[Samba] Trouble installing SWAT on a Samba 4 Alpha 13 build onUbuntu Server
Lynn Dixon
boodaddy at gmail.com
Mon Jan 24 17:33:01 MST 2011
I have one more quick question if i may. This one maybe a simple one :)
Is there any way to set the sysvol and netlogon shares to be not
browseable? i know they are very important, but it would be nice if they
were "hidden". I have tried browseable = no but I think samba 4 ignores
that :)
On Mon, Jan 24, 2011 at 7:30 PM, Taylor, Jonn <jonnt at taylortelephone.com>wrote:
> Glad I could help.
>
>
> On 01/24/2011 05:38 PM, Lynn Dixon wrote:
>
> AWESOME!!! That fixed it my friend! Once I corrected my fstab for /share
> with acl and user_xattr options, and remounted the filesystem, that worked
> perfectly. Mind you I did have to delete the old /share/finance folder
> since it was created without the new attributes. Its working perfectly now.
> I am able to use the built-in windows file ACL tools to configure perms.
>
> Thanks again for all your help, I hope I will be able to return the favor
> in the future!
>
> Lynn Dixon
>
> On Mon, Jan 24, 2011 at 12:44 PM, Taylor, Jonn <jonnt at taylortelephone.com>wrote:
>
>> Make sure that you have these installed.
>>
>> apt-get install build-essential libattr1-dev libblkid-dev libgnutls-dev libreadline5-dev python-dev autoconf python-dnspython gdb pkg-config bind9utils libpam0g-dev
>>
>>
>>
>> NOTE about filesystem support
>>
>> To use the advanced features of Samba4 you need a filesystem that supports
>> both the "user" and "system" xattr namespaces.
>>
>> If you run Linux with a 2.6 kernel and ext3 this means you need to include
>> the option "user_xattr" in your /etc/fstab. For example:
>>
>> /dev/hda3 /home ext3 user_xattr 1 1
>>
>> You also need to compile your kernel with the XATTR and SECURITY options
>> for your filesystem. For ext3 that means you need:
>>
>> CONFIG_EXT3_FS_XATTR=y
>> CONFIG_EXT3_FS_SECURITY=y
>>
>> If you are running a Linux 2.6 kernel with CONFIG_IKCONFIG_PROC defined
>> you can check this with the following command:
>>
>> $ zgrep CONFIG_EXT3_FS /proc/config.gz
>>
>> If you don't have a filesystem with xattr support, then you can simulate
>> it by using the option:
>>
>> posix:eadb = /usr/local/samba/eadb.tdb
>>
>> that will place all extra file attributes (NT ACLs, DOS EAs, streams etc),
>> in that tdb. It is not efficient, and doesn't scale well, but at least it
>> gives you a choice when you don't have a modern filesystem.
>> [edit<http://wiki.samba.org/index.php?title=Samba4/HOWTO&action=edit§ion=18>
>> ]
>> Testing your filesystem
>>
>> To test your filesystem support, install the 'attr' package and run the
>> following 4 commands as root:
>>
>> # touch test.txt
>> # setfattr -n user.test -v test test.txt
>> # setfattr -n security.test -v test2 test.txt
>> # getfattr -d test.txt
>> # getfattr -n security.test -d test.txt
>>
>> You should see output like this:
>>
>> # file: test.txt
>> user.test="test"
>>
>> # file: test.txt
>> security.test="test2"
>>
>> If you get any "Operation not supported" errors then it means your kernel
>> is not configured correctly, or your filesystem is not mounted with the
>> right options.
>>
>> If you get any "Operation not permitted" errors then it probably means you
>> didn't try the test as root.
>>
>> If you are using the posix:eadb option then you don't need to test your
>> filesystem in this manner.
>> Jonn
>>
>>
>> On 01/24/2011 11:20 AM, Lynn Dixon wrote:
>>
>> Hmmm. Here is what I have for permissions and ACLs on the finance folder:
>>
>> root at dc:/share# ls -la
>> total 28
>> drwxr-xr-x 4 root root 4096 2011-01-24 10:10 .
>> drwxr-xr-x 22 root root 4096 2011-01-22 23:56 ..
>> drwxrwxrwx 5 root users 4096 2011-01-24 11:53 finance
>> drwx------ 2 root root 16384 2011-01-22 21:55 lost+found
>> root at dc:/share# getfacl finance/
>> # file: finance/
>> # owner: root
>> # group: users
>> user::rwx
>> group::rwx
>> other::rwx
>>
>> root at dc:/share#
>>
>> And here is what the parent folder /share looks like:
>> drwxr-xr-x 4 root root 4096 2011-01-24 10:10 share
>>
>> root at dc:/# getfacl share
>> # file: share
>> # owner: root
>> # group: root
>> user::rwx
>> group::r-x
>> other::r-x
>>
>>
>> Just to be safe, here is what /etc/fstab looks like for the /share
>> directory:
>> # /share was on /dev/sda3 during installation
>> UUID=a20cec9c-f3e0-4ab7-b9fe-15071e89b7d6 /share ext4
>> defaults 0 2
>>
>>
>> do I need to mount it with an ACL argument?
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> On Mon, Jan 24, 2011 at 12:12 PM, Taylor, Jonn <jonnt at taylortelephone.com
>> > wrote:
>>
>>> Check you permissions on the folders.
>>>
>>> [Mon Jan 24 11:30:24 2011 EST, 0
>>> ../ntvfs/posix/pvfs_acl.c:567:pvfs_access_check_unix()]
>>> ../ntvfs/posix/pvfs_acl.c:567 denied access to '/share/finance/.' -
>>> wanted 0x010e0000 but got 0xfff3ffff (missing 0x000c0000)
>>> [Mon Jan 24 11:30:24 2011 EST, 0
>>> ../ntvfs/posix/pvfs_acl.c:567:pvfs_access_check_unix()]
>>> ../ntvfs/posix/pvfs_acl.c:567 denied access to '/share/finance/.' -
>>> wanted 0x00040000 but got 0xfef3ffff (missing 0x00040000)
>>> [Mon Jan 24 11:30:24 2011 EST, 0
>>> ../ntvfs/posix/pvfs_acl.c:567:pvfs_access_check_unix()]
>>> ../ntvfs/posix/pvfs_acl.c:567 denied access to '/share/finance/.' -
>>> wanted 0x00080000 but got 0xfef3ffff (missing 0x00080000)
>>> [Mon Jan 24 11:31:06 2011 EST, 0
>>> ../ntvfs/posix/pvfs_acl.c:567:pvfs_access_check_unix()]
>>> ../ntvfs/posix/pvfs_acl.c:567 denied access to '/share/finance/.' -
>>> wanted 0x00060000 but got 0xfef3ffff (missing 0x00040000)
>>> [Mon Jan 24 11:31:06 2011 EST, 0
>>> ../ntvfs/posix/pvfs_acl.c:567:pvfs_access_check_unix()]
>>> ../ntvfs/posix/pvfs_acl.c:567 denied access to '/share/finance/.' -
>>> wanted 0x00060000 but got 0xfef3ffff (missing 0x00040000)
>>> [Mon Jan 24 11:32:05 2011 EST, 0
>>> ../dsdb/kcc/kcc_topology.c:3479:kcctpl_test()]
>>> Testing kcctpl_create_intersite_connections
>>> [Mon Jan 24 11:35:28 2011 EST, 0
>>> ../ntvfs/posix/pvfs_acl.c:567:pvfs_access_check_unix()]
>>> ../ntvfs/posix/pvfs_acl.c:567 denied access to '/share/finance/.' -
>>> wanted 0x00060000 but got 0xfef3ffff (missing 0x00040000)
>>> [Mon Jan 24 11:35:28 2011 EST, 0
>>> ../ntvfs/posix/pvfs_acl.c:567:pvfs_access_check_unix()]
>>> ../ntvfs/posix/pvfs_acl.c:567 denied access to '/share/finance/.' -
>>> wanted 0x00060000 but got 0xfef3ffff (missing 0x00040000)
>>>
>>> Jonn
>>>
>>>
>>> On 01/24/2011 11:07 AM, Lynn Dixon wrote:
>>>
>>> Thanks for the help. I have attached my samba.log.
>>>
>>>
>>>
>>> On Mon, Jan 24, 2011 at 11:58 AM, Taylor, Jonn <
>>> jonnt at taylortelephone.com> wrote:
>>>
>>>> Need to see you samba logs. They are in /usr/local/samba/var/samb.log
>>>> by default. Directory owner needs to be root and group should be users or
>>>> staff.
>>>>
>>>> Also make sure that you can set the ACL's from the command prompt. How
>>>> to do this is on the wiki.
>>>>
>>>> Jonn
>>>>
>>>>
>>>> On 01/24/2011 10:50 AM, Lynn Dixon wrote:
>>>>
>>>> Ok. I tried the following:
>>>> Navigate to share, right click --> Properties. Went to "security" tab
>>>> then clicked "advanced"
>>>> That opened up and I was able to click Add and then add my Finance AD
>>>> group. The Finance group even shows up with the selected permissions in the
>>>> list of users/groups. BUT, when I click "Apply" all of the changes vanish.
>>>> I took some snapshots. Check them at the links:
>>>>
>>>> Before changes:
>>>> http://lh3.ggpht.com/_qETGDInSB7Q/TT2tBxte7uI/AAAAAAAALcw/Mf8kYZxcUxI/s400/finance1.JPG
>>>> After adding Finance:
>>>> http://lh4.ggpht.com/_qETGDInSB7Q/TT2tCEhe8kI/AAAAAAAALc0/4thnUxi_sBo/s400/finance2.JPG
>>>>
>>>> But when I click apply, the jenfab\finance group dissappears from the
>>>> list and the changes never save.
>>>>
>>>> I have tried giving 777 perms on the actual directory on my ubuntu box
>>>> to troubleshoot, but had same results. I have also verified that ACL
>>>> package has been installed on my Ubuntu machine. What user:group do I need
>>>> to have the actual directory on the ubuntu machine set to? Any other things
>>>> I should try?
>>>>
>>>> On Mon, Jan 24, 2011 at 11:02 AM, Taylor, Jonn <
>>>> jonnt at taylortelephone.com> wrote:
>>>>
>>>>> Go to advanced when changing ACL's.
>>>>>
>>>>> Jonn
>>>>>
>>>>>
>>>>> On 01/24/2011 09:48 AM, Lynn Dixon wrote:
>>>>>
>>>>> That was the first thing that I had tried. I created a share using
>>>>> smb.conf, then restarted samba.
>>>>> I can see the share, and navigate down into it from windows. If I
>>>>> create a folder and then rick click from a windows machine and do security,
>>>>> I can add groups, but when I try to save, the changes just disappear.
>>>>>
>>>>> What is the best way to manage ACL's on the share from a windows
>>>>> machine?
>>>>>
>>>>> Sorry for all the questions, this is my first venture into a Samba 4 AD
>>>>> environment. I have used Samba 2/3 i on a workgroup in the past and used
>>>>> different security schemes.
>>>>>
>>>>> On Mon, Jan 24, 2011 at 10:37 AM, Taylor, Jonn <
>>>>> jonnt at taylortelephone.com> wrote:
>>>>>
>>>>>> This is all you need.
>>>>>>
>>>>>> [test]
>>>>>> path = /data/test
>>>>>> read only = no
>>>>>>
>>>>>> Then use windows to set the acl's.
>>>>>>
>>>>>> Jonn
>>>>>>
>>>>>> http://wiki.samba.org/index.php/Samba4/HOWTO
>>>>>>
>>>>>> On 01/24/2011 09:24 AM, Lynn Dixon wrote:
>>>>>> > Thanks. I tried both paramaters in my smb.conf but I got errors when
>>>>>> I tried
>>>>>> > both:
>>>>>> >
>>>>>> > jenfab at dc:~$ sudo /etc/init.d/samba4 restart
>>>>>> > * Stopping Samba 4 daemon samba
>>>>>> > [ OK ]
>>>>>> > * Starting Samba 4 daemon
>>>>>> > samba Unknown
>>>>>> parameter
>>>>>> > encountered: "valid users"
>>>>>> > Ignoring unknown parameter "valid users"
>>>>>> >
>>>>>> [
>>>>>> > OK ]
>>>>>> > jenfab at dc:~$ sudo nano /etc/samba/smb.conf
>>>>>> > jenfab at dc:~$ sudo /etc/init.d/samba4 restart
>>>>>> > * Stopping Samba 4 daemon samba
>>>>>> [
>>>>>> > OK ]
>>>>>> > * Starting Samba 4 daemon
>>>>>> > samba Unknown
>>>>>> parameter
>>>>>> > encountered: "write list"
>>>>>> > Ignoring unknown parameter "write list"
>>>>>> > Unknown parameter encountered: "read list"
>>>>>> > Ignoring unknown parameter "read list"
>>>>>> >
>>>>>> [
>>>>>> > OK ]
>>>>>> >
>>>>>> >
>>>>>> > On Mon, Jan 24, 2011 at 9:52 AM, <tms3 at tms3.com> wrote:
>>>>>> >
>>>>>> >>
>>>>>> >> I am not sure how to use Microsoft AD tools to create shares and
>>>>>> then set
>>>>>> >> those shares permissable to certain AD groups. For example, I need
>>>>>> to
>>>>>> >> create
>>>>>> >> a share called "Finance" and only the people in Finance can
>>>>>> read/write to
>>>>>> >> it. I was hoping to use SWAT to help in creation and management of
>>>>>> those
>>>>>> >> shares.
>>>>>> >>
>>>>>> >> vi smb.conf (or your favorite text editor)
>>>>>> >>
>>>>>> >> add
>>>>>> >>
>>>>>> >> [finance]
>>>>>> >>
>>>>>> >> ...various parameter...
>>>>>> >> valid users = @finance
>>>>>> >>
>>>>>> >> or
>>>>>> >>
>>>>>> >> write list = @finance
>>>>>> >> read list = @finance
>>>>>> >>
>>>>>> >>
>>>>>> >>
>>>>>> >> I have been using AD tools to manage the domain and GPO's but I am
>>>>>> not sure
>>>>>> >> how to use them to create shares.
>>>>>> >>
>>>>>> >> You can see swat for samba4 here:
>>>>>> https://github.com/rvelhote/GSoC-SWAT
>>>>>> >>
>>>>>> >> On Mon, Jan 24, 2011 at 5:03 AM, Daniel Müller <
>>>>>> mueller at tropenklinik.de
>>>>>> >>> wrote:
>>>>>> >> I thought swat is no longer working!!Just use Microsoft ads tools
>>>>>> and you
>>>>>> >> are up and running.
>>>>>> >>
>>>>>> >> -----------------------------------------------
>>>>>> >> EDV Daniel Müller
>>>>>> >>
>>>>>> >> Leitung EDV
>>>>>> >> Tropenklinik Paul-Lechler-Krankenhaus
>>>>>> >> Paul-Lechler-Str. 24
>>>>>> >> 72076 Tübingen
>>>>>> >>
>>>>>> >> Tel.: 07071/206-463, Fax: 07071/206-499
>>>>>> >> eMail: mueller at tropenklinik.de
>>>>>> >> Internet: http://www.tropenklinik.de
>>>>>> >>
>>>>>> >> -----------------------------------------------
>>>>>> >>
>>>>>> >> -----Ursprüngliche Nachricht-----
>>>>>> >> Von: samba-bounces at lists.samba.org [mailto:
>>>>>> samba-bounces at lists.samba.org]
>>>>>> >> Im
>>>>>> >> Auftrag von Lynn Dixon
>>>>>> >> Gesendet: Sonntag, 23. Januar 2011 06:39
>>>>>> >> An: samba at lists.samba.org
>>>>>> >> Betreff: [Samba] Trouble installing SWAT on a Samba 4 Alpha 13
>>>>>> build on
>>>>>> >> Ubuntu Server
>>>>>> >>
>>>>>> >> Hello all,
>>>>>> >> I have setup a complete domain using Samba 4 on my Ubuntu server 32
>>>>>> bit
>>>>>> >> machine. I am using the Alpha 13 build (it was actually in the
>>>>>> Ubuntu
>>>>>> >> Repos). I am trying to setup swat to make it easier to manage
>>>>>> shares. I
>>>>>> >> have followed the instructions at
>>>>>> https://github.com/rvelhote/GSoC-SWATbut
>>>>>> >> I am having a few problems.
>>>>>> >>
>>>>>> >> When I run ./run I get the following errors:
>>>>>> >> jenfab at dc:~/GSoC-SWAT$ sudo ./run
>>>>>> >> Starting subprocess with file monitor
>>>>>> >> Traceback (most recent call last):
>>>>>> >> File "/usr/local/bin/paster", line 9, in <module>
>>>>>> >> load_entry_point('PasteScript==1.7.3', 'console_scripts',
>>>>>> 'paster')()
>>>>>> >> File "/usr/lib/pymodules/python2.6/paste/script/command.py",
>>>>>> line 84, in
>>>>>> >> run
>>>>>> >> invoke(command, command_name, options, args[1:])
>>>>>> >> File "/usr/lib/pymodules/python2.6/paste/script/command.py",
>>>>>> line 123,
>>>>>> >> in
>>>>>> >> invoke
>>>>>> >> exit_code = runner.run(args)
>>>>>> >> File "/usr/lib/pymodules/python2.6/paste/script/command.py",
>>>>>> line 218,
>>>>>> >> in
>>>>>> >> run
>>>>>> >> result = self.command()
>>>>>> >> File "/usr/lib/pymodules/python2.6/paste/script/serve.py", line
>>>>>> 276, in
>>>>>> >> command
>>>>>> >> relative_to=base, global_conf=vars)
>>>>>> >> File "/usr/lib/pymodules/python2.6/paste/script/serve.py", line
>>>>>> 313, in
>>>>>> >> loadapp
>>>>>> >> **kw)
>>>>>> >> File "/usr/lib/pymodules/python2.6/paste/deploy/loadwsgi.py",
>>>>>> line 204,
>>>>>> >> in
>>>>>> >> loadapp
>>>>>> >> return loadobj(APP, uri, name=name, **kw)
>>>>>> >> File "/usr/lib/pymodules/python2.6/paste/deploy/loadwsgi.py",
>>>>>> line 224,
>>>>>> >> in
>>>>>> >> loadobj
>>>>>> >> global_conf=global_conf)
>>>>>> >> File "/usr/lib/pymodules/python2.6/paste/deploy/loadwsgi.py",
>>>>>> line 248,
>>>>>> >> in
>>>>>> >> loadcontext
>>>>>> >> global_conf=global_conf)
>>>>>> >> File "/usr/lib/pymodules/python2.6/paste/deploy/loadwsgi.py",
>>>>>> line 278,
>>>>>> >> in
>>>>>> >> _loadconfig
>>>>>> >> return loader.get_context(object_type, name, global_conf)
>>>>>> >> File "/usr/lib/pymodules/python2.6/paste/deploy/loadwsgi.py",
>>>>>> line 409,
>>>>>> >> in
>>>>>> >> get_context
>>>>>> >> section)
>>>>>> >> File "/usr/lib/pymodules/python2.6/paste/deploy/loadwsgi.py",
>>>>>> line 431,
>>>>>> >> in
>>>>>> >> _context_from_use
>>>>>> >> object_type, name=use, global_conf=global_conf)
>>>>>> >> File "/usr/lib/pymodules/python2.6/paste/deploy/loadwsgi.py",
>>>>>> line 361,
>>>>>> >> in
>>>>>> >> get_context
>>>>>> >> global_conf=global_conf)
>>>>>> >> File "/usr/lib/pymodules/python2.6/paste/deploy/loadwsgi.py",
>>>>>> line 248,
>>>>>> >> in
>>>>>> >> loadcontext
>>>>>> >> global_conf=global_conf)
>>>>>> >> File "/usr/lib/pymodules/python2.6/paste/deploy/loadwsgi.py",
>>>>>> line 285,
>>>>>> >> in
>>>>>> >> _loadegg
>>>>>> >> return loader.get_context(object_type, name, global_conf)
>>>>>> >> File "/usr/lib/pymodules/python2.6/paste/deploy/loadwsgi.py",
>>>>>> line 561,
>>>>>> >> in
>>>>>> >> get_context
>>>>>> >> object_type, name=name)
>>>>>> >> File "/usr/lib/pymodules/python2.6/paste/deploy/loadwsgi.py",
>>>>>> line 587,
>>>>>> >> in
>>>>>> >> find_egg_entry_point
>>>>>> >> possible.append((entry.load(), protocol, entry.name))
>>>>>> >> File "/usr/lib/python2.6/dist-packages/pkg_resources.py", line
>>>>>> 1954, in
>>>>>> >> load
>>>>>> >> entry = __import__(self.module_name, globals(),globals(),
>>>>>> >> ['__name__'])
>>>>>> >> ImportError: No module named swat.config.middleware
>>>>>> >>
>>>>>> >>
>>>>>> >> Any suggestions as to where to go from here?
>>>>>> >> --
>>>>>> >> To unsubscribe from this list go to the following URL and read the
>>>>>> >> instructions: https://lists.samba.org/mailman/options/samba
>>>>>> >>
>>>>>> >>
>>>>>> >> --
>>>>>> >>
>>>>>> >> To unsubscribe from this list go to the following URL and read the
>>>>>> >> instructions: https://lists.samba.org/mailman/options/samba
>>>>>> >>
>>>>>> >>
>>>>>> >>
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>
More information about the samba
mailing list