bethesda, MD 20892 | Email:[EMAIL PROTECTED] >- > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] valid users = %S in 3.0
> Regardless, local access and MS share access are really two different things > and it is perfectly acceptable to want to allow one and not the other. > Otherwise we could just dispense with the valid users tag altogether. Here here. I've been trying out 3.0.0 a bit yesterday and today and figured out I was having trouble because of what I've always done in the past on the Homes share - valid users = %S denies access altogether for even the correct and authenticated user. I understand that permissions can be set appropriately on a users home directory 700 or what not, but I think Chris's comment above hits the nail right on the head. Can we please have the valid users = %S functionality back? Thankyou, Tom Schaefer Unix Administrator University of Missouri Saint Louis > Regardless, local access and MS share access are really two different things > and it is perfectly acceptable to want to allow one and not the other. > Otherwise we could just dispense with the valid users tag altogether. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba.org Solaris binary is incompatible with Mac OS10.2.x as client
Update - I've since compiled Samba 2.2.8a 64bit with gcc and experienced the exact same problems connecting with Macintosh OS 10.2.x as when compiled 64bit with Sun's compiler. 32bit gcc compiled Samba seems to work fine I think. I say I think because I've experienced a wee bit of oddness with it here and there - spinning pizza of death, giving the error about file "" is in use trying to delete something, one instance where it kept insisting there wasn't space on the share to put a file. From what I gather though, these types of occasional oddities can kind of be expected with a Macintosh using smb mounts but I don't know. In summary, 32 bit compile of Samba on Solaris and Mac OS 10.2.x clients - maybe a bit flaky but generally seems to work as expected; Samba compiled 64bit (gcc or Sun's cc both) and Mac OS 10.2.x clients consistently fail file copies using the Finder 100% of the time. If anybody else could post any success or failure reports with samba and Macintosh OS 10.2.x clients particularly if the server OS is Solaris it might be very useful. Tom Schaefer On Tue, 8 Jul 2003 11:01:30 -0500 Tom Schaefer <[EMAIL PROTECTED]> wrote: > More precisely what I've discovered is, at least in the cases of 2.2.8a > and 3.0alpha22, when a 64-bit Samba is built with Sun's Forte compiler > you'll end up with something incompatible with Mac OS 10.2.3. > > I always compile Samba myself with Sun's compiler to produce a 64-bit > Samba. Well yesterday it came to my attention that Mac OS 10.2.x doesn't > work with whats on my main server - Samba 2.2.8a compiled 64-bit with > Sun's Forte compiler. > > I'll spare you all the details of a day wasted in experimentation. My > finding is that samba binaries built 64 bit with Sun's Forte compiler, wether I've > compiled it myself or downloaded it > (http://us4.samba.org/samba/ftp/Binary_Packages/solaris/Sparc/samba-2.2.8 > a-1-sol8-suncc-64bit.pkg.gz), are incompatible with Mac OS 10.2.x as a client. > > I believe this can be easily replicated by any one with the means to do so. I > replicated it against 4 unique Sparc platforms running Samba with two different > Macintoshes as clients, one with OS 10.2.4 the other with OS 10.2.6. Any smb.conf > settings seem to have no bearing. Authentication type (domain, share), oplocks, etc. > it doesn't matter. In fact you can take a gcc compiled samba and put it on the same > Sparc box with the exact same smb.conf and the Macintoshes will then function > properly as clients. (But I don't run a gcc compiled Samba any longer since I > learned the hard way that doing so can reveal a bug in Sun's stdio library) > > The problems are these: mount a Samba share of a Sparc box thats running 64 bit Sun > compiler compiled Samba - In the Finder click Go, then Connect to Server, then > address of smb://servername/sharename. Fill in your id and password and it will > mount and open up as a window. Now, still using the Finder, just try to copy > something into the share - for example drag a file from your Desktop into the window > of the Samba share. If the disk space is UFS (the standard Sun file system) You'll > get this: "The operation cannot be completed because you do not have sufficient > privileges for some of the items." Click OK and the file will in fact copy anyway. > > If the disk space on the server is an NFS mount thats in turn being shared by Samba > you'll get this when you try to copy a file onto the Samba share from the Mac: "The > operation cannot be completed because some data cannot be read or written. (Error > code -36)." Click OK and the file will in fact copy anyway. > > Another weird problem I'm seeing is that often but not always when you try to delete > a file from the samba share, for example the file you just copied there by dragging > it to the trash, often you will get an error - "The operation cannot be completed > because the item "" is in use. > > Hopefully some of you all will replicate it (I really don't think anyone who tries > will have any trouble at all replicating it) and/or more importantly somebody can > come up with a fix or a workaround. > > Thankyou in advance, > > Tom Schaefer > Unix Admin. > University of Missouri Saint Louis > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba.org Solaris binary is incompatible with Mac OS 10.2.xas client
