[Samba] We need help with a bug....smbldap-installer script (long)

David Trask dtrask at vcs.u52.k12.me.us
Mon Feb 7 05:04:23 GMT 2005

Craig White <craigwhite at azapple.com> on Sunday, February 6, 2005 at 11:26
PM +0000 wrote:
>I'm sure I gave you the answers on the profiles issue

You did give me some info and I appreciate that....here's the profiles
section of my smb.conf

   path = /opt/samba/profiles
   writeable = yes
   browseable = no
   #create mode = 0644
   #directory mode = 0755
   # this prevents users from browsing other peoples' profiles
   create mode = 0600
   directory mode = 0700

Note we changed the create mode and directory mode from what was given by
the folks from IDEALX in their example....in an effort to secure things. 
I can see in your example that you did the same.  

Due to the name of the smbldap_conf.pm file I'm aware that you're using an
older version of smbldap-tools.  This past summer I migrated from RH 9
using an older version of smbldap-tools and Samba 2 to Fedora Core 2 using
Samba 3 and smbldap-tools 0.84 (what I'm using on my production
server....0.86 is what we use in the script).  Things changed dramatically
in the newer versions.  Name changes...and in the latest
version....location changes.  No longer is smbldap-tools located in
/etc/smbldap-tools....nor are the executables located in
/usr/local/sbin.....they are now in /opt/IDEALX/sbin.  Anyway...in version
0.84 there was a "bug" or "feature" where in order to get smbldap-populate
to work (because of the adding of the Administrator user) you had to go to
smbusers and comment out the line with 

#root = administrator admin

Once one did this...everything worked fine.  I'm wondering if things have
changed with the newer version of smbldap-tools and possibly the later
version of samba in FC3 that make this uneccesary and perhaps "naughty". 
My hunch is the profiles issue is a permissions problem...not in the sense
that the profiles directory is not 1777 (which it is) but rather something
amiss with Administrator.  In earlier versions of Samba and smbldap-tools
(at least in my case) "root" was the user that I used to join Windows
machines to the domain (entered on the Windows machine)....now it is
"Administrator"....but quirky little things are making me wonder if that's
not the case anymore.

David N. Trask
Technology Teacher/Coordinator
Vassalboro Community School
dtrask at vcs.u52.k12.me.us

More information about the samba mailing list