[Samba] Windows text file encoding vs Unix Samba server
Rowland Penny
rpenny at samba.org
Thu Feb 1 16:21:33 UTC 2024
On Thu, 1 Feb 2024 16:50:38 +0100
tlaronde at kergis.com wrote:
> On Thu, Feb 01, 2024 at 03:24:40PM +0000, Rowland Penny via samba
> wrote:
> > > >
> > > > What Windows versions are you using ?
> > > From Windows 7 (Pro) to Windows 11 (Pro). But same problem on
> > > every Windows client
> > >
> > > > How are you running Samba ?
> > > with winbindd(8), nmbd(8) and smbd(8)
> > >
> > > > Is there an AD domain involved ?
> > > No.
> > >
> > > > What 'program' or 'programs' are involved ?
> > > Notepad; LibreOffice (when creating an xlsx or exporting to pdf);
> > > sam (pdf 2 pdf converter).
> > >
> > > > Could it be a 'locking' problem ?
> > >
> > > The problem is that there is a problem, but that I'm trying to
> > > identify what is wrong. So may be locking, but how can I know?
> > >
> > > What is strange, is that the very same user can create a file; can
> > > delete a file; but can't modify a file if it is not a binary file.
> > >
> > > > What is in your smb.conf ?
> > >
> > > Here it is (some network or user values edited):
> > >
> > > ---8<---
> > > # Version 4.18.9
> > > #
> > > #======================= Global Settings
> > > ===================================== [global]
> > > workgroup = AGROUP
> > > server string = Samba %v (%h)
> > > server role = standalone
> > > security = user
> > >
> > > idmap config * : backend = autorid
> > > idmap config * : range = 100000-299999
> >
> > You are running Samba as a standalone server, so the 'idmap config'
> > lines will require winbind, which isn't normally run on a standalone
> > server, mainly because you would need to join the server to a
> > domain. I notice you say you are running winbind, why ?
>
> Because I first run without (with a configuration that was working
> with Samba 3.6.*) and it was not working. I had then no winbindd(8)
> running.
>
> Trying to test, on the Unix server, with smbclient(1), at least,
> adding winbindd(8) I had supplementary informations.
>
> I tested: winbindd is not a problem, since it doesn't work without it
> either...
>
> >
> > > passdb backend = smbpasswd
> >
> > smbpasswd was replaced by tdbsam years ago, before 3.6 if I recall
> > correctly.
>
> Yes, I read that in the documentation. But it is still supported, and
> I tested tdbsam also with no difference (smbpasswd is just, if I'm not
> mistaken, a front-end; so should not change a lot of things). BTW, I
> removed the databases and re-created user and password. Without any
> change.
>
> >
> > >
> > > hosts allow = 192.168.xxx.0/24 127.
> > >
> > > local master = no
> > > domain master = no
> > > preferred master = no
> > >
> > > min protocol = core
> > > max protocol = SMB3
> > > client min protocol = core
> > > client max protocol = SMB3
> > > ntlm auth = true
> > > hide dot files = No
> > > acl group control = no
> > >
> > > # Does it make any difference? The current kernel has no ACL
> > > support # while the filesystem can have---but not mounted with
> > > support. #
> > > acl map full control = yes
> >
> > Well both the 'acl' parameters are the defaults and may be doing
> > things that you do not realise, I suggest you read 'man smb.conf'
> > about the two parameters.
> >
>
> I read it. But I'd like to know if there is some good documentation,
> somewhere (I don't mean that it has to be served by samba.org) about
> the MS Windows side about ACL, users, groups, permissions and mapping
> to POSIX like equivalents.
>
> I bought a book about Active Directory and for the moment, 95% of the
> writing is advertising for Azure ("AD is deprecated; for the threats
> you need to go in the cloud") so I'm almost as clueless as I was
> before starting the reading...
>
> > >
> > > blocking locks = no
> > >
> > > log level = 2
> > >
> > > #============================ Share Definitions
> > > ============================== [shared]
> > > comment = This Unix dir is shared with Windows clients
> > > path = /some/dir
> > > writable = yes
> > > printable = no
> > > valid users = one_user
> > > write list = one_user
> > > force group = users
> > > vfs objects = acl_xattr
> >
> > If your kernel has no ACL support, it might be pointless to set that
> > vfs object.
> >
>
> smbclient(1) speaks more verbosely with this set.
>
> > > inherit owner = yes
> > > inherit permissions = yes
> > > --->8---
> > >
> > > > There have been a lot of changes since 3.6.x
> > >
> > > No doubt about that! ;-)
> >
> > It might be worth while considering setting up a Samba AD domain,
> > this may be worth it if you have a lot of computers, at least your
> > clients sound like they could join a domain.
> >
> > At the very least, set up your standalone server correctly, turn off
> > winbind and see how you go on.
>
> I read the wiki and started simple since "standalone" is supposed to
> be straightforward. But the simple doesn't work while it was working
> with 3.6.
>
> I guess I will have to read the sources to understand what is going
> on...
>
> Thanks nonetheless,
I do not use netbsd, so I know little about its acl support, apart
from, as I understand it, it uses NFSv4 ACLs.
As you are using Samba as a Standalone server, you only need to run two
of the Samba binaries, smbd & nmbd. If you do not require SMBv1, you
only need smbd. You only need winbind if 'security' is set to 'domain'
or 'ADS', it is the link between smbd and AD.
I suggest you read this wiki page:
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Standalone_Server
I suggest you start with the minimal smb.conf shown on that wikipage
and add further parameters as required, but test them as you go along.
Rowland
More information about the samba
mailing list