More precisely what I've discovered is, at least in the cases of 2.2.8a and 3.0alpha22, when a 64-bit Samba is built with Sun's Forte compiler you'll end up with something incompatible with Mac OS 10.2.3. I always compile Samba myself with Sun's compiler to produce a 64-bit Samba. Well yesterday it came to my attention that Mac OS 10.2.x doesn't work with whats on my main server - Samba 2.2.8a compiled 64-bit with Sun's Forte compiler. I'll spare you all the details of a day wasted in experimentation. My finding is that samba binaries built 64 bit with Sun's Forte compiler, wether I've compiled it myself or downloaded it (http://us4.samba.org/samba/ftp/Binary_Packages/solaris/Sparc/samba-2.2.8 a-1-sol8-suncc-64bit.pkg.gz), are incompatible with Mac OS 10.2.x as a client. I believe this can be easily replicated by any one with the means to do so. I replicated it against 4 unique Sparc platforms running Samba with two different Macintoshes as clients, one with OS 10.2.4 the other with OS 10.2.6. Any smb.conf settings seem to have no bearing. Authentication type (domain, share), oplocks, etc. it doesn't matter. In fact you can take a gcc compiled samba and put it on the same Sparc box with the exact same smb.conf and the Macintoshes will then function properly as clients. (But I don't run a gcc compiled Samba any longer since I learned the hard way that doing so can reveal a bug in Sun's stdio library) The problems are these: mount a Samba share of a Sparc box thats running 64 bit Sun compiler compiled Samba - In the Finder click Go, then Connect to Server, then address of smb://servername/sharename. Fill in your id and password and it will mount and open up as a window. Now, still using the Finder, just try to copy something into the share - for example drag a file from your Desktop into the window of the Samba share. If the disk space is UFS (the standard Sun file system) You'll get this: "The operation cannot be completed because you do not have sufficient privileges for some of the items." Click OK and the file will in fact copy anyway. If the disk space on the server is an NFS mount thats in turn being shared by Samba you'll get this when you try to copy a file onto the Samba share from the Mac: "The operation cannot be completed because some data cannot be read or written. (Error code -36)." Click OK and the file will in fact copy anyway. Another weird problem I'm seeing is that often but not always when you try to delete a file from the samba share, for example the file you just copied there by dragging it to the trash, often you will get an error - "The operation cannot be completed because the item "" is in use. Hopefully some of you all will replicate it (I really don't think anyone who tries will have any trouble at all replicating it) and/or more importantly somebody can come up with a fix or a workaround. Thankyou in advance, Tom Schaefer Unix Admin. University of Missouri Saint Louis -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: SAMBA 2.2.8 and W98/NT
Maybe the share name is to long? Having spaces in the share name probably isn't a good idea either. It looks like you're client is trying to connect to a service "serveur ftp a" (unless maybe the lines you posted below got truncated on the right side somehow). The service is called "serveur ftp anonyme" not "serveur ftp a" so of course its going to fail. Maybe you've got a syntax error in the batch file or script or whatever you're running on pcvideo to get it to connect to the services on your samba server? Tom Schaefer On Thu, 22 May 2003 11:15:15 +0200 Jean Frontin <[EMAIL PROTECTED]> wrote: > Hi, > > With WXP it's fine but with W98 or NT I don't see services. > Here is an extract of the "log.machine" > > [2003/05/22 10:51:13, 1] smbd/service.c:make_connection(636) >pcvideo (141.115.16.24) connect to service rieux as user rieux (uid=902, > gid=900) (pid 956) > [2003/05/22 10:51:29, 0] smbd/service.c:make_connection(252) >pcvideo (141.115.16.24) couldn't find service serveur ftp a > [2003/05/22 10:51:29, 0] smbd/service.c:make_connection(252) >pcvideo (141.115.16.24) couldn't find service serveur ftp a > > and "smb.conf" > [serveur ftp anonyme] > comment = FTP service > path = /usr/local/ftp > public = yes > writable= no > printable = no > create mode = 0775 > write list = @systeme > > Regard and thanks > > Jean Frontin > System team > I R I T > Université Paul-Sabatier > 118, rte de Narbonne > 31062 Toulouse cedex 04 > France > tel (33)(0)5 61 55 63 03 > mail [EMAIL PROTECTED] > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 2.2.1a / 2.2.2 bug is back in 2.2.8
Hello, Back when 2.2.2 was the current samba release I came across the following problem when deleting folders in Windows 2000 which I'll repost again below. After I finally got his attention with a few very wordy messages to the samba mailing list, Jeremy fixed it blazingly fast and wrote me back: "I just found the problem and fixed it in 2.2 CVS and HEAD CVS. It was to do with the requested share mode not being propagated into an open directory file struct, and thus the set of the "delete on close" buit was being denied by an internal check." Well the problem is back in 2.2.8. I downgraded back to 2.2.7 on a test system to see if maybe it had been present in 2.2.7 and I just hadn't noticed. Nope, 2.2.7 is fine, its just back in 2.2.8, I have several sambas running on several servers. Here's the portion of my original posting from Nov. of 2001 explaining how to duplicate the problem. Its the same story again with samba 2.2.8, well actually just slightly different in the error response from Windows, I'll explain at the end of problem recreation description. The procedure below is with Windows 2000, Windows 98 didn't have the problem back with samba 2.2.1a/2.2.2 and it doesn't seem to now either. I don't know about any other Windows versions: Using Windows Explorer, Explore a drive mapped to Samba share or just explore the share itself, it doesn't really need to be mapped. The key is to be exploring it it in Windows Explorer. Ok, so you're in Windows Explorer exploring a Samba share or drive mapped to a Samba share. The problem is in deleting a folder. If there isn't a folder you can delete, make one. On the left pane of Windows Explorer you've got all the little yellow folders and plus signs next to them so you can expand them, and then the contents of the current folder are displayed in the right pane. IN THE LEFT PANE, left click once on the folder you want to delete. Its name will be highlighted and THE LITTLE YELLOW FOLDER ICON JUST TO THE LEFT OF ITS NAME WILL BE OPEN and the contents of the folder are displayed in the right pane. Press the delete key on the keyboard or pointing at the folder name in the left pane press the right mouse button and select delete from the drop down menu. Everything (if anything) in the folder will be deleted but not the folder itself. You'll get "Error Deleting File or Folder, Cannot remove folder : Access is denied, the souce file may be in use." Click OK so the error goes away, then try deleting the folder a second time and it will then delete. The paragraph immediately above this one was the error you'd get in 2.2.1a and 2.2.2. Now, with 2.2.8 the error behaviour is a bit different: The folder will in fact be deleted on the first attempt but you'll get this error message as it completes the deletion: "Cannot remove folder whatever: cannot find the specified file, make sure you specify the correct path and filenames". You click ok and the error goes away and it gets really weird right here right now: If the folder you tried to delete had no subfolders then you click OK on the error and the folder dissapears from Windows Explorer, it should, it has in fact been deleted. If the folder had subfolders, you click ok and the error message disappears but the folder name does not disappear from Windows Explorer, even though it actually has been deleted, and no amount of clicking View/Refresh will make it disappear. Tom Schaefer -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: 100GB incremental backups
> This seems really inefficient from a network usage standpoint. Why are you > having workstations scan your network drives? I could see having one do it, > if you have no server-side antivirus software, but having all of them do it > seems a bit excessive. Thats what the PC people do. Every PC has NAV installed and a periodically scheduled full scan is a NAV default. Maybe it will come to getting the PC people to configure NAV on PCs not to scan network drives for viruses but advancing the position that we should NOT be scanning for viruses is going to be a difficult one to take politically. Really I don't think its so bad if they do scan their own network drives for viruses because I have been mounting up the entire shared space of the samba server as a single huge read only network drive myself my Win2000 system and scanning all 400GB of files. It takes literally 5 entire days if you do a full scan checking all files and inside compressed files. Fortunately though, also what I have discovered is that when the samba share is read only then scanning files for viruses does not reset their ctime. But anyway, if a user gets a virus in a samba share they have access to, it might take me a week or more to discover it, so if they are doing some scanning of their own they can catch it that much quicker. Tom Schaefer -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 100GB incremental backups
Yeah, I think possibly I can and might look into it if need be, but thats not nearly as accurate as if ctime was working properly. Particulary the case where a bunch of files residing on the local hard drive of a PC are moved onto the samba server. Samba puts all those files onto the Unix file space with the same mtime stamp that they had on the PC. So, say I've got 100Meg of files on my PC with modified times anywhere in the past other than today, which is basically any 100Meg set of files you're going to have on your PC, and I move them over to the samba server, they would NOT get backed up in that evenings incremental backup, they wouldn't get backed up until the next full backup was done. Hundreds of Megs of files being moved off of PCs onto the samba serveer is VERY common around here. Tom Schaefer On Fri, 21 Mar 2003 11:36:41 -0500 Jon Niehof <[EMAIL PROTECTED]> wrote: > > The backup software uses the Unix ctime value of files when checking > Can you set the backup software to use mtime instead? > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 100GB incremental backups
We've recently migrated my entire University including faculty and staff from Novell to Samba. There's typically 700+ clients connected to the samba server at any given time and thus far there are about 400GB of client's files on the server. Basically every Microsoft Windows user generated file (Word, Excel, whatever) of the entire University gets stored on my Samba server. Obviously backups are important. The Samba server is a Sunfire 280R and we use Sun's Solstice Backup (rebadged Legato Networker) and a Storagetek Timberwolf DLT tape jukebox to do backups every night. A full backup on Sat. nights and an incremental the other 6. Ok, now to the problem/question - lately we've been getting a lot of Huge incremental backups. I spent a great deal of my time yesterday digging into the problem and unfortunately I came to the conclusion I least expected, that it is a Samba issue. The backup software uses the Unix ctime value of files when checking for files that need to be included in an incremental backup. What I've discovered is that files accessed via Samba by just simple things like being virus scanned with Norton Antivirus, simply opening a file in MS Word but not changing it, or just right clicking on a file in Windows Explorer and checking the properties change the ctime stamp of the inode to the current date and time and are thus picked up by our backup software as being changed since the last backup and getting backed up in an incremental backup that evening even though the file hasn't really changed whatsoever. I thought maybe it was some kind of issue with the Samba build I'm using or the file system (Samba 2.2.8 on Solaris 5.8 with UFS file system) but I messed with it at home last night where I've got an older version of Samba running on Linux with EXT3 file system and it exhibited the same behavior. Why is this? Is it by design for some reason or a bug? It seems like a bug to me. More to the point, is there anwyay to change this behaviour? Every client PC on campus has Norton Anti Virus installed and I think my huge incremental backups are coming from PCs that have used NAV that day to scan their Samba "network drives" thus resetting the ctime on every file that is scanned and therefore every scanned file that day becomes part of the incremental backup to tape that evening. Tom Schaefer Unix Administrator University of Missouri St. Louis -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: max log size setting ignored
Thanks but no thanks. I've got literally hundreds of users. As I write this message there are 424 unique users using my samba server. I don't want hundreds and hundreds of little log files. I want one BIG log file. It should be no-brainer, in the [global] section of smb.conf I have: log level = 1 max log size = 0 But, no matter what I set "max log size" to, be it 0 or a big number, it is always ignored and the log.smbd is always ended at 5 Meg. I doubt I'm going to get any support, you'll all write and say "it works fine for me" or "you must be doing something wrong" but oh well. In fact, when I did a little digging into it a while back running samba on my workstation which is also Sparc/Solaris the parameter did in fact seem to work ok. But that was with a basic smb.conf and a load of 1 user (me) testing from my Windows 2000 box. It just doesn't work on my server. :( I guess, all I'm asking is that if anybody else has seen this problem, please speak up. Thankyou, Tom Schaefer > You might try setting in your smb.conf [globals]: > log file = /var/log/samba/log.%m > max log size = 100 > log level = 1 > > Should keep the log file < 100 Kb per client. > > This works for me. > > - John T. > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] max log size setting ignored
I work at a university and we are in the process of moving basically everything, and I mean everything to samba, eg.: bash-2.03$ /usr/local/samba/bin/smbstatus | wc -l 1669 As you might imagine my log.smbd grows quite rapidly. Even at log level 1 it routinely exceeds 5 Meg. a day and then is renamed log.smbd.old and a new log.smbd is created. NO MATTER WHAT I SET "max log size" equal to! Be it a large value like 30 which is what I want, or 0 for infinite, its just always seems to be ignored and the default 5000 is always in effect. Is anybody else experiencing this? I have a feeling it has to do with the sheer load this server experiences and/or the complexity of the smb.conf file although its really not THAT complex. I'm doing the "dual personality" thing with include = /usr/local/samba/lib/%L.smb.conf and make a lot of use of %U and %G and a bit of %S and some "force user" and some "force group" and "root prexec" and "root prexec close" but REALLY NOTHING THAT complicated and EVERYTHING works perfectly except for the "max log size" setting. This used to happen when I used to build Samba with gcc on Solaris and it still happens although now I use Sun's Forte compiler. I've been annoyed by this version after version of Samba and everytime I upgrade I always eagerly check if my log files will grow beyond 5 Meg and they never do. I just upgraded to 2.2.7 last week and am still experiencing this problem so I've decided to finally post about it. Tom Schaefer I -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba