Re: [Samba] SAMBA PDC User Permissions, Admin Settings, and Logon?
I'm having a similiar problem on my 2.2.7 PDC. If my users are not listed in the domain admin group, then they have very restricted access to the windows registry when the login. Most of their programs will not work at all. I'm not sure at this point what the solution is. I want to see if there is a way to do something like add their DOMAIN user account to the LOCAL machines POWER USER group. I'm going to give it a shot in the morning. Do you have your /home issue fixed yet? I would be happy to help you with that if you are still having problems. If anyone has any ideas or suggestions about my registry permissions, let me know... Thanks, Jason N. On Tue, 2003-02-25 at 05:51, richard wrote: > Hi, Don't know if this is relevant but I read somewhere that including > below in [global] makes Samba do strange things? I believe this is a > "share" parameter? If this helps please post your results. > > profile acls = Yes > > Richard. > > On Tue, 2003-02-25 at 04:48, Nolan Garrett wrote: > > Hi all! First off, I'd like to thank you for the help you've previously > > given me. I'd like to state a few of the problems I am now experiencing, > > and you all can provide insight. I've read all the documentation I can find > > and have surfed the archives for this newsgroup, but to no avail. Any help > > would be greatly appreciated! > > > > (I am using SAMBA 2.2.7) > > > > Issue 1: If I don't have every user listed in the admin users = section that > > I want to allow logon access, they cannot log on. I usually get a domain > > unavailable error. > > > > Issue 2: If I don't set up each user account (w/ domain) on the WinXP > > machine I want to logon to, I get some kind of very, very limited logon. It > > almost seems to be corrupted. > > > > Issue 3: This is my main frustration - I cannot seem to block access to > > other peoples shares! EG user chrisg can access the nolan share, etc. > > > > Final Issue: Not a big problem, but I can't figure out how to set up the > > CUPS drivers for the pdf-generator. > > > > Is it a winbind problem, bad config, or am I just a moron? > > > > Attached is my smb.conf > > > > # Samba config file created using SWAT > > # from gridlock.workgroup.net (192.168.0.5) > > # Date: 2003/02/24 18:08:30 > > > > # Global parameters > > [global] > > netbios name = MAIN > > server string = Samba Server %v > > encrypt passwords = Yes > > passwd program = /usr/bin/passwd %u > > passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password > > * %n\n *Enter*new*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n *p > > asswd: *all*authentication*tokens*updated*succesfully* > > unix password sync = Yes > > log level = 1 > > log file = /var/log/samba/log.%m > > max log size = 50 > > socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBU > > F=8192 SO_SNDBUF=8192 > > printcap name = cups > > domain admin group = @admins > > add user script = /usr/sbin/useradd -d /dev/null -g machines -s /bin > > /false -M %u > > logon script = %U.bat > > logon path = \\main\profiles\%U > > logon drive = Z: > > logon home = \\main\%U\.profile > > domain logons = Yes > > os level = 99 > > domain master = Yes > > dns proxy = No > > wins support = Yes > > winbind uid = 1-2 > > winbind gid = 1-2 > > ; valid users = ahayes root danielleg chrisg rickg nolan > > admin users = root nolan chrisg rickg danielleg alyssag > > printer admin = nolan root > > hosts allow = 192.168.0. 127. > > ; profile acls = Yes > > printing = cups > > > > [homes] > > comment = Home Directory for %u > > read only = No > > create mask = 0660 > > directory mask = 0770 > > browseable = No > > oplocks = No > > level2 oplocks = No > > > > [netlogon] > > comment = Network Logon Service > > path = /var/lib/samba/netlogon > > write list = root nolan > > > > [profiles] > > path = /var/lib/samba/profiles > > read only = No > > create mask = 0600 > > directory mask = 0700 > > guest ok = Yes > > browseable = No > > csc policy = disable > > > > [printers] > > comment = All Printers > > path = /var/spool/samba > > printer admin = root nolan > > guest ok = Yes > > printable = Yes > > browseable = No > > > > [print$] > > comment = Printer Drivers > > path = /etc/samba/drivers > > write list = root nolan > > > > [pdf-generator] > > comment = PDF Generator (only valid users!) > > path = /var/tmp > > printable = Yes > > print command = /usr/share/samba/scripts/print-pdf %s ~%u %L > > %u %m & > > > > [public] > > comment
Re: [Samba] SAMBA PDC User Permissions, Admin Settings, and Logon?
Hi, Don't know if this is relevant but I read somewhere that including below in [global] makes Samba do strange things? I believe this is a "share" parameter? If this helps please post your results. profile acls = Yes Richard. On Tue, 2003-02-25 at 04:48, Nolan Garrett wrote: > Hi all! First off, I'd like to thank you for the help you've previously > given me. I'd like to state a few of the problems I am now experiencing, > and you all can provide insight. I've read all the documentation I can find > and have surfed the archives for this newsgroup, but to no avail. Any help > would be greatly appreciated! > > (I am using SAMBA 2.2.7) > > Issue 1: If I don't have every user listed in the admin users = section that > I want to allow logon access, they cannot log on. I usually get a domain > unavailable error. > > Issue 2: If I don't set up each user account (w/ domain) on the WinXP > machine I want to logon to, I get some kind of very, very limited logon. It > almost seems to be corrupted. > > Issue 3: This is my main frustration - I cannot seem to block access to > other peoples shares! EG user chrisg can access the nolan share, etc. > > Final Issue: Not a big problem, but I can't figure out how to set up the > CUPS drivers for the pdf-generator. > > Is it a winbind problem, bad config, or am I just a moron? > > Attached is my smb.conf > > # Samba config file created using SWAT > # from gridlock.workgroup.net (192.168.0.5) > # Date: 2003/02/24 18:08:30 > > # Global parameters > [global] > netbios name = MAIN > server string = Samba Server %v > encrypt passwords = Yes > passwd program = /usr/bin/passwd %u > passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password > * %n\n *Enter*new*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n *p > asswd: *all*authentication*tokens*updated*succesfully* > unix password sync = Yes > log level = 1 > log file = /var/log/samba/log.%m > max log size = 50 > socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBU > F=8192 SO_SNDBUF=8192 > printcap name = cups > domain admin group = @admins > add user script = /usr/sbin/useradd -d /dev/null -g machines -s /bin > /false -M %u > logon script = %U.bat > logon path = \\main\profiles\%U > logon drive = Z: > logon home = \\main\%U\.profile > domain logons = Yes > os level = 99 > domain master = Yes > dns proxy = No > wins support = Yes > winbind uid = 1-2 > winbind gid = 1-2 > ; valid users = ahayes root danielleg chrisg rickg nolan > admin users = root nolan chrisg rickg danielleg alyssag > printer admin = nolan root > hosts allow = 192.168.0. 127. > ; profile acls = Yes > printing = cups > > [homes] > comment = Home Directory for %u > read only = No > create mask = 0660 > directory mask = 0770 > browseable = No > oplocks = No > level2 oplocks = No > > [netlogon] > comment = Network Logon Service > path = /var/lib/samba/netlogon > write list = root nolan > > [profiles] > path = /var/lib/samba/profiles > read only = No > create mask = 0600 > directory mask = 0700 > guest ok = Yes > browseable = No > csc policy = disable > > [printers] > comment = All Printers > path = /var/spool/samba > printer admin = root nolan > guest ok = Yes > printable = Yes > browseable = No > > [print$] > comment = Printer Drivers > path = /etc/samba/drivers > write list = root nolan > > [pdf-generator] > comment = PDF Generator (only valid users!) > path = /var/tmp > printable = Yes > print command = /usr/share/samba/scripts/print-pdf %s ~%u %L > %u %m & > > [public] > comment = Public > path = /home/samba/public > read only = No > guest ok = Yes > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA PDC User Permissions, Admin Settings, and Logon?
Rob Savage wrote: > Hey Nolan, > > I can easily give you an answer to I3 > >>Issue 3: This is my main frustration - I cannot seem to block access to >>other peoples shares! EG user chrisg can access the nolan share, etc. >> >> >>[homes] >>comment = Home Directory for %u >>read only = No >>create mask = 0660 >>directory mask = 0770 >>browseable = No >>oplocks = No >>level2 oplocks = No > > Try adding these: > > Valid users = %U > Path = /home/%u > Guest ok = No > --- > Have an excellent day, > > Rob Savage > AFAIK the special homes share needs %S instead of %U in valid users. I don't think it is necessary to specify path (or perhaps even invalid?). Samba will allways respect Unix permissions, so you can also set users home dir to 0700 to block access. Eirik Thorsnes -- Never let a computer know you're in a hurry. -Anonymous -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] SAMBA PDC User Permissions, Admin Settings, and Logon?
Hey Nolan, I can easily give you an answer to I3 >Issue 3: This is my main frustration - I cannot seem to block access to >other peoples shares! EG user chrisg can access the nolan share, etc. > > >[homes] >comment = Home Directory for %u >read only = No >create mask = 0660 >directory mask = 0770 >browseable = No >oplocks = No >level2 oplocks = No Try adding these: Valid users = %U Path = /home/%u Guest ok = No --- Have an excellent day, Rob Savage -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Nolan Garrett Sent: February 24, 2003 11:49 AM To: [EMAIL PROTECTED] Subject: [Samba] SAMBA PDC User Permissions, Admin Settings, and Logon? Hi all! First off, I'd like to thank you for the help you've previously given me. I'd like to state a few of the problems I am now experiencing, and you all can provide insight. I've read all the documentation I can find and have surfed the archives for this newsgroup, but to no avail. Any help would be greatly appreciated! (I am using SAMBA 2.2.7) Issue 1: If I don't have every user listed in the admin users = section that I want to allow logon access, they cannot log on. I usually get a domain unavailable error. Issue 2: If I don't set up each user account (w/ domain) on the WinXP machine I want to logon to, I get some kind of very, very limited logon. It almost seems to be corrupted. Issue 3: This is my main frustration - I cannot seem to block access to other peoples shares! EG user chrisg can access the nolan share, etc. Final Issue: Not a big problem, but I can't figure out how to set up the CUPS drivers for the pdf-generator. Is it a winbind problem, bad config, or am I just a moron? Attached is my smb.conf # Samba config file created using SWAT # from gridlock.workgroup.net (192.168.0.5) # Date: 2003/02/24 18:08:30 # Global parameters [global] netbios name = MAIN server string = Samba Server %v encrypt passwords = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password * %n\n *Enter*new*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n *p asswd: *all*authentication*tokens*updated*succesfully* unix password sync = Yes log level = 1 log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBU F=8192 SO_SNDBUF=8192 printcap name = cups domain admin group = @admins add user script = /usr/sbin/useradd -d /dev/null -g machines -s /bin /false -M %u logon script = %U.bat logon path = \\main\profiles\%U logon drive = Z: logon home = \\main\%U\.profile domain logons = Yes os level = 99 domain master = Yes dns proxy = No wins support = Yes winbind uid = 1-2 winbind gid = 1-2 ; valid users = ahayes root danielleg chrisg rickg nolan admin users = root nolan chrisg rickg danielleg alyssag printer admin = nolan root hosts allow = 192.168.0. 127. ; profile acls = Yes printing = cups [homes] comment = Home Directory for %u read only = No create mask = 0660 directory mask = 0770 browseable = No oplocks = No level2 oplocks = No [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon write list = root nolan [profiles] path = /var/lib/samba/profiles read only = No create mask = 0600 directory mask = 0700 guest ok = Yes browseable = No csc policy = disable [printers] comment = All Printers path = /var/spool/samba printer admin = root nolan guest ok = Yes printable = Yes browseable = No [print$] comment = Printer Drivers path = /etc/samba/drivers write list = root nolan [pdf-generator] comment = PDF Generator (only valid users!) path = /var/tmp printable = Yes print command = /usr/share/samba/scripts/print-pdf %s ~%u %L %u %m & [public] comment = Public path = /home/samba/public read only = No guest ok = Yes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba