[Samba] MS Word and Samba File Permissions Problem: probably solved

Alexander Goeres agoeres at lieblinx.net
Tue Jan 27 16:04:20 GMT 2004


Hi Chris!

Am Dienstag, 27. Januar 2004 14:59 schrieb Chris Aitken:
> > +Samba 3.0.1 on Debian 3.0
> >
> > + Groupmapping:
> > - Domain Admins -> root
> > - Domain Users -> domuser
> > - Domain Guests -> nogroup
> >
> > + smb.conf:
> > [global]
> > ...
> > admin users = +root
> > write list = +root +domuser
> > create mask = 0775
> > directory mask = 0775
> > ...
> > [share]
> > force create mode = 0660
> > force directory mode = 0770
> > force group = domuser
> >
> > Client-side: MS Office 2000 on w2k
> > #######################
> > All the files/directories on this share belong to the group "domuser".
...
> I had this problem at work (Debian 2.2.3a).
>
> My shares now look like this:
>
> [Share]
>    comment = description
>    path = /home/projects
>    browseable = yes
>    read only = no
>    force create mode = 0060
>    force directory mode = 0070
>    create mask = 0770
>    directory mask = 0770
>
> mode is drwxrwx--- owned by root.staff

I'll test that configuration next time when I'm allowed to stop the relevant 
bureau-net.
But I found a different solution:
setting "oplock = Yes" on the share worked. It looked as if my samba 
installation couldn't handle this "opportunistic locking" thing the w2k 
clients required (even though "man smb.conf" said it was turned on by 
default). I had to enable it on the share. Now the M$ Word problem is gone.
I found some hints about that problem (via the Samba HowTo) in the MS 
knowledge-base:
About XP Problems and oplocking: 
http://support.microsoft.com/default.aspx?scid=kb;EN-US;812937
About "opportunistic locking" in general:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;296264
First time that an MS help was of some use..

> As a return favour - have you got add user script/add group script etc
> working properly yet? Could you share your scripts with me pls - as I have
> issues with this in 3.0.0fianl.
>
> Regards,
>
> Chris

For the "add group script" I use what is given as an example in the Samba 
HowTo:
http://de.samba.org/samba/docs/man/groupmapping.html#smbgrpadd.sh
The "add user script" is just the normal "useradd"-comand:
- /usr/sbin/useradd -d /home/"%u" -c "DomainUser" -s /bin/false  "%u"
That only worked correctly when I omitted the "-g whateverPrimaryGroup" . 
Apparently Samba adds the user to the group later:
- set primary group script = /usr/sbin/usermod -g "%g" "%u"
Giving passwords to users only worked after I adapted the "passwd chat" to the 
Debian passwd program:
- passwd chat = "*new*password*" %n\\n "*new*password*" %n\\n "*updated*"
New compis are added to the group "nogroup" in my config:
- add machine script = /usr/sbin/useradd -d /dev/null -s /bin/false -c 
"DomainMachines" -g nogroup "%u"

And (nearly) finally all that only worked after I did set the rights right:
Groupmapping: see above
smb.conf: see above and " valid users = +root, +domuser, +nogroup"

Really finally: That's with Debian 3.0 and the Debian Samba package 3.0.1-2

Don't know if that helps, but I hope

regards

Alexander

-- 
-------------------------------------------
agoeres _at_ lieblinx.net
tel.: +49 (0)30 / 61 20 26 87
fax: +49 (0)30 / 61 20 26 89
-------------------------------------------
lieblinxNET
     we do software
a Marwood & Thiele GbR
-------------------------------------------
reichenberger straße 125
10999 Berlin

http://lieblinx.net
-------------------------------------------



More information about the samba mailing list