[Samba] Samba4 creating share and setting permissions without windows tools

Daniel Müller mueller at tropenklinik.de
Thu Jul 31 23:51:38 MDT 2014 

Hi,
setfacl and getfacl is your way to set it.

Greetings 
Daniel


EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen 
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de




-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
Auftrag von Ryan Ashley
Gesendet: Freitag, 1. August 2014 01:00
An: samba at lists.samba.org
Betreff: Re: [Samba] Samba4 creating share and setting permissions without
windows tools

Rowland, it is missing because it is not needed. The installer, at least on
GNU systems, places the files in the correct location. Here is a dump from a
working file-server running Debian 7.5 Wheezy 64bit.

root at fs01:/usr/lib# l ./libnss*
lrwxrwxrwx 1 root root    19 Jul 29 11:42 ./libnss_winbind.so -> 
libnss_winbind.so.2
-rwxr-xr-x 1 root root 23879 Jul 29 11:41 ./libnss_winbind.so.2
lrwxrwxrwx 1 root root    16 Jul 29 11:42 ./libnss_wins.so -> 
libnss_wins.so.2
-rwxr-xr-x 1 root root 13943 Jul 29 11:42 ./libnss_wins.so.2
root at fs01:/usr/lib#

I have never made those symlinks personally. GNU systems, and others AFAIK,
will search /usr/lib for libraries as well as /lib or /lib64.

Also, 64bit GNU systems use /lib, not /lib64. The /lib64 directory is
normally empty and all 64bit libraries are in /lib. Check that out on a
recent Debian or Ubuntu build. There was discussion of changing this a year
or so back, but apparently it never happened. Heck, this laptop is Wheezy
64bit and /lib64 is empty, minus a single symlink to "ld-linux-x86-64.so.2",
which points to "/lib/x86_64-linux-gnu/ld-2.13.so".

Does this mean that there should be a different install setup for each
distro? Also, why is S4 installing to /usr/local on your end? Mine installs
nothing from S4 to /usr/local.

On 07/31/2014 03:45 PM, Rowland Penny wrote:
> On 31/07/14 20:26, Diego Llovet wrote:
>> ok, but I have an empty /etc/nsswitch and windbind is stopped, 
>> according to wiki there is not necessary or at least not mentioned
>>
>> ________ smb.conf
>> # Global parameters
>> [global]
>>         workgroup = DOMAIN
>>         realm = DOMAIN.COM <http://DOMAIN.COM>
>>         netbios name = PRUEBASDIEGO
>>         interfaces = lo, eth0
>>         bind interfaces only = Yes
>>         server role = active directory domain controller
>>         idmap_ldb:use rfc2307 = yes
>>
>> [netlogon]
>>         path = /usr/local/samba/var/locks/sysvol/domain.com/scripts
>> <http://domain.com/scripts>
>>         read only = No
>>
>> [sysvol]
>>         path = /usr/local/samba/var/locks/sysvol
>>         read only = No
>>
>> [home]
>>         path = /home/homeUsers/
>>         read only = No
>>
>> [share]
>>         path = /home/share
>>         read only = no
>>         create mask = 0777
>>
>> [People]
>>         path = /home/people/
>>         read only = No
>> ________
>>
>> Provisioned samba4
>>
>> samba-tool domain provision --use-rfc2307 --interactive 
>> --option="interfaces=lo eth0" --option="bind interfaces only=yes"
>>
>>
>>
>>
>> 2014-07-31 14:56 GMT-03:00 Rowland Penny <rowlandpenny at googlemail.com
>> <mailto:rowlandpenny at googlemail.com>>:
>>
>>     On 31/07/14 18:47, Diego Llovet wrote:
>>
>>         Hi,
>>         wbinfo -g return the groups that I created withh samba-toll
>>         group add IT
>>         getent group IT return nothing
>>
>>
>>     That is where your problem lies, you need to be able to run
>>     'getent passwd' and have it return your users and 'getent group
>>     <groupname>' needs to return info about the group.
>>
>>     Could you post your smb.conf, /etc/nsswitch and how you
>>     provisioned the samba4 server.
>>
>>     Rowland
>>
>>
>>
>>         2014-07-31 13:18 GMT-03:00 Rowland Penny
>>         <rowlandpenny at googlemail.com
>>         <mailto:rowlandpenny at googlemail.com>
>>         <mailto:rowlandpenny at googlemail.com
>>         <mailto:rowlandpenny at googlemail.com>>>:
>>
>>
>>             On 31/07/14 14:48, Diego Llovet wrote:
>>
>>                 Hello,
>>
>>                 I need a way to set permissions to share folder
>>         without to use
>>                 RSAT, I've
>>                 not found anything about that.
>>
>>                 The samba wiki said that
>>
>>                 ---------------------
>>                 Change permissions on folders of a share
>>
>>
>>                 Changes of permissions are done using the classic *nix
>>         tools
>>                 'chmod',
>>                 'chown' and 'chgrp'.
>>
>>                 Example:
>>
>>                   Code:
>>
>>                 # mkdir /srv/samba/Demo/Example/
>>                 # chown foobar:DemoGroup /srv/samba/Demo/Example/
>>                 # chmod 2770 /srv/samba/Demo/Example/
>>
>>                 -------------------
>>
>>                 I created a group DemoGroup with "samba-tool group add
>>         DemoGroup"
>>                 Then, when I did
>>                 Code:
>>
>>                 chown foobar:DemoGroup /srv/samba/Demo/Example/
>>
>>                 I got this error
>>                   Code:
>>
>>                 chown: invalid group: "DemoGroup"
>>
>>                 What must I do to allow groups created by samba-tool 
>> works
>>                 with chown??
>>
>>                 How can I do to assign permissions to a shared folder 
>> from
>>                 command line
>>                 using the power of samba4?
>>
>>                 Thank you in advance
>>
>>             Hi, what does 'wbinfo -g' and 'getent group DemoGroup'
>>         return ?
>>
>>             Rowland
>>
>>             --     To unsubscribe from this list go to the following
>>         URL and read the
>>             instructions: 
>> https://lists.samba.org/mailman/options/samba
>>
>>
>>
>>     --     To unsubscribe from this list go to the following URL and 
>> read the
>>     instructions: https://lists.samba.org/mailman/options/samba
>>
>>
> I some how thought that was what you were going to say, it would seem 
> that part of the samba dc howto wiki page has gone missing, or rather 
> it has migrated totally to another page!!
>
>
>  Make domain users/groups available locally through Winbind
>
> To have your domain users and groups available locally on your Member 
> Server, you need to place two links in your /lib64 folder:
>
> # ln -s /usr/local/samba/lib/libnss_winbind.so /lib64 # ln -s 
> /lib64/libnss_winbind.so /lib64/libnss_winbind.so.2 # ldconfig
>
> *If you are running a 32-bit system ("uname -i" will return "i686"), 
> you have to use /lib instead!*
>
> The final step of the configuration is to add 'winbind' to the 
> 'passwd' and 'group' entry of your /etc/nsswitch.conf:
>
> passwd: compat winbind
> group:  compat winbind
>
>
> HINT HINT Marc ;-)
>
> Do the above and see if this helps.
>
> Rowland
>

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list