[Samba] samba with acl support as member auf a samba controlled domain?

Hansjoerg Maurer Hansjoerg.Maurer at dlr.de
Tue Jun 8 11:49:13 GMT 2004 

Hi

we got it working.

There were two poblems.
-we had to update the samba PDC to 3.0.4 (formerly 3.0.1), because an error.
-we had to use winbindwithout a uid and gid range
some tests for winbind

[root at chardonnay root]# wbinfo -t
checking the trust secret via RPC calls succeeded

This message I get after installing 3.0,4 on the pdc.
Without samba 3.01 on ther PDC there was an error

root at chardonnay root]# wbinfo -g
...
Management
itsdgroup

root at chardonnay root]# wbinfo -u
[root at chardonnay root]# wbinfo -u
Administrator
itsd
krocka
maurer
trinkl



Find attched my smb.conf for the client

Greetings


Hansjörg



[global]
log file = /var/log/samba/log.%m
#log level = 3 passdb:5 auth:10 winbind:5
log level =0
security = domain

workgroup = ITSYSTEMS
encrypt passwords = yes
netbios name = chardonnay
server string = Install-Server
password server =  192.168.0.1
machine password timeout = 604800000

winbind trusted domains only = yes
winbind use default domain = yes
winbind nested groups = yes
idmap uid = 10000-10000
idmap gid = 10000-10000



guest account = gast
os level=25
wins support = no
wins server = 192.168.0.1
dns proxy = no
username map = /etc/samba/smbusers
#preferred master = no
#domain master = no
#local master = no
name resolve order = wins hosts


socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
hosts allow = 192.168.0.
bind interfaces only  = Yes
interfaces = 127.0.0.1, bond0
deadtime=180
keepalive = 3600


unix charset = iso8859-15
display charset = iso8859-15
 

[install]
   comment = Install Verzeichnis
   path = /install
   read only = no
#   security mask = 0770
#   force group = itsdgroup
#   force user = itsd
#   force create mode = 0664
#   create mask = 0664
#   directory mask = 0777


[backup]
   comment = Backup von Kunden
   path = /backup
   read only = no
   force group = itsdgroup
   force user = itsd
   force create mode = 0664
   create mask = 0664
   directory mask = 0777




Guillaume Anfroy wrote:

>Guten tag,
>
>I am trying to make the acl working on a domain with a single samba
>server(as a PDC). I've checked the docs, the newsgroup and I haven't found
>any information about anyone who did in any other way that with a
>Windows(tm) PDC.
>
>I will try to get a confirmation on that information and I will keep you
>informed.
>
>Unless you already get the confirmation that it is impossible to make samba
>works with acl withtout a Windows PDS or AD server ?
>
>Regards,
>
>Guillaume
>----- Original Message ----- 
>From: "Dr. Hansjörg Maurer" <hansjoerg.maurer at itsd.de>
>Newsgroups: linux.samba
>Sent: Friday, June 04, 2004 10:30 PM
>Subject: [Samba] samba with acl support as member auf a samba controlled
>domain?
>
>
>  
>
>>Hi
>>
>>I am running a Samba PDC and a Samba member server in his domain.
>>The member server acts as a file server with unix acl's working.
>>
>>Is it possible to get these acl's working under samba to?
>>
>>The docs seem to say, that acl's are only possible if samba is a
>>memberserver in an NT-Domain using winbind.
>>
>>In my case the PDC acts as a LDAP Server and the Member server is gets
>>the unix account information from Ldap.
>>
>>I am running samba 3.0.4 and had no sucesse with this setup.
>>The windows client shows acls not as for the domain\user but for the
>>memberserver\user
>>
>>Here is my smb.conf
>>
>>[global]
>>log file = /var/log/samba/log.%m
>>log level =2
>>security = domain
>>
>>workgroup = ITSYSTEMS
>>encrypt passwords = yes
>>netbios name = chardonnay
>>server string = Install-Server
>>password server =  192.168.0.1
>>machine password timeout = 604800000
>>
>>guest account = gast
>>os level=25
>>wins support = no
>>wins server = 192.168.0.1
>>dns proxy = no
>>username map = /etc/smbusers
>>preferred master = no
>>domain master = no
>>local master = no
>>name resolve order = wins hosts
>>
>>
>>socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>>hosts allow = 192.168.0.
>>bind interfaces only  = Yes
>>deadtime=180
>>keepalive = 3600
>>
>>
>>unix charset = iso8859-15
>>display charset = iso8859-15
>>
>>
>>[install]
>>   comment = Install Verzeichnis
>>   path = /install
>>   read only = no
>>   public = yes
>>
>>
>>Thank you very much
>>
>>
>>Hansjörg Maurer
>>
>>-- 
>>Dr. Hansjörg Maurer
>>itsystems Deutschland AG
>>Linprunstr. 10
>>D-80335 München
>>Ph/Fax +49 89 52 04 68-41/-59
>>
>>
>>
>>-- 
>>To unsubscribe from this list go to the following URL and read the
>>instructions:  http://lists.samba.org/mailman/listinfo/samba
>>    
>>
>
>
>  
>

-- 
_________________________________________________________________

Dr.  Hansjoerg Maurer           | LAN- & System-Manager
                                |
Deutsches Zentrum               | DLR Oberpfaffenhofen
  f. Luft- und Raumfahrt e.V.   |
Institut f. Robotik             |
Postfach 1116                   | Muenchner Strasse 20
82230 Wessling                  | 82234 Wessling
Germany                         |
                                |
Tel: 08153/28-2431              | E-mail: Hansjoerg.Maurer at dlr.de
Fax: 08153/28-1134              | WWW: http://www.robotic.dlr.de/
__________________________________________________________________


There are 10 types of people in this world, 
those who understand binary and those who don't.

More information about the samba mailing list