Hi,
this is a heads-up that there will be Samba security updates for 4.17,
4.18 and 4.19 on Tuesday October 10 2023. Please make sure that your
Samba servers will be updated soon after the release!
Impacted component:
- Fileserver (CVSS 6.5, Medium)
- DCE-RPCs and pipes (CVSS 6.8, Medium
Hi,
this is a heads-up that there will be Samba security updates for 4.16,
4.17 and 4.18 on Wednesday, July 19 2023. Please make sure that your
Samba servers will be updated soon after the release!
Impacted component:
- Winbind (CVSS 5.9, Medium)
- DCE-RPCs and pipes (CVSS 7.5, High, 5.3
Hi,
this is a heads-up that there will be Samba security updates for 4.16,
4.17 and 4.18 on Wednesday, March 29 2023. Please make sure that your
Samba servers will be updated soon after the release!
Impacted component:
- AD DC (CVSS 5.4, Medium, andCVSS 5.9, Medium, and CVSS 7.7, High
Hi,
this is a heads-up that there will be Samba security updates for 4.15,
4.16 and 4.17 on Tuesday, November 15 2022. Please make sure that your
Samba servers will be updated soon after the release!
Impacted components:
- AD DC (CVSS 6.4, Medium)
Cheers,
Jule Anger
--
Jule Anger
Release
Hi,
this is a heads-up that there will be Samba security updates for 4.15,
4.16 and 4.17 on Tuesday, October 25 2022. Please make sure that your
Samba servers will be updated soon after the release!
Impacted components:
- AD DC (CVSS 5.9, Medium)
- Fileserver (CVSS 5.4, Medium)
Cheers
Hi,
this is a heads-up that there will be Samba security updates for 4.14,
4.15 and 4.16 on Wednesday, July 27 2022. Please make sure that your
Samba servers will be updated soon after the release!
Impacted components:
- File server (CVSS 4.3, Medium)
- AD DC (CVSS 8.8, High, and CVSS 5.4
Hi,
this is a heads-up that there will be Samba security updates for 4.13 ,
4.14 and 4.15 on Monday, January 31 2022. Please make sure that your
Samba servers will be updated soon after the release!
Impacted components:
- File server (CVSS 4.2, Medium)
- AD DC (CVSS 8.8, High)
- VFS
Hi,
this is a heads-up that there will be a Samba security update for 4.13
on Monday, January 10 2022. Please make sure that your Samba servers
will be updated soon after the release!
Impacted components:
- file server (CVSS 2.6, Low)
Cheers,
Jule Anger
--
Jule Anger
Release Manager Samba
Hi,
the release will happen around 18:00 UTC November 9th.
metze
> this is a heads-up that there will be Samba security updates
> on Tuesday, November 9. Please make sure that your Samba servers
> will be updated immediately after the release!
>
> Impacted components:
>
&
Hi,
this is a heads-up that there will be Samba security updates
on Tuesday, November 9. Please make sure that your Samba servers
will be updated immediately after the release!
Impacted components:
* AD DC (CVSS 8.8, high)
* AD Domain member (CVSS 8.1, high)
* File server (CVSS 4.8 medium
Hi,
this is a heads-up that there will be Samba security updates
on Tuesday, November 9. Please make sure that your Samba servers
will be updated immediately after the release!
Impacted components:
* AD DC (CVSS 8.8, high)
* AD Domain member (CVSS 8.1, high)
* File server (CVSS 4.8 medium
On Thu, 2013-06-06 at 10:19 +0100, Jonathan Buzzard wrote:
So given the OP wants consistent UID's on presumably his Samba file
server running a 3.6.x variant of Samba how does sssd help?
Hi
sssd is an alternative to using winbind to extract information from AD.
It may help the OP to try it
On Wed, 2013-06-05 at 23:13 +0100, Jonathan Buzzard wrote:
On 05/06/13 17:56, steve wrote:
On Wed, 2013-06-05 at 16:22 +0100, Jonathan Buzzard wrote:
On Wed, 2013-06-05 at 15:42 +0100, Rowland Penny wrote:
I never said that I couldn't get it to work, I just said that it is
just too
On Wed, 2013-06-05 at 23:13 +0100, Jonathan Buzzard wrote:
As far as I can tell sssd does not provide a mechanism for the smbd on
at least 3.5 (the 4.x series might be different but the OP is running
3.6) to see an incoming SID and work out the UID.
It would be pretty useless without. It
On Thu, 2013-06-06 at 10:25 +0200, steve wrote:
On Wed, 2013-06-05 at 23:13 +0100, Jonathan Buzzard wrote:
As far as I can tell sssd does not provide a mechanism for the smbd on
at least 3.5 (the 4.x series might be different but the OP is running
3.6) to see an incoming SID and work
Hi JAB
I've tried this every whichway, including making ranges not overlap. It
looks to me to depend on this line:
idmap config BECAUSE : range = 1000-8000
If I add it, wbinfo SID-ToUID option for jingram gives a UID of 2338, but
no getent passwd entry.
If I remove it, getent passwd jingram
Hi, I gave up on winbind, it is just too complicated and most, if not all,
of the webpages I found via google are incomplete or just down right wrong.
Why not try sssd, it just works, all you need to do is add uidNumbers to
your users, set up sssd and away you go, have a look here:
Why not use the rid backend for your idmap. That is what I use for my
member servers and my accounts have identical ids across machines.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Yes, he could do that, providing his users never go anywhere near any files
or directories stored on a samba4 server, if they do, they will suddenly
find that have a different id on the server, I have been there and it is
just a mess, it took me a bit to realise why users did not own the files
On Wed, 2013-06-05 at 13:30 +0100, Rowland Penny wrote:
Hi, I gave up on winbind, it is just too complicated and most, if not all,
of the webpages I found via google are incomplete or just down right wrong.
It's actually dead simple, and these days the manual page is actually
accurate. Really
I never said that I couldn't get it to work, I just said that it is just
too complicated. Yes I can read and there was no need to get personal
You can have an smb.conf like this:
[global]
workgroup = DOMAIN
security = ADS
realm = DOMAIN.LAN
encrypt passwords = yes
On Wed, 2013-06-05 at 15:42 +0100, Rowland Penny wrote:
I never said that I couldn't get it to work, I just said that it is
just too complicated. Yes I can read and there was no need to get
personal
You said you gave up because it was too complicated. Also if you are
setting up a Samba file
Oh yes it works ok
on the samba4 server, using winbind
getent passwd user
DOMAIN\user:*:3001106:20513::/home/DOMAIN/user:/bin/bash
uid=3001106(DOMAIN\user) gid=20513(DOMAIN\Domain Users)
groups=20513(DOMAIN\Domain Users),21110(DOMAIN\linuxusers)
change to sssd
getent passwd user
On Wed, 2013-06-05 at 16:22 +0100, Jonathan Buzzard wrote:
On Wed, 2013-06-05 at 15:42 +0100, Rowland Penny wrote:
I never said that I couldn't get it to work, I just said that it is
just too complicated. Yes I can read and there was no need to get
personal
You said you gave up
Well said Steve
From what I have read on the two samba mailing lists, Samba 4 is supposed
to be a clone of windows AD, well windows AD does not have winbind, so I
suppose this begs the question, why when running as a DC controller does
Samba4?
On 5 June 2013 17:56, steve st...@steve-ss.com
On Wed, 2013-06-05 at 18:32 +0100, Rowland Penny wrote:
Well said Steve
From what I have read on the two samba mailing lists, Samba 4 is
supposed to be a clone of windows AD, well windows AD does not have
winbind, so I suppose this begs the question, why when running as a DC
controller
On 05/06/13 17:56, steve wrote:
On Wed, 2013-06-05 at 16:22 +0100, Jonathan Buzzard wrote:
On Wed, 2013-06-05 at 15:42 +0100, Rowland Penny wrote:
I never said that I couldn't get it to work, I just said that it is
just too complicated. Yes I can read and there was no need to get
personal
Hi all,
I'm trying to set up a samba (3.6.6, debian wheezy 64bit) member server on
a 2008R2 domain. I'd like to be able to specify the uidnumbers users get on
here in AD but I'm getting really erratic results.
I've tried changing various range options, and as far as I can tell it
works
Dear samba-mailinglist,
We're using samba 4.0.5 as an active directory domain controller.
We used to set up some file shares on basis security=user in the old
samba version. I was able to set up the shares as they used to be .
My Question:
How can I set up wich user kan read/write which
On 6 February 2013 01:24, Vladimir Levijev vladimir.levi...@gmail.com wrote:
I have Debian Squeeze running Samba being a member of the domain (PDC
and BDC are Windows servers) and it's users are authenticated against
AD using winbind for years.
Now there is a need to setup another virtual
On 4 February 2013 21:38, Vladimir Levijev vladimir.levi...@gmail.com wrote:
I have Debian Squeeze running Samba being a member of the domain (PDC
and BDC are Windows servers) and it's users are authenticated against
AD using winbind for years.
Now there is a need to setup another virtual
Hi,
I have Debian Squeeze running Samba being a member of the domain (PDC
and BDC are Windows servers) and it's users are authenticated against
AD using winbind for years.
Now there is a need to setup another virtual Debian box exactly like
that. So the name of the first is STUDENT, I named the
I would like to use Samba (3.5.10 as supplied with RHEL6 if possible) to
make some directories accessible as a filesystem to (some of) our developers.
However, those directories are read and written by a web server, and all files
and directories in there should belong to www-data:www-data.
Hi there,
On Thu, 24 Jan 2013, Rainer Canavan wrote:
I would like to use Samba (3.5.10 as supplied with RHEL6 if possible) to
make some directories accessible as a filesystem to (some of) our developers.
However, those directories are read and written by a web server, and all files
and
From: Manuel Santiago manuel.santi...@sapo.pt
Date: Thu, 6 Sep 2012 11:50:30 +0100
I have debian squeeze system installed, and samba server 3.5.6 installed.
I need in some shares force to user put username and password to access
data, but if I use share level, the system doesn´t ask for
Hi all,
I have debian squeeze system installed, and samba server 3.5.6 installed.
I need in some shares force to user put username and password to access
data, but if I use share level, the system doesn´t ask for username, and if
I use USER Level I need to make login to see all shares even
Am Donnerstag, 6. September 2012, 12:50:30 schrieb Manuel Santiago:
Hi all,
I have debian squeeze system installed, and samba server 3.5.6 installed.
I need in some shares force to user put username and password to access
data, but if I use share level, the system doesn´t ask for
Dear All,
I manage a Debian Squeeze GNU/Linux (with kernel 2.6.32-5-686 #1 SMP)
with Samba 3.5.6 (samba 2:3.5.6~dfsg-3squeeze8 package is installed).
I have a test directory with native Linux ACL permissions. getfacl
test's output:
# file: test
# owner: akos
# group: grp
# flags: -s-
Le 06/05/2012 23:59, Németh Ákos Ferenc a écrit :
Dear All,
I manage a Debian Squeeze GNU/Linux (with kernel 2.6.32-5-686 #1 SMP)
with Samba 3.5.6 (samba 2:3.5.6~dfsg-3squeeze8 package is installed).
I have a test directory with native Linux ACL permissions. getfacl
test's output:
# file:
Hi all,
I am just struggling with SAMBA design and i was wondering whether anyone
here can help. In my environment, there is an AD server and my SAMBA
server is on an AIX box. I need to set up SAMBA so that it will use AD
authentication AND few particular users found in AD (but not yet in AIX)
I have a working setup with samba squid on one machine. However it
seems that ntlm_auth is not doing what I expected.
As an unprivilegd user I am able to test succesfull password:
ute@alix:~$ ntlm_auth -V
Version 3.5.6
ute@alix:~$ ntlm_auth --username=hans --password=keins
NT_STATUS_OK:
If you require and more information let me know and thanks in advance ..
I'm working with dansguardian and squid with ntlm_auth.
I join squid to the domain and it works for 7 days. After 7 days to the
minute from the time I joined the server to the domain winbind decides
it has lost its
2010/12/26 François Patte francois.pa...@mi.parisdescartes.fr:
As far as I understand from Chris blog, map to guest = bad user is to
be used because the mode security=share is now deprecated. In my version
of samba-swat (samba-swat-3.2.15-0.36) this security share mode is
still there. Do I
Hi everyone. I have a special security risk analyzer that runs on my
network.
It scans my ports and looks for open vulnerabilities. I know that no one
here knows about the security scans but here is what it tells me.
SMB Guest Account Local User Access on port 445.
I assume that I need to
On Tue, Dec 21, 2010 at 05:06:33PM -0700, Bryan Boone wrote:
Hi everyone. I have a special security risk analyzer that runs on my
network.
It scans my ports and looks for open vulnerabilities. I know that no one
here knows about the security scans but here is what it tells me.
SMB Guest
Hello, I hope this is not a dumb question, but I just need some clarification.
I am trying to set up an Ubuntu Samba share for a lab with Windows
computers (Vista and XP). I have two shares that are supposed to
require authentication and one that is supposed to a public share with
no login. I
On Fri, Dec 10, 2010 at 12:08 AM, Kenton Tofte kentonto...@gmail.com wrote:
is it possible to have a guest share under
security = user that does not make Windows ask for login
credentials?
Asked and answered many times.
Decided to add the answer to my blog:
http://t.co/dZrqNb0
Chris
--
To
On Fri, Dec 10, 2010 at 12:48 AM, Chris Smith smb...@chrissmith.org wrote:
Asked and answered many times.
Decided to add the answer to my blog:
http://t.co/dZrqNb0
Maybe a better url shortener:
http://goo.gl/AKk0K
--
To unsubscribe from this list go to the following URL and read the
I also encounter this problem that
the user security mode work fine, but on share security level,
it always return NT_STATUS_WRONG_PASSWORD.
Is SHARE on samba 3.4 deprecated ?
Can anybody give some advice?
Thanks.
--
View this message in context:
I also encounter this problem that
the user security mode work fine, but on share security level,
it always return NT_STATUS_WRONG_PASSWORD.
Is SHARE on samba 3.4 deprecated ?
Can anybody give some advice?
user = share is like Windoze95/98 type file share.
Thanks.
--
View this message
On 07/12/2010 07:47 AM, t...@tms3.com wrote:
I also encounter this problem that
the user security mode work fine, but on share security level,
it always return NT_STATUS_WRONG_PASSWORD.
Is SHARE on samba 3.4 deprecated ?
Can anybody give some advice?
user = share is like Windoze95/98
Hello,
Please, i need help with security mode = share.
i want to configure security = share and the parameter username = user
in a shared folder to avoid that everybody could access to it. f I have
understood correctly the manual, this configuration enables to access if
the password provided
On Thu, 2010-07-08 at 02:44 +0200, José Puente wrote:
Hello,
Please, i need help with security mode = share.
i want to configure security = share and the parameter username = user
in a shared folder to avoid that everybody could access to it. f I have
understood correctly the manual, this
Hello,
Please, i need help with security mode = share.
i want to configure security = share and the parameter username = user in
a shared folder to avoid that everybody could access to it. f I have
understood correctly the manual, this configuration enables to access if the
password provided
Le 29/03/2010 21:54, Jeremy Allison a écrit :
On Mon, Mar 29, 2010 at 09:45:06PM +0200, Cassian Braconnier wrote:
Hi,
in Using Samba by G. Carter, J Ts and R. Eckstein, 3rd edition, on
chapter 5, page 113, I ses that the security = share option is
deprecated. It is said that there is a
Le 30/03/2010 12:09, Cassian Braconnnier a écrit :
Le 29/03/2010 21:54, Jeremy Allison a écrit :
On Mon, Mar 29, 2010 at 09:45:06PM +0200, Cassian Braconnier wrote:
Hi,
in Using Samba by G. Carter, J Ts and R. Eckstein, 3rd edition, on
chapter 5, page 113, I ses that the security = share
Hi,
in Using Samba by G. Carter, J Ts and R. Eckstein, 3rd edition, on
chapter 5, page 113, I ses that the security = share option is
deprecated. It is said that there is a high chance that ... will be
removed from Samba at some future time.
I find that security = share is extremely useful
On Mon, Mar 29, 2010 at 09:45:06PM +0200, Cassian Braconnier wrote:
Hi,
in Using Samba by G. Carter, J Ts and R. Eckstein, 3rd edition, on
chapter 5, page 113, I ses that the security = share option is
deprecated. It is said that there is a high chance that ... will be
removed from
Hi Alex,
On Tue, Mar 23, 2010 at 05:57:48PM -0600, Alex wrote:
On the Samba3 Release Planning wiki page, Samba 3.2 is designated as
discontinued. There is a statement: As this strategy is quite new, we are
currently still providing security releases for 3.2
Anyone know how long 3.2 will
Hello,
On the Samba3 Release Planning wiki page, Samba 3.2 is designated as
discontinued. There is a statement: As this strategy is quite new, we are
currently still providing security releases for 3.2
Anyone know how long 3.2 will continue to receive security releases?
Thank you.Alex
On Wed, Mar 10, 2010 at 07:07:27AM +0100, Christian PERRIER wrote:
Quoting Jeremy Allison (j...@samba.org):
Security problem with Samba on Linux
In Samba releases 3.5.0, 3.4.6 and 3.3.11 new code
was added to fix a problem with Linux asynchronous IO
Quoting Jeremy Allison (j...@samba.org):
Security problem with Samba on Linux
In Samba releases 3.5.0, 3.4.6 and 3.3.11 new code
was added to fix a problem with Linux asynchronous IO handling.
Situation for Debian:
- Debian stable isn't affected by this
Security problem with Samba on Linux
In Samba releases 3.5.0, 3.4.6 and 3.3.11 new code
was added to fix a problem with Linux asynchronous IO handling.
This code introduced a severe security flaw which was undetected until
now.
We are releasing new binaries
Hi
I'm setting up a Samba PDC, with auth over Zimbra's LDAP, with this howto:
http://wiki.zimbra.com/index.php?title=UNIX_and_Windows_Accounts_in_Zimbra_LDAP_and_Zimbra_Admin_UI_6.0
System is a fully updated Debian 5. All packages from distro. Samba is
3.2.5-4lenny6.
Now everything is
On Thu, Sep 10, 2009 at 09:57:39AM +0200, Lorenzo Milesi wrote:
Hi
I'm setting up a Samba PDC, with auth over Zimbra's LDAP, with this howto:
http://wiki.zimbra.com/index.php?title=UNIX_and_Windows_Accounts_in_Zimbra_LDAP_and_Zimbra_Admin_UI_6.0
System is a fully updated Debian 5. All
I don't think that saying RTFM is the best approach... but anyway...
I already readed the manual and found the information given there
somewhat confusing at least for people who hasn't been working with
samba for a long time. I edited my smb.conf file and added the
following lines :
Quoting Agustin Eguia agustin.eg...@gmail.com:
I already readed the manual and found the information given there
somewhat confusing at least for people who hasn't been working with
samba for a long time. I edited my smb.conf file and added the
following lines :
[records]
vfs objects =
Hello everyone,
I'm actually sharing using samba three folders with some important
content inside of it. I would like to know if it's possible to log
every file read, write, delete, etc. I've been looking on the web and
found that SELinux maybe is the answer, I've already installed
On Wed, Jul 15, 2009 at 11:51:52AM +0200, Agustin Eguia wrote:
I'm actually sharing using samba three folders with some important
content inside of it. I would like to know if it's possible to log every
file read, write, delete, etc. I've been looking on the web and found
that SELinux
Hello Volker,
Can you be more explicit about this module ? I searched the net but
found only confusing things about it. Can it log every file, folder
read/write access on the share ? This is mostly for security purposes.
I found that this is a samba module, but how do I use it, set it up,
On Wed, Jul 15, 2009 at 02:23:49PM +0200, Agustin Eguia wrote:
Can you be more explicit about this module ? I searched the net but
found only confusing things about it. Can it log every file, folder
read/write access on the share ? This is mostly for security purposes. I
found that this
Already did that,
What I don't get is where do I enable the module, is it in smb.conf ?
I suppose it will run with the smbd daemon, and that I can define wich
share will be logged... but I really don't know where to configure this.
Thanks,
A.
Le 15-juil.-09 à 14:33, Volker Lendecke a
On Wed, Jul 15, 2009 at 8:38 AM, Agustin Eguia agustin.eg...@gmail.comwrote:
Already did that,
What I don't get is where do I enable the module, is it in smb.conf ? I
suppose it will run with the smbd daemon, and that I can define wich share
will be logged... but I really don't know where to
Hi,
I have several servers in separate networks currently running samba
2.2.5. Each server can have aliases and I'm using the %L macro in share
path, so that each appear as a separate 'virtual' server - depending on
how the client calls it. There is at least one SMB users defined in
'smbpasswd'
Hello @List,
We have a pretty complex problem;
In our company AD is the one and only directory service, all other clients
need to follow the given settings and guidelines. We are connected via security
ADS , but every patch session on the PDC `s is a nightmare , does it still work
or not.
It really didn't strike me at the time, but just tonight as I was in the
process of setting up a new server as a new domain controller on a new
domain, what are we supposed to use for a Samba primary domain controller
if not security=server?
Just use the default setting, which is
It really didn't strike me at the time, but just tonight as I was in the
process of setting up a new server as a new domain controller on a new
domain, what are we supposed to use for a Samba primary domain
controller
if not security=server?
Just use the default setting, which is
Whoops, redo on this one, un-configured webmail client get my email
address wrong. Sorry for the dupe.
I was reading posts on the samba list recently and noticed a comment from
Volker Lendecke. And as one of the top Samba developers, I'm sure Volker
knows.
For both security=domain and
Jeremy Allison ha scritto:
On Wed, Aug 27, 2008 at 11:15:20PM +0200, Abramo Bagnara wrote:
Jeremy Allison ha scritto:
On Sat, Aug 16, 2008 at 09:42:51AM +0200, Abramo Bagnara wrote:
This is exactly what I'd expect...
Hmmm, not what I'd expect :-). I'll have to check into the POSIX
mapping
Jeremy Allison ha scritto:
On Sat, Aug 16, 2008 at 09:42:51AM +0200, Abramo Bagnara wrote:
This is exactly what I'd expect...
Hmmm, not what I'd expect :-). I'll have to check into the POSIX
mapping further, been a while since I wrote it. Are you checking
on a system with POSIX ACLs enabled
On Wed, Aug 27, 2008 at 11:15:20PM +0200, Abramo Bagnara wrote:
Jeremy Allison ha scritto:
On Sat, Aug 16, 2008 at 09:42:51AM +0200, Abramo Bagnara wrote:
This is exactly what I'd expect...
Hmmm, not what I'd expect :-). I'll have to check into the POSIX
mapping further, been a while
Jeremy Allison ha scritto:
NT ACL: Allow SID FILE_READ_ATTRIBUTES
Current samba perms for owner, group or others: r--
Current samba posix acl: user:abramo:r--
Current new NT ACL: Allow SID FILE_READ_DATA FILE_READ_ATTRIBUTES
FILE_READ_EA FILE_GENERIC_READ
Proposed samba perms for owner,
On Sat, Aug 16, 2008 at 09:42:51AM +0200, Abramo Bagnara wrote:
This is exactly what I'd expect...
Hmmm, not what I'd expect :-). I'll have to check into the POSIX
mapping further, been a while since I wrote it. Are you checking
on a system with POSIX ACLs enabled or just straight POSIX
Jeremy Allison ha scritto:
On Sat, Aug 16, 2008 at 09:42:51AM +0200, Abramo Bagnara wrote:
This is exactly what I'd expect...
Hmmm, not what I'd expect :-). I'll have to check into the POSIX
mapping further, been a while since I wrote it. Are you checking
on a system with POSIX ACLs enabled
Jeremy Allison ha scritto:
On Fri, Aug 15, 2008 at 12:41:39AM +0200, Abramo Bagnara wrote:
This is a perfect approach (at least from the samba client point of
view), but does not solve the problem that a file written by a samba
client with FILE_READ_DATA unset and FILE_READ_ATTRIBUTES set is
On Fri, Aug 15, 2008 at 11:52:17AM +0200, Abramo Bagnara wrote:
Sorry to show me dense, but I don't see the problem: the request to
allow FILE_READ_ATTRIBUTES only would generate a 000 perms just as if
map_nt_perms was called with only permissions not handled there.
