Re: [Samba] AD issue....
I believe you want @"domain users" not "@domain users" (notice the placement of @) -- Aaron Michael Fernández M. wrote: > El lun, 03-12-2007 a las 18:43 +0530, Sadique Puthen escribió: >> Set "winbind use default domain = yes" in smb.conf if you want to change >> ownership of files to ad users using their actual name. If you don't set >> it, you should change the ownership using "domain+username" as the >> username which linux doesn't like much. >> >> If you want getent passwd/group to work please make sure that you have >> the below parameters in smb.conf though it has slight problems while >> maintaining large number of users. >> >> winbind enum users = yes >> winbind enum groups = yes > > Yes, now is working, i can get the users an groups with getent passwd > > Thanks > > But i cannot set permissions to shares map via Windows, i have the > folowing configuration in SMB.conf: > > drwxrwxrwx 3 administrator domain users 4096 2007-11-30 16:39 Domain > > [domain] >comment = domain >browseable = yes >path = /home/Domain >public = yes >writable = yes >valid users = '@domain users' <<< This will work? > > > Michael.- > > > >> This is not required if you are running "getent passwd ". >> >> --Sadique >> >> Michael Fernández M. wrote: >>> Hi, i want to integrate AD + Samba3 via kerberos, every works great i >>> get the users and groups with wbinfo -u and wbinfo -g >>> so in linux i cat set the permissions to a share using the AD's users. >>> However when i try "getent passwd" I only get the system users and not >>> the AD's users... in my nsswitch.conf i have: >>> >>> passwd: files winbind >>> group: files winbind >>> shadow: files >>> hosts: files dns winbind >>> networks: files >>> >>> >>> In the other hand on Windows when I try to set a permission to a share >>> using I cannot set them, because i got Permission denied. >>> >>> The following is my smb.conf: >>> >>> [global] >>> security = ADS >>> netbios name = andromaca >>> realm = domain.tld >>> encrypt passwords = yes >>> password server = x.x.x.x >>> workgroup = domain >>> idmap uid = 1-2 >>> idmap gid = 1-2 >>> ldap ssl = no >>> winbind separator = + >>> template homedir = /home/%D/%U >>> template shell = /bin/bash >>> client use spnego = yes >>> >>> [ol] >>>comment = ol >>>browseable = yes >>>path = /home/ol >>>public = yes >>>writable = yes >>> >>> [lala] >>>comment = lala >>>browseable = yes >>>path = /home/ol/lala >>>public = yes >>>writable = yes >>> >>> -- >>> >>> when i set the permissions on lala via linux to a specific AD user, and >>> then on Windows I map that share with that user so can got it and can >>> write, read, delete, etc >>> >>> Anyone knows how can i do it in order to set the permissions via >>> Windows? >>> >>> Thanks >>> >>> Michael.- >>> >>> >>> >> > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] AD issue....
I don't believe so. The only share's you can control/manage remotely are through the following smb.conf parameters: I'm not sure if they support ACL changes as I have not used them myself. (as of 3.0.27a) add share command change share command delete share command usershare allow guests usershare max shares usershare owner only usershare path usershare prefix allow list usershare prefix deny list usershare template share Good luck! -- Aaron Michael Fernández M. wrote: > El lun, 03-12-2007 a las 08:52 -0600, Aaron J. Zirbes escribió: >> I believe you want @"domain users" not "@domain users" (notice the >> placement of @) >> > yes, you believe the correct thanks > > For example: > > I share the directory: "eee" via samba. > > smb.conf: > > [eee] >comment = eee >browseable = y >path = /home/eee >public = yes >writable = yes > > The diretory have the following permission: > > drwxrwx--- 3 administrator g ingenieria 4096 2007-12-03 11:55 eee > > > I have the following question, it is posible to set the permission via > windows to a share? > > I ask because when I map the share it works, i can create a directory on > it, but when see the properties of a share in order to check the > permissions i see: > > Administrator (Unix user\Administrator) > g ingenieria (Unix group\g ingenieria) > > And when i try to add an other user i got "access is denied" > > I've attached and image of the permissions on windows... > > Thanks for the time guys... > > Michael.