[Samba] Windows text file encoding vs Unix Samba server

tlaronde at kergis.com tlaronde at kergis.com
Thu Feb 1 15:50:38 UTC 2024 

On Thu, Feb 01, 2024 at 03:24:40PM +0000, Rowland Penny via samba wrote:
> > > 
> > > What Windows versions are you using ?
> > From Windows 7 (Pro) to Windows 11 (Pro). But same problem on every
> > Windows client
> > 
> > > How are you running Samba ?
> > with winbindd(8), nmbd(8) and smbd(8)
> > 
> > > Is there an AD domain involved ?
> > No.
> > 
> > > What 'program' or 'programs' are involved ?
> > Notepad; LibreOffice (when creating an xlsx or exporting to pdf);
> > sam (pdf 2 pdf converter).
> > 
> > > Could it be a 'locking' problem ?
> > 
> > The problem is that there is a problem, but that I'm trying to
> > identify what is wrong. So may be locking, but how can I know?
> > 
> > What is strange, is that the very same user can create a file; can
> > delete a file; but can't modify a file if it is not a binary file.
> > 
> > > What is in your smb.conf ?
> > 
> > Here it is (some network or user values edited):
> > 
> > ---8<---
> > # Version 4.18.9
> > #
> > #======================= Global Settings
> > ===================================== [global]
> > workgroup = AGROUP
> > server string = Samba %v (%h)
> > server role = standalone
> > security = user
> > 
> > idmap config * : backend = autorid
> > idmap config * : range = 100000-299999
> 
> You are running Samba as a standalone server, so the 'idmap config'
> lines will require winbind, which isn't normally run on a standalone
> server, mainly because you would need to join the server to a domain.
> I notice you say you are running winbind, why ?

Because I first run without (with a configuration that was working
with Samba 3.6.*) and it was not working. I had then no winbindd(8)
running.

Trying to test, on the Unix server, with smbclient(1), at least,
adding winbindd(8) I had supplementary informations.

I tested: winbindd is not a problem, since it doesn't work without it
either...

> 
> > passdb backend = smbpasswd
> 
> smbpasswd was replaced by tdbsam years ago, before 3.6 if I recall
> correctly.

Yes, I read that in the documentation. But it is still supported, and
I tested tdbsam also with no difference (smbpasswd is just, if I'm not
mistaken, a front-end; so should not change a lot of things). BTW, I
removed the databases and re-created user and password. Without any
change.

> 
> > 
> > hosts allow = 192.168.xxx.0/24 127.
> > 
> > local master = no
> > domain master = no
> > preferred master = no
> > 
> > min protocol = core
> > max protocol = SMB3
> > client min protocol = core
> > client max protocol = SMB3
> > ntlm auth = true
> > hide dot files = No
> > acl group control = no
> > 
> > # Does it make any difference? The current kernel has no ACL support
> > # while the filesystem can have---but not mounted with support.
> > #
> > acl map full control = yes
> 
> Well both the 'acl' parameters are the defaults and may be doing things
> that you do not realise, I suggest you read 'man smb.conf' about the
> two parameters.
> 

I read it. But I'd like to know if there is some good documentation,
somewhere (I don't mean that it has to be served by samba.org) about
the MS Windows side about ACL, users, groups, permissions and mapping
to POSIX like equivalents.

I bought a book about Active Directory and for the moment, 95% of the
writing is advertising for Azure ("AD is deprecated; for the threats
you need to go in the cloud") so I'm almost as clueless as I was
before starting the reading...

> > 
> > blocking locks = no
> > 
> > log level = 2
> > 
> > #============================ Share Definitions
> > ============================== [shared]
> > comment = This Unix dir is shared with Windows clients
> > path = /some/dir
> > writable = yes
> > printable = no
> > valid users = one_user
> > write list = one_user
> > force group = users
> > vfs objects = acl_xattr
> 
> If your kernel has no ACL support, it might be pointless to set that
> vfs object.
> 

smbclient(1) speaks more verbosely with this set.

> > inherit owner = yes
> > inherit permissions = yes
> > --->8---
> > 
> > > There have been a lot of changes since 3.6.x
> > 
> > No doubt about that! ;-)
> 
> It might be worth while considering setting up a Samba AD domain, this
> may be worth it if you have a lot of computers, at least your clients
> sound like they could join a domain.
> 
> At the very least, set up your standalone server correctly, turn off
> winbind and see how you go on.

I read the wiki and started simple since "standalone" is supposed to
be straightforward. But the simple doesn't work while it was working
with 3.6.

I guess I will have to read the sources to understand what is going
on...

Thanks nonetheless,
-- 
        Thierry Laronde <tlaronde +AT+ kergis +dot+ com>
                     http://www.kergis.com/
                    http://kertex.kergis.com/
Key fingerprint = 0FF7 E906 FBAF FE95 FD89  250D 52B1 AE95 6006 F40C

More information about the samba mailing list