[Samba] Multiple problems: installing SWAT,
no longer access to a restored (after deletion) share, ACL inheritance
Any None
sambaml at yahoo.de
Fri Jun 15 10:59:00 GMT 2007
Hello Aaron,
>What kind of authentication are you doing on the clients? (i.e. Active
>Directory, etc.)
Authentication is done by Linux/Samba, and Samba is PDC. I just added a few users to the Linux box and then added them to Samba.
>Can you sanitize and post your smb.conf configuration? This is often
>found in /etc/samba/smb.conf.
OK, I'll attach it at the end. Not much to sanitize, this is purely a test server.
I think I forgot to mention: I have also a public share and another user share. These 2 still work, but the once deleted one no longer accepts any users.
I can tell
you that we have Samba on Ubuntu integrated into Active Directory using
ACLs and it works almost 100% as you would expect a file server to
behave. One caveat seems to be setting the archive bit when a file is
Does Samba need to run in an Active Directory integrated mode to get ACLs to work?
Here's the cleaned up smbconf:
# Samba config file created using SWAT
# from 127.0.0.1 (127.0.0.1)
# Date: 2007/06/12 12:01:55
[global]
workgroup = LINUXNET
realm = removed for privacy reasons
netbios name = LINUXSERVER
map to guest = Bad User
printcap name = cups
add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$
logon path = \\%L\profiles\.msprofile
logon drive = P:
logon home = \\%L\%U\.9xprofile
domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
ldap ssl = no
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
winbind refresh tickets = Yes
cups options = raw
include = /etc/samba/dhcp.conf
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
write list = root
[ivy]
comment = Ivy's Share
path = /home/ivy/sharedfolder
read only = No
inherit acls = Yes
[public]
comment = Public Folder
path = /home/GlobalShare
read only = No
inherit permissions = Yes
inherit acls = Yes
guest only = Yes
guest ok = Yes
max connections = 100
case sensitive = No
dos filemode = Yes
[test]
comment = Share test
path = /home/test/netwerkshare
valid users = test, john
read only = No
inherit acls = Yes
max connections = 10
case sensitive = No
store dos attributes = Yes
dos filetime resolution = Yes
Aaron Kincer <kincera at gmail.com> schrieb: Neko,
What kind of authentication are you doing on the clients? (i.e. Active
Directory, etc.)
Can you sanitize and post your smb.conf configuration? This is often
found in /etc/samba/smb.conf.
It took me a while to get the hang of Samba and I'm still learning, so
don't give up. The rewards are well worth it in my opinion. I can tell
you that we have Samba on Ubuntu integrated into Active Directory using
ACLs and it works almost 100% as you would expect a file server to
behave. One caveat seems to be setting the archive bit when a file is
changed. At least one program refuses to set it--Microsoft Word 2003. I
haven't tested other versions of Word nor done exhaustive testing with
other applications. In general, this isn't catastrophic but can cause
headaches for backup software that utilize the archive bit flag. There
is a workaround for that so that you can satisfy your backup software,
but it's an ugly hack in my opinion.
If you haven't already, I highly recommend you spend time reading the
man pages on smb.conf and read through it entirely at least once even if
you are simply skimming through it. I think you will find some
interesting options in there.
Aaron Kincer
Any None wrote:
> I'm a job trainee, very new to Linux and Samba and was asked to set up a server based on OpenSUSE and Samba. The idea is not to make a production server but to investigate how and how well this works (the company is Windows exclusive at the moment)
>
> I got as far as properly installing Linux and Samba 3 with the help of the guides on the OpenSUSE website. But there are a few things that still pose a problem. They're most likely due to my lack of knowledge and mistakes I made. But I would appreciate any pointers and help on the matter you can give me.
>
> 1. My understanding of ACL inheritance is that if this is 'on' for a share, any folder or file made under this share directory by the user would 'inherit' the ACL settings from the share folder. Yet this does not work at all, instead the create masks are applied. Did I interprete the meaning of the function wrongly, or is something else broken?
>
> 2. The Samba guide on OpenSUSE (at computerlanguages.org) says that to install SWAT, I need to enable among others smbfs and nfs in the System Services in YaST. When I try this I get the error '6: not configured'. Unfortunately the guide did not anticipate this. SWAT seems to work fine anyway. Is this the normal response? Both are listed as running: 'Yes*' in the basic view, but 'no' in the advanced view so I'm guessing they're not running at all. Can this cause problems, and how do I configure these so they will run?
>
> 3. In SWAT I accidentally deleted a share. No problem I thought, I'll just recreate it. I used the exact same settings (as described in the aforementioned guide) and recreated the share. It shows up on Windows clients but when I try to access it, I get the message I don't have access rights. I double checked the password and username, but they're OK. I checked the user still exists and is present in the Samba password file, also OK. Even root can't access this share. What has happened here? Is this a know behaviour when deleting and recreating the same share?
>
> 4. In another guide on the net I read that you can use SWAT on any PC in the network, taking care as traffic isn't encrypted. I tried from one of my Windows clients but all I get is a blank page. Do you need to especially activate this possibility somewhere? I checked the etc/services file as some guides say you have to enter swat 901/tcp there. This entry is listed but marked 'conflict' as there's already an entry for this port: smpnameres 901/tcp (and udp). Is this perhaps the cause? How do I go about to solve this conflict?
>
> Sorry to dump so many questions on you in one go, but I've tried asking in a ng for some time now and am not getting responses as problems keep piling up. Any hint or tip would be great, thanks!
>
> Neko
>
>
> ---------------------------------
> Jetzt Mails schnell in einem Vorschaufenster überfliegen. Dies und viel mehr bietet das neue Yahoo! Mail .
>
__________________________________________________
Do You Yahoo!?
Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz gegen Massenmails.
http://mail.yahoo.com
More information about the samba
mailing list