[Samba] write problem from mac osx 10.8.5 clients to samba 4

Athan DE JONG athan.dejong at yahoo.fr
Tue Oct 8 18:11:09 MDT 2013 

 Hi jason

I had setup a fresh installation
of a SAMBA4 AD without RFC2307 and my mac osx client can read/write
to the shares.

When i was first setting up the Production
server i followed the samba wiki witch says :

The --use-rfc2307option enables your Samba AD automatically to store posix attributes.
It also creates NIS information in the AD, that allows you to
administrate UIDs/GIDs and other Unix settings (on the „Unix
attributes“ tab in ADUC). It's easier if you enable this feature
during provisioning, than setting this up later by hand. And
even if you don't required it (yet), it's not affecting your
installation. 


 I
had found a lot of posts by googling around of people experimenting
samba issues on mac osx since apple uses their own implementation of
samba called SMBX.
 In
earlier samba versions 3.XXX the solution was to set use unix
attributes to "no" 


 So
it seems that my problem is quite similar to some unix attributes
issues. 


 I
mapped the UID/GID with no results : 


 Map
UID to uidNumber
Map both user GID and group GID to gidNumber 


 When
i compare the result from gentent passwd (on server)and the ID i get
from terminal logged mac user :  
 the
UID and GID results are the same. 


 So
I still wondering why the RFC2307 causes permission issues on mac osx
against the samba share. 


 Any
way, i want to thank you for your kindly help, and may start a new
issue on samba list, and pray to get some help :) 


 but
this will be tomorrow because at this time i only feel like transform
coffe into code. 


 Kind
regards, athan

 
De jong athan : 
MCTS(Microsoft certified technology specialist).


________________________________
 De : Jason MacChesney <jason.macchesney at ecacs16.ab.ca>
À : Athan DE JONG <athan.dejong at yahoo.fr> 
Envoyé le : Lundi 7 octobre 2013 17h24
Objet : Re: [Samba] write problem from mac osx 10.8.5 clients to samba 4
 


I did not use the --use-rfc2307 option. I used a fresh installation, not an upgrade.
OSX - 10.8.5
I'm unable to test in my production environment. However in my test environment (no roaming profiles) I can authenticate via SMB to mount the share. After the shares are mounted I can write pretty much anywhere.



On Sat, Oct 5, 2013 at 7:57 PM, Athan DE JONG <athan.dejong at yahoo.fr> wrote:

Hi Jason
>
>I used exactly the same procedure that you described. I forgot about "CREATOR OWNER" but after test no changes.
>I googled a lot around and found many people experimenting issus whith the mac osx SMBX implementation.
>
>
>can provide me some precisions that could help me eliminate cetains points :
>
>Did you provisioning samba with The --use-rfc2307 option ?
>What is the version of your Mac OSX ?
>Are you able to write from mac osx to another shared directory than the "users home dir" ?
>
>Once again thanks for your detailled reply and help !
> 
>Kind regadrs, Athan
>
>
>
>
>________________________________
> 
>De : Jason MacChesney <jason.macchesney at ecacs16.ab.ca>
>À : Athan DE JONG <athan.dejong at yahoo.fr> 
>Cc : "samba at lists.samba.org" <samba at lists.samba.org> 
>Envoyé le : Vendredi 4 octobre 2013 19h31
>
>Objet : Re: [Samba] write problem from mac osx 10.8.5 clients to samba 4
>
>
>
>Hey Athan, in order to do what you want this is what I would do in my environment; I would create the share in my smb.conf. Then create the directory on the server. I would populate a group for using the share, either on the server using samba-tool or using the snap-in. Then jump over to my Windows 7 machine, go to \\MY_SERVER, right-click my share, tab>security, and set full control permissions to CREATOR OWNER, SYSTEM, Domain Admins, and the group that's been created for this share. I would then instruct the people in that group that in order to access the share they need to open a finder, click GO > Connect to Server. Then they would need to mount the share using smb://MY_SERVER/SHARE ...they may need to enter their AD credentials at this point.
>
>
>I have no idea what the map UID, GUID implications are in directory utility, sorry! Good luck!
>
>
>
>On Fri, Oct 4, 2013 at 10:02 AM, Athan DE JONG <athan.dejong at yahoo.fr> wrote:
>
>Hi Jason
>>
>>
>>Thanks for your answer ! 
>>
>>
>>sorry for the delay of my reply i'm very busy this times.
>>
>>
>>glad to hear that you was able to deploy OSX in samba !
>>
>>
>>so your mac osx is bind-ed and you can read/write to your home directory on the server ?
>>
>>
>>can you read/write to another samba share ?
>>
>>
>>My problem is a little different as i'm not using roaming profiles. The choice of samab 4 was that we later have to setup mail service on the same server and so we will be able to use the AD for this later.
>>My goal for the moment is to share a public folder for a specific group of users !
>>
>>
>>my mac osx is bind-ed to AD i am able to read and delete files but not to write files to the samba share
>>My mac user has full acl and posix righs for the test and the message from finder is that i "dont have access to some of the items".
>>
>>
>>As i'm really not a mac specialist i was asking my self what about the map UID,GUID options in the Directory utility advanced options ?
>>
>>
>>Thanks again for your detailed answer, may you can give me another hint :)
>>
>>
>>Kind regards, Athan
>>
>>
>>
>>________________________________
>> De : Jason MacChesney <jason.macchesney at ecacs16.ab.ca>
>>À : Athan DE JONG <athan.dejong at yahoo.fr> 
>>Cc : "samba at lists.samba.org" <samba at lists.samba.org> 
>>Envoyé le : Jeudi 3 octobre 2013 16h40
>>Objet : Re: [Samba] write problem from mac osx 10.8.5 clients to samba 4
>> 
>>
>>
>>Hey Athan, I was able to deploy OSX in a samba4 environment. Here is my procedure:
>>
>>
>>go to System Preferences > User and Groups and create a new account with admin privileges. This will be developed into a default profile for domain users. Log out and in with the user.
>>
>>
>>Open Keychain Access and delete "Login"
>>
>>Spend some time opening all the applications on the operating system, registering all welcome prompts, and performing all necessary updates/changes.
>>
>>
>>
>>**THIS MAY BE WHAT YOU'RE LOOKING FOR"**
>>Go back to System Preferences > User and Groups. Right-click the appropriate account > Advanced Options: set the Home Directory to smb://[REALM_OF_DC]/$USER
>>
>>
>>Open a terminal: 
>>sudo rm /Users/[new_default_account]/Library/Caches/*
>>sudo rm -rf /System/Library/User\ Template/English.lproj/*
>>
>>cd /System/Library/User\ Template/English.lproj/
sudo rsync -rav /Users/[new_default_account]/ . (that's a period, so you're copying into the present working directory above)
>>
>>
>>Apple > Recent items > Clear Menu
>>Reboot into your normal Admin account. 
>>
>>Disk utility > repair disk permissions
>>Delete the account that's been set up. 
>>
>>
>>
>>As Admin, let's bind to the domain controller. Head back to Users and Groups and head to Login Options.
>>Edit Network Account Server > Open Directory Utility > Active Directory
>>
>>Bind to your active directory FQDN. 
>>
>>Under User Experience, uncheck both "Create mobile account at login" and "Force local home directory on startup disk."
>>
>>
>>The one other clincher, I think, was going to the ADUC snap-in and mapping the home directory for all users.
>>
>>
>>
>>On Thu, Oct 3, 2013 at 6:04 AM, Athan DE JONG <athan.dejong at yahoo.fr> wrote:
>>
>>Hi 
>>>
>>>I have setup a samba 4 DC with mixed client environment.
>>>My problem is that the mac osx client are unable to write to a samba 4 share.
>>>
>>>I tested mac osx clients on a normal windows 7 share and it works fine
>>>I tested mac osx clients on a samba 3.5 .. share and everything works fine.
>>>
>>>As i am in a professional environment and all the windows clients are already binded to the samba 4 domain i can not step back to samba3.
>>>
>>>My mac osx clients are binded and im able to view/edit active directory from the mac.
>>>
>>>My only issue is that i can not write to the samba 4 shares. i have verified all about permissions, and my thought is that mac osx confuses unix and acl rights.
>>>
>>>Is there a workaround or a special thing to do regarding UID map GUID map
>>>
>>>please be aware that i'm not a mac specialist, but have to handlwith it because of professional reasons.
>>>
>>>i am searching a solution for weeks now and really need some help !
>>>
>>>Kind regards
>>>--
>>>To unsubscribe from this list go to the following URL and read the
>>>instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>
>>
>>
>
>
>

More information about the samba mailing list