[Samba] Cannot add ACL through windows client
Zoddo
zoddo.ino at gmail.com
Tue Oct 28 03:20:28 MDT 2014
up
Le 25 oct. 2014 20:15, "Zoddo" <zoddo.ino at gmail.com> a écrit :
> up
>
> 2014-10-24 15:46 GMT+02:00 Zoddo <zoddo.ino at gmail.com>:
>
>> up
>>
>> 2014-10-23 17:31 GMT+02:00 Zoddo <zoddo.ino at gmail.com>:
>>
>>> I just did a test, even creating the account in a local machine (with
>>> the same password), I don't able to add a permission on the file for this
>>> user.
>>>
>>> There is another problem.
>>>
>>> 2014-10-23 17:21 GMT+02:00 Zoddo <zoddo.ino at gmail.com>:
>>>
>>>> But a Windows machine is able to get account name on existing
>>>> permissions. There must be an solution. It's impossible for me to create
>>>> accounts on the clients machines.
>>>>
>>>> 2014-10-22 16:12 GMT+02:00 Rowland Penny <rowlandpenny at googlemail.com>:
>>>>
>>>>> On 22/10/14 15:01, Zoddo wrote:
>>>>>
>>>>>> I don't want to add an ACL on an unknown user from samba but add an
>>>>>> ACL on a user that exist in the samba database but unknown by the client
>>>>>> machine.
>>>>>>
>>>>> OK, I should also have said that if you try to user a samba user that
>>>>> is unknown to windows, this will also fail because the user MUST be known
>>>>> everywhere.
>>>>>
>>>>>
>>>>>> The clients machines weren't in a domain.
>>>>>>
>>>>> Yes I know, I said that you were using a workgroup, they are terrible
>>>>> things, when you want to add a user, you have to log into every machine in
>>>>> the workgroup that they are to be created or will connect to and add the
>>>>> user.
>>>>>
>>>>> Rowland
>>>>>
>>>>>>
>>>>>> 2014-10-22 15:54 GMT+02:00 Rowland Penny <rowlandpenny at googlemail.com
>>>>>> <mailto:rowlandpenny at googlemail.com>>:
>>>>>>
>>>>>> On 22/10/14 14:34, Zoddo wrote:
>>>>>>
>>>>>> Yes, the user exist in //etc/passwd/ and in the samba database
>>>>>> with the same password.
>>>>>> The user doesn't exist on the windows machine. I just want add
>>>>>> a permission on directories/files for an another user that
>>>>>> exist in the unix/samba database.
>>>>>>
>>>>>>
>>>>>> You are running a workgroup and if you attempt to connect to a
>>>>>> samba share, you will probably be asked who to connect as, at this
>>>>>> point, you can use a username & password of a user that samba
>>>>>> knows and you should be connected as the samba user. If you now
>>>>>> try to change the ACL's of a file on the share from windows and
>>>>>> try to use a windows user that is unknown to samba, this will fail
>>>>>> because, to samba, it is an unknown user.
>>>>>>
>>>>>> Rowland
>>>>>>
>>>>>> 2014-10-22 15:15 GMT+02:00 Rowland Penny
>>>>>> <rowlandpenny at googlemail.com
>>>>>> <mailto:rowlandpenny at googlemail.com>
>>>>>> <mailto:rowlandpenny at googlemail.com
>>>>>> <mailto:rowlandpenny at googlemail.com>>>:
>>>>>>
>>>>>> On 22/10/14 13:47, Zoddo wrote:
>>>>>>
>>>>>> up !
>>>>>>
>>>>>> 2014-10-20 23:19 GMT+02:00 Zoddo <zoddo.ino at gmail.com
>>>>>> <mailto:zoddo.ino at gmail.com>
>>>>>> <mailto:zoddo.ino at gmail.com
>>>>>> <mailto:zoddo.ino at gmail.com>> <mailto:zoddo.ino at gmail.com
>>>>>> <mailto:zoddo.ino at gmail.com>
>>>>>> <mailto:zoddo.ino at gmail.com
>>>>>> <mailto:zoddo.ino at gmail.com>>>>:
>>>>>>
>>>>>> Yes, it's this !
>>>>>>
>>>>>> 2014-10-20 23:17 GMT+02:00 Rowland Penny
>>>>>> <rowlandpenny at googlemail.com
>>>>>> <mailto:rowlandpenny at googlemail.com>
>>>>>> <mailto:rowlandpenny at googlemail.com
>>>>>> <mailto:rowlandpenny at googlemail.com>>
>>>>>> <mailto:rowlandpenny at googlemail.com
>>>>>> <mailto:rowlandpenny at googlemail.com>
>>>>>> <mailto:rowlandpenny at googlemail.com
>>>>>> <mailto:rowlandpenny at googlemail.com>>>>:
>>>>>>
>>>>>> On 20/10/14 22:11, Zoddo wrote:
>>>>>>
>>>>>> Yes, the users is UNIX accounts
>>>>>> "imported" in
>>>>>> samba via
>>>>>> /smbpasswd/.
>>>>>>
>>>>>> Windows machines are in the same
>>>>>> workgroup.
>>>>>>
>>>>>> 2014-10-20 22:56 GMT+02:00 Rowland Penny
>>>>>> <rowlandpenny at googlemail.com
>>>>>> <mailto:rowlandpenny at googlemail.com>
>>>>>> <mailto:rowlandpenny at googlemail.com
>>>>>> <mailto:rowlandpenny at googlemail.com>>
>>>>>> <mailto:rowlandpenny at googlemail.com
>>>>>> <mailto:rowlandpenny at googlemail.com>
>>>>>> <mailto:rowlandpenny at googlemail.com
>>>>>> <mailto:rowlandpenny at googlemail.com>>>
>>>>>> <mailto:rowlandpenny at googlemail.com
>>>>>> <mailto:rowlandpenny at googlemail.com>
>>>>>> <mailto:rowlandpenny at googlemail.com
>>>>>> <mailto:rowlandpenny at googlemail.com>>
>>>>>> <mailto:rowlandpenny at googlemail.com
>>>>>> <mailto:rowlandpenny at googlemail.com>
>>>>>> <mailto:rowlandpenny at googlemail.com
>>>>>> <mailto:rowlandpenny at googlemail.com>>>>>:
>>>>>>
>>>>>>
>>>>>> On 20/10/14 21:43, Zoddo wrote:
>>>>>>
>>>>>> Samba has been installed via
>>>>>> Debian
>>>>>> repositories
>>>>>> (apt-get).
>>>>>>
>>>>>> Here is my /smb.conf/ :
>>>>>>
>>>>>>
>>>>>> #
>>>>>> # Sample configuration file
>>>>>> for the Samba
>>>>>> suite for Debian
>>>>>> GNU/Linux.
>>>>>> #
>>>>>> #
>>>>>> # This is the main Samba
>>>>>> configuration
>>>>>> file.
>>>>>> You should
>>>>>> read the
>>>>>> # smb.conf(5) manual page in
>>>>>> order to
>>>>>> understand the
>>>>>> options listed
>>>>>> # here. Samba has a huge
>>>>>> number of
>>>>>> configurable options
>>>>>> most of which
>>>>>> # are not shown in this
>>>>>> example
>>>>>> #
>>>>>> # Some options that are often
>>>>>> worth tuning
>>>>>> have been
>>>>>> included as
>>>>>> # commented-out examples in
>>>>>> this file.
>>>>>> # - When such options are
>>>>>> commented
>>>>>> with ";", the
>>>>>> proposed setting
>>>>>> # differs from the default
>>>>>> Samba
>>>>>> behaviour
>>>>>> # - When commented with "#",
>>>>>> the proposed
>>>>>> setting is the
>>>>>> default
>>>>>> # behaviour of Samba but
>>>>>> the option is
>>>>>> considered important
>>>>>> # enough to be mentioned
>>>>>> here
>>>>>> #
>>>>>> # NOTE: Whenever you modify
>>>>>> this file you
>>>>>> should run the
>>>>>> command
>>>>>> # "testparm" to check that you
>>>>>> have
>>>>>> not made
>>>>>> any basic
>>>>>> syntactic
>>>>>> # errors.
>>>>>> # A well-established practice
>>>>>> is to
>>>>>> name the
>>>>>> original file
>>>>>> # "smb.conf.master" and create
>>>>>> the "real"
>>>>>> config file with
>>>>>> # testparm -s smb.conf.master
>>>>>> >smb.conf
>>>>>> # This minimizes the size of
>>>>>> the
>>>>>> really used
>>>>>> smb.conf file
>>>>>> # which, according to the
>>>>>> Samba Team,
>>>>>> impacts
>>>>>> performance
>>>>>> # However, use this with
>>>>>> caution if your
>>>>>> smb.conf file
>>>>>> contains nested
>>>>>> # "include" statements. See
>>>>>> Debian bug
>>>>>> #483187
>>>>>> for a case
>>>>>> # where using a master file is
>>>>>> not a
>>>>>> good idea.
>>>>>> #
>>>>>> #=======================
>>>>>> Global Settings
>>>>>> =======================
>>>>>> [global]
>>>>>> username map =
>>>>>> /etc/samba/samba_usermapping
>>>>>> ## Browsing/Identification ###
>>>>>> # Change this to the
>>>>>> workgroup/NT-domain name
>>>>>> your Samba
>>>>>> server
>>>>>> will part of
>>>>>> workgroup = WORKGROUP
>>>>>> # server string is the
>>>>>> equivalent of
>>>>>> the NT
>>>>>> Description field
>>>>>> server string = %h server
>>>>>> # Windows Internet Name
>>>>>> Serving
>>>>>> Support Section:
>>>>>> # WINS Support - Tells the
>>>>>> NMBD
>>>>>> component of
>>>>>> Samba to
>>>>>> enable its
>>>>>> WINS Server
>>>>>> # wins support = no
>>>>>> # WINS Server - Tells the NMBD
>>>>>> components of
>>>>>> Samba to be a
>>>>>> WINS Client
>>>>>> # Note: Samba can be either a
>>>>>> WINS
>>>>>> Server, or
>>>>>> a WINS
>>>>>> Client, but
>>>>>> NOT both
>>>>>> ; wins server = w.x.y.z
>>>>>> # This will prevent nmbd to
>>>>>> search for
>>>>>> NetBIOS
>>>>>> names
>>>>>> through DNS.
>>>>>> dns proxy = no
>>>>>> # What naming service and in
>>>>>> what
>>>>>> order should
>>>>>> we use to
>>>>>> resolve
>>>>>> host names
>>>>>> # to IP addresses
>>>>>> ; name resolve order =
>>>>>> lmhosts host
>>>>>> wins bcast
>>>>>> #### Networking ####
>>>>>> # The specific set of
>>>>>> interfaces /
>>>>>> networks to
>>>>>> bind to
>>>>>> # This can be either the
>>>>>> interface
>>>>>> name or an IP
>>>>>> address/netmask;
>>>>>> # interface names are normally
>>>>>> preferred
>>>>>> ; interfaces = 127.0.0.0/8
>>>>>> <http://127.0.0.0/8>
>>>>>> <http://127.0.0.0/8>
>>>>>> <http://127.0.0.0/8> <http://127.0.0.0/8>
>>>>>> <http://127.0.0.0/8> eth0
>>>>>>
>>>>>> # Only bind to the named
>>>>>> interfaces and/or
>>>>>> networks; you
>>>>>> must use the
>>>>>> # 'interfaces' option above to
>>>>>> use this.
>>>>>> # It is recommended that you
>>>>>> enable this
>>>>>> feature if your Samba
>>>>>> machine is
>>>>>> # not protected by a firewall
>>>>>> or is a
>>>>>> firewall
>>>>>> itself. However, this
>>>>>> # option cannot handle
>>>>>> dynamic or
>>>>>> non-broadcast interfaces
>>>>>> correctly.
>>>>>> ; bind interfaces only = yes
>>>>>>
>>>>>>
>>>>>> #### Debugging/Accounting ####
>>>>>> # This tells Samba to use a
>>>>>> separate
>>>>>> log file
>>>>>> for each machine
>>>>>> # that connects
>>>>>> log file =
>>>>>> /var/log/samba/log.%m
>>>>>> # Cap the size of the
>>>>>> individual log
>>>>>> files (in
>>>>>> KiB).
>>>>>> max log size = 1000
>>>>>> # If you want Samba to only
>>>>>> log
>>>>>> through syslog
>>>>>> then set
>>>>>> the following
>>>>>> # parameter to 'yes'.
>>>>>> # syslog only = no
>>>>>> # We want Samba to log a
>>>>>> minimum amount of
>>>>>> information to
>>>>>> syslog.
>>>>>> Everything
>>>>>> # should go to
>>>>>> /var/log/samba/log.{smbd,nmbd}
>>>>>> instead. If
>>>>>> you want
>>>>>> to log
>>>>>> # through syslog you should
>>>>>> set the
>>>>>> following
>>>>>> parameter to
>>>>>> something higher.
>>>>>> syslog = 0
>>>>>> # Do something sensible when
>>>>>> Samba
>>>>>> crashes:
>>>>>> mail the admin
>>>>>> a backtrace
>>>>>> panic action =
>>>>>> /usr/share/samba/panic-action %d
>>>>>>
>>>>>> ####### Authentication #######
>>>>>> # "security = user" is always
>>>>>> a good idea.
>>>>>> This will require a
>>>>>> Unix account
>>>>>> # in this server for every
>>>>>> user
>>>>>> accessing the
>>>>>> server. See
>>>>>> #
>>>>>> /usr/share/doc/samba-doc/
>>>>>> htmldocs/Samba3-HOWTO/ServerType.html
>>>>>> # in the samba-doc package for
>>>>>> details.
>>>>>> # security = user
>>>>>> # You may wish to use password
>>>>>> encryption. See the section on
>>>>>> # 'encrypt passwords' in the
>>>>>> smb.conf(5)
>>>>>> manpage before
>>>>>> enabling.
>>>>>> encrypt passwords = true
>>>>>> # If you are using encrypted
>>>>>> passwords, Samba
>>>>>> will need to
>>>>>> know what
>>>>>> # password database type you
>>>>>> are using.
>>>>>> passdb backend = tdbsam
>>>>>> obey pam restrictions = yes
>>>>>> # This boolean parameter
>>>>>> controls whether
>>>>>> Samba attempts
>>>>>> to sync
>>>>>> the Unix
>>>>>> # password with the SMB
>>>>>> password when the
>>>>>> encrypted SMB
>>>>>> password
>>>>>> in the
>>>>>> # passdb is changed.
>>>>>> unix password sync = yes
>>>>>> # For Unix password sync to
>>>>>> work on a
>>>>>> Debian
>>>>>> GNU/Linux
>>>>>> system, the
>>>>>> following
>>>>>> # parameters must be set
>>>>>> (thanks to
>>>>>> Ian Kahan
>>>>>> <<kahan at informatik.tu-
>>>>>> muenchen.de
>>>>>> <mailto:kahan at informatik.tu-muenchen.de>
>>>>>> <mailto:kahan at informatik.tu-muenchen.de
>>>>>> <mailto:kahan at informatik.tu-muenchen.de>>
>>>>>> <mailto:kahan at informatik.tu-muenchen.de
>>>>>> <mailto:kahan at informatik.tu-muenchen.de>
>>>>>> <mailto:kahan at informatik.tu-muenchen.de
>>>>>> <mailto:kahan at informatik.tu-muenchen.de>>>
>>>>>> <mailto:
>>>>>> kahan at informatik.tu-muenchen.de
>>>>>> <mailto:kahan at informatik.tu-muenchen.de>
>>>>>> <mailto:kahan at informatik.tu-muenchen.de
>>>>>> <mailto:kahan at informatik.tu-muenchen.de>>
>>>>>> <mailto:kahan at informatik.tu-muenchen.de
>>>>>> <mailto:kahan at informatik.tu-muenchen.de>
>>>>>> <mailto:kahan at informatik.tu-muenchen.de
>>>>>> <mailto:kahan at informatik.tu-muenchen.de>>>>
>>>>>> <mailto:
>>>>>> kahan at informatik.tu-muenchen.de
>>>>>> <mailto:kahan at informatik.tu-muenchen.de>
>>>>>> <mailto:kahan at informatik.tu-muenchen.de
>>>>>> <mailto:kahan at informatik.tu-muenchen.de>>
>>>>>> <mailto:kahan at informatik.tu-muenchen.de
>>>>>> <mailto:kahan at informatik.tu-muenchen.de>
>>>>>> <mailto:kahan at informatik.tu-muenchen.de
>>>>>> <mailto:kahan at informatik.tu-muenchen.de>>>
>>>>>>
>>>>>> <mailto:
>>>>>> kahan at informatik.tu-muenchen.de
>>>>>> <mailto:kahan at informatik.tu-muenchen.de>
>>>>>> <mailto:kahan at informatik.tu-muenchen.de
>>>>>> <mailto:kahan at informatik.tu-muenchen.de>>
>>>>>> <mailto:kahan at informatik.tu-muenchen.de
>>>>>> <mailto:kahan at informatik.tu-muenchen.de>
>>>>>> <mailto:kahan at informatik.tu-muenchen.de
>>>>>> <mailto:kahan at informatik.tu-muenchen.de>>>>>> for
>>>>>>
>>>>>> # sending the correct chat
>>>>>> script for the
>>>>>> passwd program
>>>>>> in Debian
>>>>>> Sarge).
>>>>>> passwd program =
>>>>>> /usr/bin/passwd %u
>>>>>> passwd chat =
>>>>>> *Enter\snew\s*\spassword:* %n\n
>>>>>> *Retype\snew\s*\spassword:* %n\n
>>>>>> *password\supdated\ssuccessfully*
>>>>>> .
>>>>>> # This boolean controls
>>>>>> whether PAM
>>>>>> will be
>>>>>> used for
>>>>>> password changes
>>>>>> # when requested by an SMB
>>>>>> client
>>>>>> instead of
>>>>>> the program
>>>>>> listed in
>>>>>> # 'passwd program'. The
>>>>>> default is 'no'.
>>>>>> pam password change = yes
>>>>>> # This option controls how
>>>>>> unsuccessful
>>>>>> authentication
>>>>>> attempts
>>>>>> are mapped
>>>>>> # to anonymous connections
>>>>>> map to guest = bad user
>>>>>> ########## Domains ###########
>>>>>> # Is this machine able to
>>>>>> authenticate
>>>>>> users.
>>>>>> Both PDC and BDC
>>>>>> # must have this setting
>>>>>> enabled. If
>>>>>> you are
>>>>>> the BDC you must
>>>>>> # change the 'domain master'
>>>>>> setting to no
>>>>>> #
>>>>>> ; domain logons = yes
>>>>>> #
>>>>>> # The following setting only
>>>>>> takes
>>>>>> effect if
>>>>>> 'domain
>>>>>> logons' is set
>>>>>> # It specifies the location of
>>>>>> the user's
>>>>>> profile directory
>>>>>> # from the client point of
>>>>>> view)
>>>>>> # The following required a
>>>>>> [profiles]
>>>>>> share to
>>>>>> be setup on the
>>>>>> # samba server (see below)
>>>>>> ; logon path =
>>>>>> \\%N\profiles\%U
>>>>>> # Another common choice is
>>>>>> storing the
>>>>>> profile
>>>>>> in the
>>>>>> user's home
>>>>>> directory
>>>>>> # (this is Samba's default)
>>>>>> # logon path =
>>>>>> \\%N\%U\profile
>>>>>> # The following setting only
>>>>>> takes
>>>>>> effect if
>>>>>> 'domain
>>>>>> logons' is set
>>>>>> # It specifies the location
>>>>>> of a
>>>>>> user's home
>>>>>> directory
>>>>>> (from the
>>>>>> client
>>>>>> # point of view)
>>>>>> ; logon drive = H:
>>>>>> # logon home = \\%N\%U
>>>>>> # The following setting only
>>>>>> takes
>>>>>> effect if
>>>>>> 'domain
>>>>>> logons' is set
>>>>>> # It specifies the script to
>>>>>> run
>>>>>> during logon.
>>>>>> The script
>>>>>> must be
>>>>>> stored
>>>>>> # in the [netlogon] share
>>>>>> # NOTE: Must be store in 'DOS'
>>>>>> file format
>>>>>> convention
>>>>>> ; logon script = logon.cmd
>>>>>> # This allows Unix users to be
>>>>>> created
>>>>>> on the
>>>>>> domain
>>>>>> controller
>>>>>> via the SAMR
>>>>>> # RPC pipe. The example
>>>>>> command creates a
>>>>>> user account with a
>>>>>> disabled Unix
>>>>>> # password; please adapt to
>>>>>> your needs
>>>>>> ; add user script =
>>>>>> /usr/sbin/adduser
>>>>>> --quiet
>>>>>> --disabled-password
>>>>>> --gecos "" %u
>>>>>> # This allows machine accounts
>>>>>> to be
>>>>>> created
>>>>>> on the domain
>>>>>> controller via the
>>>>>> # SAMR RPC pipe.
>>>>>> # The following assumes a
>>>>>> "machines" group
>>>>>> exists on the
>>>>>> system
>>>>>> ; add machine script =
>>>>>> /usr/sbin/useradd -g
>>>>>> machines -c "%u
>>>>>> machine account" -d
>>>>>> /var/lib/samba -s
>>>>>> /bin/false %u
>>>>>> # This allows Unix groups to
>>>>>> be
>>>>>> created on the
>>>>>> domain
>>>>>> controller
>>>>>> via the SAMR
>>>>>> # RPC pipe.
>>>>>> ; add group script =
>>>>>> /usr/sbin/addgroup
>>>>>> --force-badname %g
>>>>>> ########## Printing ##########
>>>>>> # If you want to automatically
>>>>>> load your
>>>>>> printer list rather
>>>>>> # than setting them up
>>>>>> individually then
>>>>>> you'll need this
>>>>>> # load printers = yes
>>>>>> # lpr(ng) printing. You may
>>>>>> wish to
>>>>>> override
>>>>>> the location
>>>>>> of the
>>>>>> # printcap file
>>>>>> ; printing = bsd
>>>>>> ; printcap name =
>>>>>> /etc/printcap
>>>>>> # CUPS printing. See also the
>>>>>> cupsaddsmb(8)
>>>>>> manpage in the
>>>>>> # cupsys-client package.
>>>>>> ; printing = cups
>>>>>> ; printcap name = cups
>>>>>> ############ Misc ############
>>>>>> # Using the following line
>>>>>> enables you to
>>>>>> customise your
>>>>>> configuration
>>>>>> # on a per machine basis. The
>>>>>> %m gets
>>>>>> replaced
>>>>>> with the
>>>>>> netbios name
>>>>>> # of the machine that is
>>>>>> connecting
>>>>>> ; include =
>>>>>> /home/samba/etc/smb.conf.%m
>>>>>> # Most people will find that
>>>>>> this
>>>>>> option gives
>>>>>> better
>>>>>> performance.
>>>>>> # See smb.conf(5) and
>>>>>> /usr/share/doc/samba-doc/
>>>>>> htmldocs/Samba3-HOWTO/speed.html
>>>>>> # for details
>>>>>> # You may want to add the
>>>>>> following on
>>>>>> a Linux
>>>>>> system:
>>>>>> # SO_RCVBUF=8192
>>>>>> SO_SNDBUF=8192
>>>>>> # socket options =
>>>>>> TCP_NODELAY
>>>>>> # The following parameter is
>>>>>> useful
>>>>>> only if
>>>>>> you have the
>>>>>> linpopup
>>>>>> package
>>>>>> # installed. The samba
>>>>>> maintainer and
>>>>>> the linpopup
>>>>>> maintainer are
>>>>>> # working to ease
>>>>>> installation and
>>>>>> configuration of
>>>>>> linpopup and
>>>>>> samba.
>>>>>> ; message command = /bin/sh
>>>>>> -c
>>>>>> '/usr/bin/linpopup "%f"
>>>>>> "%m" %s;
>>>>>> rm %s' &
>>>>>> # Domain Master specifies
>>>>>> Samba to be the
>>>>>> Domain Master
>>>>>> Browser.
>>>>>> If this
>>>>>> # machine will be configured
>>>>>> as a BDC (a
>>>>>> secondary logon
>>>>>> server), you
>>>>>> # must set this to 'no';
>>>>>> otherwise, the
>>>>>> default behavior is
>>>>>> recommended.
>>>>>> # domain master = auto
>>>>>> # Some defaults for winbind
>>>>>> (make sure
>>>>>> you're
>>>>>> not using
>>>>>> the ranges
>>>>>> # for something else.)
>>>>>> ; idmap uid = 10000-20000
>>>>>> ; idmap gid = 10000-20000
>>>>>> ; template shell = /bin/bash
>>>>>> # The following was the
>>>>>> default
>>>>>> behaviour in
>>>>>> sarge,
>>>>>> # but samba upstream reverted
>>>>>> the default
>>>>>> because it might
>>>>>> induce
>>>>>> # performance issues in large
>>>>>> organizations.
>>>>>> # See Debian bug #368251 for
>>>>>> some of the
>>>>>> consequences of *not*
>>>>>> # having this setting and
>>>>>> smb.conf(5)
>>>>>> for details.
>>>>>> ; winbind enum groups = yes
>>>>>> ; winbind enum users = yes
>>>>>> # Setup usershare options to
>>>>>> enable
>>>>>> non-root
>>>>>> users to
>>>>>> share folders
>>>>>> # with the net usershare
>>>>>> command.
>>>>>> # Maximum number of usershare.
>>>>>> 0 (default)
>>>>>> means that
>>>>>> usershare is
>>>>>> disabled.
>>>>>> ; usershare max shares = 100
>>>>>> # Allow users who've been
>>>>>> granted
>>>>>> usershare
>>>>>> privileges to
>>>>>> create
>>>>>> # public shares, not just
>>>>>> authenticated ones
>>>>>> usershare allow guests =
>>>>>> yes
>>>>>> #======================= Share
>>>>>> Definitions
>>>>>> =======================
>>>>>> [homes]
>>>>>> comment = Home Directories
>>>>>> browseable = no
>>>>>> # By default, the home
>>>>>> directories are
>>>>>> exported read-only.
>>>>>> Change the
>>>>>> # next parameter to 'no' if
>>>>>> you want to be
>>>>>> able to write
>>>>>> to them.
>>>>>> read only = yes
>>>>>> # File creation mask is set to
>>>>>> 0700 for
>>>>>> security reasons.
>>>>>> If you
>>>>>> want to
>>>>>> # create files with group=rw
>>>>>> permissions, set next
>>>>>> parameter to 0775.
>>>>>> create mask = 0700
>>>>>> # Directory creation mask is
>>>>>> set to
>>>>>> 0700 for
>>>>>> security
>>>>>> reasons. If
>>>>>> you want to
>>>>>> # create dirs. with group=rw
>>>>>> permissions, set next
>>>>>> parameter to 0775.
>>>>>> directory mask = 0700
>>>>>> # By default,
>>>>>> \\server\username shares
>>>>>> can be
>>>>>> connected to
>>>>>> by anyone
>>>>>> # with access to the samba
>>>>>> server.
>>>>>> # The following parameter
>>>>>> makes sure
>>>>>> that only
>>>>>> "username"
>>>>>> can connect
>>>>>> # to \\server\username
>>>>>> # This might need tweaking
>>>>>> when using
>>>>>> external
>>>>>> authentication schemes
>>>>>> valid users = %S
>>>>>> # Un-comment the following and
>>>>>> create
>>>>>> the netlogon
>>>>>> directory for
>>>>>> Domain Logons
>>>>>> # (you need to configure Samba
>>>>>> to act
>>>>>> as a domain
>>>>>> controller too.)
>>>>>> ;[netlogon]
>>>>>> ; comment = Network Logon
>>>>>> Service
>>>>>> ; path =
>>>>>> /home/samba/netlogon
>>>>>> ; guest ok = yes
>>>>>> ; read only = yes
>>>>>> # Un-comment the following and
>>>>>> create
>>>>>> the profiles
>>>>>> directory to store
>>>>>> # users profiles (see the
>>>>>> "logon path"
>>>>>> option
>>>>>> above)
>>>>>> # (you need to configure Samba
>>>>>> to act
>>>>>> as a domain
>>>>>> controller too.)
>>>>>> # The path below should be
>>>>>> writable by all
>>>>>> users so that their
>>>>>> # profile directory may be
>>>>>> created the
>>>>>> first
>>>>>> time they log on
>>>>>> ;[profiles]
>>>>>> ; comment = Users profiles
>>>>>> ; path =
>>>>>> /home/samba/profiles
>>>>>> ; guest ok = no
>>>>>> ; browseable = no
>>>>>> ; create mask = 0600
>>>>>> ; directory mask = 0700
>>>>>> [printers]
>>>>>> comment = All Printers
>>>>>> browseable = no
>>>>>> path = /var/spool/samba
>>>>>> printable = yes
>>>>>> guest ok = no
>>>>>> read only = yes
>>>>>> create mask = 0700
>>>>>> # Windows clients look for
>>>>>> this share
>>>>>> name as
>>>>>> a source of
>>>>>> downloadable
>>>>>> # printer drivers
>>>>>> [print$]
>>>>>> comment = Printer Drivers
>>>>>> path =
>>>>>> /var/lib/samba/printers
>>>>>> browseable = yes
>>>>>> read only = yes
>>>>>> guest ok = no
>>>>>> # Uncomment to allow remote
>>>>>> administration of
>>>>>> Windows
>>>>>> print drivers.
>>>>>> # You may need to replace
>>>>>> 'lpadmin'
>>>>>> with the
>>>>>> name of the
>>>>>> group your
>>>>>> # admin users are members of.
>>>>>> # Please note that you also
>>>>>> need to set
>>>>>> appropriate Unix
>>>>>> permissions
>>>>>> # to the drivers directory for
>>>>>> these
>>>>>> users to
>>>>>> have write
>>>>>> rights in it
>>>>>> ; write list = root,
>>>>>> @lpadmin
>>>>>> # A sample share for sharing
>>>>>> your
>>>>>> CD-ROM with
>>>>>> others.
>>>>>> ;[cdrom]
>>>>>> ; comment = Samba server's
>>>>>> CD-ROM
>>>>>> ; read only = yes
>>>>>> ; locking = no
>>>>>> ; path = /cdrom
>>>>>> ; guest ok = yes
>>>>>> # The next two parameters show
>>>>>> how to
>>>>>> auto-mount a CD-ROM
>>>>>> when the
>>>>>> #cdrom share is accesed. For
>>>>>> this to work
>>>>>> /etc/fstab must
>>>>>> contain
>>>>>> #an entry like this:
>>>>>> #
>>>>>> # /dev/scd0 /cdrom
>>>>>> iso9660
>>>>>> defaults,noauto,ro,user 0 0
>>>>>> #
>>>>>> # The CD-ROM gets unmounted
>>>>>> automatically
>>>>>> after the
>>>>>> connection to the
>>>>>> #
>>>>>> # If you don't want to use
>>>>>> auto-mounting/unmounting make
>>>>>> sure the CD
>>>>>> #is mounted on /cdrom
>>>>>> #
>>>>>> ; preexec = /bin/mount
>>>>>> /cdrom
>>>>>> ; postexec = /bin/umount
>>>>>> /cdrom
>>>>>>
>>>>>> [data]
>>>>>> writeable = yes
>>>>>> path = /data
>>>>>>
>>>>>>
>>>>>>
>>>>>> 2014-10-20 22:26 GMT+02:00 Rowland
>>>>>
>>>>>
>>>>
>>>
>>
>
More information about the samba
mailing list