- > > >> -- >> Aaron >> >> Michael Fernández M. wrote: >>> El lun, 03-12-2007 a las 18:43 +0530, Sadique Puthen escribió: Set "winbind use default domain = yes" in smb.conf if you want to change ownership of files to ad users using their actual name. If you don't set it, you should change the ownership using "domain+username" as the username which linux doesn't like much. If you want getent passwd/group to work please make sure that you have the below parameters in smb.conf though it has slight problems while maintaining large number of users. winbind enum users = yes winbind enum groups = yes >>> Yes, now is working, i can get the users an groups with getent passwd >>> >>> Thanks >>> >>> But i cannot set permissions to shares map via Windows, i have the >>> folowing configuration in SMB.conf: >>> >>> drwxrwxrwx 3 administrator domain users 4096 2007-11-30 16:39 Domain >>> >>> [domain] >>>comment = domain >>>browseable = yes >>>path = /home/Domain >>>public = yes >>>writable = yes >>>valid users = '@domain users' <<< This will work? >>> >>> >>> Michael.- >>> >>> >>> This is not required if you are running "getent passwd ". --Sadique Michael Fernández M. wrote: > Hi, i want to integrate AD + Samba3 via kerberos, every works great i > get the users and groups with wbinfo -u and wbinfo -g > so in linux i cat set the permissions to a share using the AD's users.. > However when i try "getent passwd" I only get the system users and not > the AD's users... in my nsswitch.conf i have: > > passwd: files winbind > group: files winbind > shadow: files > hosts: files dns winbind > networks: files > > > In the other hand on Windows when I try to set a permission to a share > using I cannot set them, because i got Permission denied. > > The following is my smb.conf: > > [global] > security = ADS > netbios name = andromaca > realm = domain.tld > encrypt passwords = yes > password server = x.x.x.x > workgroup = domain > idmap uid = 1-2 > idmap gid = 1-2 > ldap ssl = no > winbind separator = + > template homedir = /home/%D/%U > template shell = /bin/bash > client use spnego = yes > > [ol] >comment = ol >browseable = yes >path = /home/ol >public = yes >writable = yes > > [lala] >comment = lala >browseable = yes >path = /home/ol/lala >public = yes >writable = yes > > -- > > when i set the permissions on lala via linux to a specific AD user, and > then on Windows I map that share with that user so can got it and can > write, read, delete, etc > > Anyone knows how can i do it in order to set the permissions via > Windows? > > Thanks > > Michael.- > > > >>> > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] AD issue....
El lun, 03-12-2007 a las 09:18 -0600, Hans-Wilhelm Heisinger escribió: > Michael, > > Here is a great How To for AD. > http://ubuntuforums.org/showthread.php?t=280702 > I had the same issue, and after following the "how to" it was resolve. > > Mit freundlichen Grüßen > Hans-Wilhelm Heisinger > thanks i will check it out Michael.. > Paulo Almeida wrote: > > Hi Michael, > > > > > >>valid users = '@domain users' <<< This will work? > >> > > > > Try valid users = "@DOMAIN+Domain Users" or "@DOMAIN\Domain Users", > > dependig on the your winbind separator statement. > > > > Regards, > > Paulo Almeida > > > > > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] AD issue....
El lun, 03-12-2007 a las 08:52 -0600, Aaron J. Zirbes escribió: > I believe you want @"domain users" not "@domain users" (notice the placement > of @) > yes, you believe the correct thanks For example: I share the directory: "eee" via samba. smb.conf: [eee] comment = eee browseable = y path = /home/eee public = yes writable = yes The diretory have the following permission: drwxrwx--- 3 administrator g ingenieria 4096 2007-12-03 11:55 eee I have the following question, it is posible to set the permission via windows to a share? I ask because when I map the share it works, i can create a directory on it, but when see the properties of a share in order to check the permissions i see: Administrator (Unix user\Administrator) g ingenieria (Unix group\g ingenieria) And when i try to add an other user i got "access is denied" I've attached and image of the permissions on windows... Thanks for the time guys... Michael.- > -- > Aaron > > Michael Fernández M. wrote: > > El lun, 03-12-2007 a las 18:43 +0530, Sadique Puthen escribió: > >> Set "winbind use default domain = yes" in smb.conf if you want to change > >> ownership of files to ad users using their actual name. If you don't set > >> it, you should change the ownership using "domain+username" as the > >> username which linux doesn't like much. > >> > >> If you want getent passwd/group to work please make sure that you have > >> the below parameters in smb.conf though it has slight problems while > >> maintaining large number of users. > >> > >> winbind enum users = yes > >> winbind enum groups = yes > > > > Yes, now is working, i can get the users an groups with getent passwd > > > > Thanks > > > > But i cannot set permissions to shares map via Windows, i have the > > folowing configuration in SMB.conf: > > > > drwxrwxrwx 3 administrator domain users 4096 2007-11-30 16:39 Domain > > > > [domain] > >comment = domain > >browseable = yes > >path = /home/Domain > >public = yes > >writable = yes > >valid users = '@domain users' <<< This will work? > > > > > > Michael.- > > > > > > > >> This is not required if you are running "getent passwd ". > >> > >> --Sadique > >> > >> Michael Fernández M. wrote: > >>> Hi, i want to integrate AD + Samba3 via kerberos, every works great i > >>> get the users and groups with wbinfo -u and wbinfo -g > >>> so in linux i cat set the permissions to a share using the AD's users.. > >>> However when i try "getent passwd" I only get the system users and not > >>> the AD's users... in my nsswitch.conf i have: > >>> > >>> passwd: files winbind > >>> group: files winbind > >>> shadow: files > >>> hosts: files dns winbind > >>> networks: files > >>> > >>> > >>> In the other hand on Windows when I try to set a permission to a share > >>> using I cannot set them, because i got Permission denied. > >>> > >>> The following is my smb.conf: > >>> > >>> [global] > >>> security = ADS > >>> netbios name = andromaca > >>> realm = domain.tld > >>> encrypt passwords = yes > >>> password server = x.x.x.x > >>> workgroup = domain > >>> idmap uid = 1-2 > >>> idmap gid = 1-2 > >>> ldap ssl = no > >>> winbind separator = + > >>> template homedir = /home/%D/%U > >>> template shell = /bin/bash > >>> client use spnego = yes > >>> > >>> [ol] > >>>comment = ol > >>>browseable = yes > >>>path = /home/ol > >>>public = yes > >>>writable = yes > >>> > >>> [lala] > >>>comment = lala > >>>browseable = yes > >>>path = /home/ol/lala > >>>public = yes > >>>writable = yes > >>> > >>> -- > >>> > >>> when i set the permissions on lala via linux to a specific AD user, and > >>> then on Windows I map that share with that user so can got it and can > >>> write, read, delete, etc > >>> > >>> Anyone knows how can i do it in order to set the permissions via > >>> Windows? > >>> > >>> Thanks > >>> > >>> Michael.- > >>> > >>> > >>> > >> > > > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] AD issue....
Michael, Here is a great How To for AD. http://ubuntuforums.org/showthread.php?t=280702 I had the same issue, and after following the "how to" it was resolve. Mit freundlichen Grüßen Hans-Wilhelm Heisinger Paulo Almeida wrote: Hi Michael, valid users = '@domain users' <<< This will work? Try valid users = "@DOMAIN+Domain Users" or "@DOMAIN\Domain Users", dependig on the your winbind separator statement. Regards, Paulo Almeida -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] AD issue....
Hi Michael, >valid users = '@domain users' <<< This will work? Try valid users = "@DOMAIN+Domain Users" or "@DOMAIN\Domain Users", dependig on the your winbind separator statement. Regards, Paulo Almeida -- Escola Superior de Enfermagem do Porto Rua Dr. António Bernardino de Almeida 4200-072 Porto - Portugal Tel: +351 22 5073500 - Fax: +351 22 5096337 http://portal.esenf.pt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] AD issue....
El lun, 03-12-2007 a las 18:43 +0530, Sadique Puthen escribió: > Set "winbind use default domain = yes" in smb.conf if you want to change > ownership of files to ad users using their actual name. If you don't set > it, you should change the ownership using "domain+username" as the > username which linux doesn't like much. > > If you want getent passwd/group to work please make sure that you have > the below parameters in smb.conf though it has slight problems while > maintaining large number of users. > > winbind enum users = yes > winbind enum groups = yes Yes, now is working, i can get the users an groups with getent passwd Thanks But i cannot set permissions to shares map via Windows, i have the folowing configuration in SMB.conf: drwxrwxrwx 3 administrator domain users 4096 2007-11-30 16:39 Domain [domain] comment = domain browseable = yes path = /home/Domain public = yes writable = yes valid users = '@domain users' <<< This will work? Michael.- > > This is not required if you are running "getent passwd ". > > --Sadique > > Michael Fernández M. wrote: > > Hi, i want to integrate AD + Samba3 via kerberos, every works great i > > get the users and groups with wbinfo -u and wbinfo -g > > so in linux i cat set the permissions to a share using the AD's users. > > However when i try "getent passwd" I only get the system users and not > > the AD's users... in my nsswitch.conf i have: > > > > passwd: files winbind > > group: files winbind > > shadow: files > > hosts: files dns winbind > > networks: files > > > > > > In the other hand on Windows when I try to set a permission to a share > > using I cannot set them, because i got Permission denied. > > > > The following is my smb.conf: > > > > [global] > > security = ADS > > netbios name = andromaca > > realm = domain.tld > > encrypt passwords = yes > > password server = x.x.x.x > > workgroup = domain > > idmap uid = 1-2 > > idmap gid = 1-2 > > ldap ssl = no > > winbind separator = + > > template homedir = /home/%D/%U > > template shell = /bin/bash > > client use spnego = yes > > > > [ol] > >comment = ol > >browseable = yes > >path = /home/ol > >public = yes > >writable = yes > > > > [lala] > >comment = lala > >browseable = yes > >path = /home/ol/lala > >public = yes > >writable = yes > > > > -- > > > > when i set the permissions on lala via linux to a specific AD user, and > > then on Windows I map that share with that user so can got it and can > > write, read, delete, etc > > > > Anyone knows how can i do it in order to set the permissions via > > Windows? > > > > Thanks > > > > Michael.- > > > > > > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] AD issue....
Set "winbind use default domain = yes" in smb.conf if you want to change ownership of files to ad users using their actual name. If you don't set it, you should change the ownership using "domain+username" as the username which linux doesn't like much. If you want getent passwd/group to work please make sure that you have the below parameters in smb.conf though it has slight problems while maintaining large number of users. winbind enum users = yes winbind enum groups = yes This is not required if you are running "getent passwd ". --Sadique Michael Fernández M. wrote: Hi, i want to integrate AD + Samba3 via kerberos, every works great i get the users and groups with wbinfo -u and wbinfo -g so in linux i cat set the permissions to a share using the AD's users. However when i try "getent passwd" I only get the system users and not the AD's users... in my nsswitch.conf i have: passwd: files winbind group: files winbind shadow: files hosts: files dns winbind networks: files In the other hand on Windows when I try to set a permission to a share using I cannot set them, because i got Permission denied. The following is my smb.conf: [global] security = ADS netbios name = andromaca realm = domain.tld encrypt passwords = yes password server = x.x.x.x workgroup = domain idmap uid = 1-2 idmap gid = 1-2 ldap ssl = no winbind separator = + template homedir = /home/%D/%U template shell = /bin/bash client use spnego = yes [ol] comment = ol browseable = yes path = /home/ol public = yes writable = yes [lala] comment = lala browseable = yes path = /home/ol/lala public = yes writable = yes -- when i set the permissions on lala via linux to a specific AD user, and then on Windows I map that share with that user so can got it and can write, read, delete, etc Anyone knows how can i do it in order to set the permissions via Windows? Thanks Michael.- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] AD issue....
Hi, i want to integrate AD + Samba3 via kerberos, every works great i get the users and groups with wbinfo -u and wbinfo -g so in linux i cat set the permissions to a share using the AD's users. However when i try "getent passwd" I only get the system users and not the AD's users... in my nsswitch.conf i have: passwd: files winbind group: files winbind shadow: files hosts: files dns winbind networks: files In the other hand on Windows when I try to set a permission to a share using I cannot set them, because i got Permission denied. The following is my smb.conf: [global] security = ADS netbios name = andromaca realm = domain.tld encrypt passwords = yes password server = x.x.x.x workgroup = domain idmap uid = 1-2 idmap gid = 1-2 ldap ssl = no winbind separator = + template homedir = /home/%D/%U template shell = /bin/bash client use spnego = yes [ol] comment = ol browseable = yes path = /home/ol public = yes writable = yes [lala] comment = lala browseable = yes path = /home/ol/lala public = yes writable = yes -- when i set the permissions on lala via linux to a specific AD user, and then on Windows I map that share with that user so can got it and can write, read, delete, etc Anyone knows how can i do it in order to set the permissions via Windows? Thanks Michael.- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba