Re: [Samba] Samba4 user mapping into filesystem
On Wed, Feb 8, 2012 at 5:31 PM, William Brown william.e.br...@adelaide.edu.au wrote: You likely don't have ACL's enabled on the filesystem that samba is sharing. You can check with sudo tune2fs -l /dev/vg_lillie/lv_root | grep option replacing your disk into that command. You should see something like Default mount options: user_xattr acl If not, you should enable the filesystem ACL using tune2fs, then reboot your machine. tune2fs -o acl /dev/sda1 And this is why you don't use a mailing list while half asleep. I misread yoru problem. Probably still good to check that. Anyway, do you have the machine joined to its own domain? Are you running winbind to resolve the usernames etc? The issue you might be seeing is that while they have an owner that isn't there, if you use getfacl on the file it should have the ACL's to allow the group / user in question to read/write it. The non existent user could be due to winbind trying to map the user Id to an account, but you don't have the client side of the resolver setup, so it shows non existant. using ls, check the numerical ID on the files. Odd. I certainly have the mount options in /etc/fstab, and using the little test on the HOWTO (https://wiki.samba.org/index.php/Samba4/HOWTO#NOTE_about_filesystem_support), it's supposed to be working. However, listing the filesystem options with tune2fs shows none for Default mount options. ext_attr does show as a feature in Filesystem features however. To your other questions: - I assume that provisioning the installation implicitly joined it to the domain. This is the only domain controller on a very small network. If provisioning didn't join it automatically, then no, it's not joined to its own domain. - Winbind isn't installed. I followed the HOWTO, but didn't see a step about installing winbind. Like I say, everything else appears to be working fine. I'm just trying to wrap my head around the relationship between Samba's internal users and the underlying filesystem permissions. Thanks for you help! Brantley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 user mapping into filesystem
This may help you out.. https://wiki.samba.org/index.php/Samba4/Winbind On 02/09/2012 07:17 AM, Brantley Hobbs wrote: On Wed, Feb 8, 2012 at 5:31 PM, William Brown william.e.br...@adelaide.edu.au wrote: You likely don't have ACL's enabled on the filesystem that samba is sharing. You can check with sudo tune2fs -l /dev/vg_lillie/lv_root | grep option replacing your disk into that command. You should see something like Default mount options:user_xattr acl If not, you should enable the filesystem ACL using tune2fs, then reboot your machine. tune2fs -o acl /dev/sda1 And this is why you don't use a mailing list while half asleep. I misread yoru problem. Probably still good to check that. Anyway, do you have the machine joined to its own domain? Are you running winbind to resolve the usernames etc? The issue you might be seeing is that while they have an owner that isn't there, if you use getfacl on the file it should have the ACL's to allow the group / user in question to read/write it. The non existent user could be due to winbind trying to map the user Id to an account, but you don't have the client side of the resolver setup, so it shows non existant. using ls, check the numerical ID on the files. Odd. I certainly have the mount options in /etc/fstab, and using the little test on the HOWTO (https://wiki.samba.org/index.php/Samba4/HOWTO#NOTE_about_filesystem_support), it's supposed to be working. However, listing the filesystem options with tune2fs shows none for Default mount options. ext_attr does show as a feature in Filesystem features however. To your other questions: - I assume that provisioning the installation implicitly joined it to the domain. This is the only domain controller on a very small network. If provisioning didn't join it automatically, then no, it's not joined to its own domain. - Winbind isn't installed. I followed the HOWTO, but didn't see a step about installing winbind. Like I say, everything else appears to be working fine. I'm just trying to wrap my head around the relationship between Samba's internal users and the underlying filesystem permissions. Thanks for you help! Brantley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 user mapping into filesystem
- Winbind isn't installed. I followed the HOWTO, but didn't see a step about installing winbind. If you installed S4 you already have it. But s4 winbind doesn't seem to map uid:gid correctly at te mo:( We used nss-ldapd with nfs4 to do the mapping for the Linux side. See the: Re: [Samba] RFC2307 Samba4 [Was: Linux users and Samba 4] thread. Just posted an update to it so it's prob. in your inbox now. HTH, Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 user mapping into filesystem
The problem is that when I set ACL's from a Windows computer, the files with that owner can't be changed (i.e., Windows gives a 'retry/continue/cancel dialog). If I change those files to root:users, I can set ACL's on them all day long. You likely don't have ACL's enabled on the filesystem that samba is sharing. You can check with sudo tune2fs -l /dev/vg_lillie/lv_root | grep option replacing your disk into that command. You should see something like Default mount options:user_xattr acl If not, you should enable the filesystem ACL using tune2fs, then reboot your machine. tune2fs -o acl /dev/sda1 Sincerely, William Brown Research Teaching, Technology Services The University of Adelaide, AUSTRALIA 5005 CRICOS Provider Number 00123M - IMPORTANT: This message may contain confidential or legally privileged information. If you think it was sent to you by mistake, please delete all copies and advise the sender. For the purposes of the SPAM Act 2003, this email is authorised by The University of Adelaide. pgp.mit.edu http://pgp.mit.edu:11371/pks/lookup?op=vindexsearch=0x3C0AC6DAB2F928A2 signature.asc Description: Message signed with OpenPGP using GPGMail -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba4 user mapping into filesystem
On 09/02/2012, at 08:51, William Brown wrote: The problem is that when I set ACL's from a Windows computer, the files with that owner can't be changed (i.e., Windows gives a 'retry/continue/cancel dialog). If I change those files to root:users, I can set ACL's on them all day long. You likely don't have ACL's enabled on the filesystem that samba is sharing. You can check with sudo tune2fs -l /dev/vg_lillie/lv_root | grep option replacing your disk into that command. You should see something like Default mount options:user_xattr acl If not, you should enable the filesystem ACL using tune2fs, then reboot your machine. tune2fs -o acl /dev/sda1 And this is why you don't use a mailing list while half asleep. I misread yoru problem. Probably still good to check that. Anyway, do you have the machine joined to its own domain? Are you running winbind to resolve the usernames etc? The issue you might be seeing is that while they have an owner that isn't there, if you use getfacl on the file it should have the ACL's to allow the group / user in question to read/write it. The non existent user could be due to winbind trying to map the user Id to an account, but you don't have the client side of the resolver setup, so it shows non existant. using ls, check the numerical ID on the files. Sincerely, William Brown Research Teaching, Technology Services The University of Adelaide, AUSTRALIA 5005 CRICOS Provider Number 00123M - IMPORTANT: This message may contain confidential or legally privileged information. If you think it was sent to you by mistake, please delete all copies and advise the sender. For the purposes of the SPAM Act 2003, this email is authorised by The University of Adelaide. pgp.mit.edu http://pgp.mit.edu:11371/pks/lookup?op=vindexsearch=0x3C0AC6DAB2F928A2 signature.asc Description: Message signed with OpenPGP using GPGMail -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba