[Spam] [Samba] Write list problem

Tim xendistar at gmail.com
Fri Sep 22 20:30:53 GMT 2006


On Friday 22 September 2006 20:08, Dale Schroeder wrote:
>
> If these are domain groups, perhaps this explains your problem:
>
>  ===============================
>  Release Notes for Samba 3.0.23b
>  Aug 7, 2006
>  ===============================
>
> Member servers, domain accounts, and smb.conf
>
> =============================================
>
> Since Samba 3.0.8, it has been recommended that all domain accounts
> listed in smb.conf on a member server be fully qualified with the
> domain name.  This is now a requirement.  All unqualified names are
> assumed to be local to the Unix host, either as part of the server's
> local passdb or in the local system list of accounts (e.g. /etc/passwd
> or /etc/group).
>
> The reason for this change is that smbd has transitioned from
> access checks based on string comparisons to token based
> authorization.  All names are resolved to a SID and then verified
> against the logged on user's NT user token.  Local names will
> resolve to a local SID, while qualified domain names will resolve
> to the appropriate domain SID.
>
> If the member server is not running winbindd at all, domain
> accounts will be implicitly mapped to local accounts and their
> tokens will be modified appropriately to reflect the local
> SID and group membership.
>
> For example, the following share will restrict access to the
> domain group "Linux Admins" and the local group srvadmin.
>
> [restricted]
> 	path = /data
> 	valid users = +"*DOMAIN*\Linux Admins" +srvadmin
>
> Note that to restrict the [homes] share on a member server to the
> owner of that directory, it is necessary to prefix the %S value
> to "valid users".
>
> [global]
> 	security = {domain,ads}
> 	workgroup = DOM
> 	winbind separator = +
> [homes]
> 	valid users = *DOM*+%S
>
>
> Hope it works,
>
> Dale

This could be the cause of my problem (sorry for hijacking the thread). Since 
my install upgraded its self to samba 3.0.23c smbd has refused to start, I am 
wonder whether I might have the same problem you outline above.

My Samba runs on Debian Testing and has worked without a problem until the 
upgrade, now the smbd refuse to start. I did a reinstall of samba and 
everything will work if I start it with the default smb.conf but if I use my 
existing conf file then smbd will refuse to start. Could somebody cast an eye 
over my conf file and tell me if it it the problem that Dale mentions


[global]
	workgroup = HOME
	server string = %h server (Samba %v)
	obey pam restrictions = Yes
	passdb backend = tdbsam,
	passwd program = /usr/bin/passwd %u
	passwd chat = *Enter\snew\sUNIX\spassword:* %n\n 
*Retype\snew\sUNIX\spassword:* %n\n .
	syslog = 0
	log file = /var/log/samba/log.%m
	max log size = 1000
	server signing = auto
	preferred master = No
	domain master = No
	panic action = /usr/share/samba/panic-action %d
	invalid users = root

[homes]
	comment = Home Directories
	invalid users = 
	read only = No
	create mask = 0640
	directory mask = 0750
	browseable = No

<snip>

Thanks inadvance, 

Tim

		
___________________________________________________________ 
Now you can scan emails quickly with a reading pane. Get the new Yahoo! Mail. http://uk.docs.yahoo.com/nowyoucan.html


More information about the samba mailing list