I'd say that to ask to
Jeremy Allison ha scritto:
On Fri, Aug 15, 2008 at 11:52:17AM +0200, Abramo Bagnara wrote:
Sorry to show me dense, but I don't see the problem: the request to
allow FILE_READ_ATTRIBUTES only would generate a 000 perms just as if
map_nt_perms was called with only permissions not handled there.
On Fri, Aug 15, 2008 at 08:07:58PM +0200, Abramo Bagnara wrote:
Jeremy Allison ha scritto:
On Fri, Aug 15, 2008 at 11:52:17AM +0200, Abramo Bagnara wrote:
Sorry to show me dense, but I don't see the problem: the request to
allow FILE_READ_ATTRIBUTES only would generate a 000 perms just as
In map_nt_perms any of FILE_READ_DATA, FILE_READ_EA or
FILE_READ_ATTRIBUTES is mapped unconditionally to Unix read permission
and similarly for write permission
This means that if I put a file on a samba share where I explicitly left
*only* FILE_READ_ATTRIBUTES and FILE_READ_EA the file content
On Thu, Aug 14, 2008 at 11:41:14PM +0200, Abramo Bagnara wrote:
In map_nt_perms any of FILE_READ_DATA, FILE_READ_EA or
FILE_READ_ATTRIBUTES is mapped unconditionally to Unix read permission
and similarly for write permission
This means that if I put a file on a samba share where I
Jeremy Allison ha scritto:
On Thu, Aug 14, 2008 at 11:41:14PM +0200, Abramo Bagnara wrote:
In map_nt_perms any of FILE_READ_DATA, FILE_READ_EA or
FILE_READ_ATTRIBUTES is mapped unconditionally to Unix read permission
and similarly for write permission
This means that if I put a file on a
On Fri, Aug 15, 2008 at 12:41:39AM +0200, Abramo Bagnara wrote:
This is a perfect approach (at least from the samba client point of
view), but does not solve the problem that a file written by a samba
client with FILE_READ_DATA unset and FILE_READ_ATTRIBUTES set is
readable on server machine
Hi all,
So, in a long running battle with samba service provisioning, I've run
up against an authentication problem. It was outlined in an email to
the list a few days ago. After coming to the conclusion that it is not
a kerberos issue (the kerberos MIT list helped me work through this),
Hello,
I am trying to get samba working on vista. My smb.conf file is at the
end of this mail. At the moment I am able to connect to my linux share
but I am prompted for a username and password first. This is as if the
server authentication is failing and it is defaulting to user
authentication.
Miguel Da Silva - Centro de Matemática wrote:
Dear users, some days ago a user of the local network told me that she
was not able to change ACL's through Windows. I've done some tests and
indeed, when I right click a file/folder that is on the Samba server,
the Security tab is no longer
Dear users, some days ago a user of the local network told me that she
was not able to change ACL's through Windows. I've done some tests and
indeed, when I right click a file/folder that is on the Samba server,
the Security tab is no longer available. It does appear when I
right-click any
Hi all,
I have setup a Samba server (3.0.24-6etch9) which I wish to integrate in
an Active Directory domain using security = ads. I have followed the
section in chapter 6 of the Samba documentation as well as the O'Reilly
Samba book by Jerry et al. (3rd ed in french).
Everything seems to be
Hi
I am working on Solaris 10 with Samba installed as part of base.
I have a client who wants to to give read/write access to a unix directory
via Windows Explorer. The client wants only the members of a specific
unix group to have access to the directory, no-one else must be able to
Adam Williams wrote:
security = domain is for domain member servers, which are servers that
are part of the domain but don't authenticate users, handle roaming
profiles, etc. basically you'd use them for print servers, or more
file shares.
why don't you just have a PDC and use BDCs? sure
Consider the following scenario:
- a single OpenLDAP server, with a single instance of the object class
sambaDomain and a single SID:
dn: sambaDomainName=myserver,ou=samba,dc=example,dc=com
objectClass: sambaDomain
sambaDomainName: MYGROUP
sambaSID: S-1-2-3
- multiple Samba servers, each
1 - 100 of 363 matches
Mail list logo