[Samba] Cannot add ACL through windows client
Zoddo
zoddo.ino at gmail.com
Sat Oct 25 12:15:48 MDT 2014
up
2014-10-24 15:46 GMT+02:00 Zoddo <zoddo.ino at gmail.com>:
> up
>
> 2014-10-23 17:31 GMT+02:00 Zoddo <zoddo.ino at gmail.com>:
>
>> I just did a test, even creating the account in a local machine (with the
>> same password), I don't able to add a permission on the file for this user.
>>
>> There is another problem.
>>
>> 2014-10-23 17:21 GMT+02:00 Zoddo <zoddo.ino at gmail.com>:
>>
>>> But a Windows machine is able to get account name on existing
>>> permissions. There must be an solution. It's impossible for me to create
>>> accounts on the clients machines.
>>>
>>> 2014-10-22 16:12 GMT+02:00 Rowland Penny <rowlandpenny at googlemail.com>:
>>>
>>>> On 22/10/14 15:01, Zoddo wrote:
>>>>
>>>>> I don't want to add an ACL on an unknown user from samba but add an
>>>>> ACL on a user that exist in the samba database but unknown by the client
>>>>> machine.
>>>>>
>>>> OK, I should also have said that if you try to user a samba user that
>>>> is unknown to windows, this will also fail because the user MUST be known
>>>> everywhere.
>>>>
>>>>
>>>>> The clients machines weren't in a domain.
>>>>>
>>>> Yes I know, I said that you were using a workgroup, they are terrible
>>>> things, when you want to add a user, you have to log into every machine in
>>>> the workgroup that they are to be created or will connect to and add the
>>>> user.
>>>>
>>>> Rowland
>>>>
>>>>>
>>>>> 2014-10-22 15:54 GMT+02:00 Rowland Penny <rowlandpenny at googlemail.com
>>>>> <mailto:rowlandpenny at googlemail.com>>:
>>>>>
>>>>> On 22/10/14 14:34, Zoddo wrote:
>>>>>
>>>>> Yes, the user exist in //etc/passwd/ and in the samba database
>>>>> with the same password.
>>>>> The user doesn't exist on the windows machine. I just want add
>>>>> a permission on directories/files for an another user that
>>>>> exist in the unix/samba database.
>>>>>
>>>>>
>>>>> You are running a workgroup and if you attempt to connect to a
>>>>> samba share, you will probably be asked who to connect as, at this
>>>>> point, you can use a username & password of a user that samba
>>>>> knows and you should be connected as the samba user. If you now
>>>>> try to change the ACL's of a file on the share from windows and
>>>>> try to use a windows user that is unknown to samba, this will fail
>>>>> because, to samba, it is an unknown user.
>>>>>
>>>>> Rowland
>>>>>
>>>>> 2014-10-22 15:15 GMT+02:00 Rowland Penny
>>>>> <rowlandpenny at googlemail.com
>>>>> <mailto:rowlandpenny at googlemail.com>
>>>>> <mailto:rowlandpenny at googlemail.com
>>>>> <mailto:rowlandpenny at googlemail.com>>>:
>>>>>
>>>>> On 22/10/14 13:47, Zoddo wrote:
>>>>>
>>>>> up !
>>>>>
>>>>> 2014-10-20 23:19 GMT+02:00 Zoddo <zoddo.ino at gmail.com
>>>>> <mailto:zoddo.ino at gmail.com>
>>>>> <mailto:zoddo.ino at gmail.com
>>>>> <mailto:zoddo.ino at gmail.com>> <mailto:zoddo.ino at gmail.com
>>>>> <mailto:zoddo.ino at gmail.com>
>>>>> <mailto:zoddo.ino at gmail.com
>>>>> <mailto:zoddo.ino at gmail.com>>>>:
>>>>>
>>>>> Yes, it's this !
>>>>>
>>>>> 2014-10-20 23:17 GMT+02:00 Rowland Penny
>>>>> <rowlandpenny at googlemail.com
>>>>> <mailto:rowlandpenny at googlemail.com>
>>>>> <mailto:rowlandpenny at googlemail.com
>>>>> <mailto:rowlandpenny at googlemail.com>>
>>>>> <mailto:rowlandpenny at googlemail.com
>>>>> <mailto:rowlandpenny at googlemail.com>
>>>>> <mailto:rowlandpenny at googlemail.com
>>>>> <mailto:rowlandpenny at googlemail.com>>>>:
>>>>>
>>>>> On 20/10/14 22:11, Zoddo wrote:
>>>>>
>>>>> Yes, the users is UNIX accounts "imported"
>>>>> in
>>>>> samba via
>>>>> /smbpasswd/.
>>>>>
>>>>> Windows machines are in the same workgroup.
>>>>>
>>>>> 2014-10-20 22:56 GMT+02:00 Rowland Penny
>>>>> <rowlandpenny at googlemail.com
>>>>> <mailto:rowlandpenny at googlemail.com>
>>>>> <mailto:rowlandpenny at googlemail.com
>>>>> <mailto:rowlandpenny at googlemail.com>>
>>>>> <mailto:rowlandpenny at googlemail.com
>>>>> <mailto:rowlandpenny at googlemail.com>
>>>>> <mailto:rowlandpenny at googlemail.com
>>>>> <mailto:rowlandpenny at googlemail.com>>>
>>>>> <mailto:rowlandpenny at googlemail.com
>>>>> <mailto:rowlandpenny at googlemail.com>
>>>>> <mailto:rowlandpenny at googlemail.com
>>>>> <mailto:rowlandpenny at googlemail.com>>
>>>>> <mailto:rowlandpenny at googlemail.com
>>>>> <mailto:rowlandpenny at googlemail.com>
>>>>> <mailto:rowlandpenny at googlemail.com
>>>>> <mailto:rowlandpenny at googlemail.com>>>>>:
>>>>>
>>>>>
>>>>> On 20/10/14 21:43, Zoddo wrote:
>>>>>
>>>>> Samba has been installed via Debian
>>>>> repositories
>>>>> (apt-get).
>>>>>
>>>>> Here is my /smb.conf/ :
>>>>>
>>>>>
>>>>> #
>>>>> # Sample configuration file
>>>>> for the Samba
>>>>> suite for Debian
>>>>> GNU/Linux.
>>>>> #
>>>>> #
>>>>> # This is the main Samba
>>>>> configuration
>>>>> file.
>>>>> You should
>>>>> read the
>>>>> # smb.conf(5) manual page in
>>>>> order to
>>>>> understand the
>>>>> options listed
>>>>> # here. Samba has a huge
>>>>> number of
>>>>> configurable options
>>>>> most of which
>>>>> # are not shown in this example
>>>>> #
>>>>> # Some options that are often
>>>>> worth tuning
>>>>> have been
>>>>> included as
>>>>> # commented-out examples in
>>>>> this file.
>>>>> # - When such options are
>>>>> commented
>>>>> with ";", the
>>>>> proposed setting
>>>>> # differs from the default
>>>>> Samba
>>>>> behaviour
>>>>> # - When commented with "#",
>>>>> the proposed
>>>>> setting is the
>>>>> default
>>>>> # behaviour of Samba but
>>>>> the option is
>>>>> considered important
>>>>> # enough to be mentioned
>>>>> here
>>>>> #
>>>>> # NOTE: Whenever you modify
>>>>> this file you
>>>>> should run the
>>>>> command
>>>>> # "testparm" to check that you
>>>>> have
>>>>> not made
>>>>> any basic
>>>>> syntactic
>>>>> # errors.
>>>>> # A well-established practice
>>>>> is to
>>>>> name the
>>>>> original file
>>>>> # "smb.conf.master" and create
>>>>> the "real"
>>>>> config file with
>>>>> # testparm -s smb.conf.master
>>>>> >smb.conf
>>>>> # This minimizes the size of
>>>>> the
>>>>> really used
>>>>> smb.conf file
>>>>> # which, according to the
>>>>> Samba Team,
>>>>> impacts
>>>>> performance
>>>>> # However, use this with
>>>>> caution if your
>>>>> smb.conf file
>>>>> contains nested
>>>>> # "include" statements. See
>>>>> Debian bug
>>>>> #483187
>>>>> for a case
>>>>> # where using a master file is
>>>>> not a
>>>>> good idea.
>>>>> #
>>>>> #=======================
>>>>> Global Settings
>>>>> =======================
>>>>> [global]
>>>>> username map =
>>>>> /etc/samba/samba_usermapping
>>>>> ## Browsing/Identification ###
>>>>> # Change this to the
>>>>> workgroup/NT-domain name
>>>>> your Samba
>>>>> server
>>>>> will part of
>>>>> workgroup = WORKGROUP
>>>>> # server string is the
>>>>> equivalent of
>>>>> the NT
>>>>> Description field
>>>>> server string = %h server
>>>>> # Windows Internet Name Serving
>>>>> Support Section:
>>>>> # WINS Support - Tells the NMBD
>>>>> component of
>>>>> Samba to
>>>>> enable its
>>>>> WINS Server
>>>>> # wins support = no
>>>>> # WINS Server - Tells the NMBD
>>>>> components of
>>>>> Samba to be a
>>>>> WINS Client
>>>>> # Note: Samba can be either a
>>>>> WINS
>>>>> Server, or
>>>>> a WINS
>>>>> Client, but
>>>>> NOT both
>>>>> ; wins server = w.x.y.z
>>>>> # This will prevent nmbd to
>>>>> search for
>>>>> NetBIOS
>>>>> names
>>>>> through DNS.
>>>>> dns proxy = no
>>>>> # What naming service and in
>>>>> what
>>>>> order should
>>>>> we use to
>>>>> resolve
>>>>> host names
>>>>> # to IP addresses
>>>>> ; name resolve order =
>>>>> lmhosts host
>>>>> wins bcast
>>>>> #### Networking ####
>>>>> # The specific set of
>>>>> interfaces /
>>>>> networks to
>>>>> bind to
>>>>> # This can be either the
>>>>> interface
>>>>> name or an IP
>>>>> address/netmask;
>>>>> # interface names are normally
>>>>> preferred
>>>>> ; interfaces = 127.0.0.0/8
>>>>> <http://127.0.0.0/8>
>>>>> <http://127.0.0.0/8>
>>>>> <http://127.0.0.0/8> <http://127.0.0.0/8>
>>>>> <http://127.0.0.0/8> eth0
>>>>>
>>>>> # Only bind to the named
>>>>> interfaces and/or
>>>>> networks; you
>>>>> must use the
>>>>> # 'interfaces' option above to
>>>>> use this.
>>>>> # It is recommended that you
>>>>> enable this
>>>>> feature if your Samba
>>>>> machine is
>>>>> # not protected by a firewall
>>>>> or is a
>>>>> firewall
>>>>> itself. However, this
>>>>> # option cannot handle dynamic
>>>>> or
>>>>> non-broadcast interfaces
>>>>> correctly.
>>>>> ; bind interfaces only = yes
>>>>>
>>>>>
>>>>> #### Debugging/Accounting ####
>>>>> # This tells Samba to use a
>>>>> separate
>>>>> log file
>>>>> for each machine
>>>>> # that connects
>>>>> log file =
>>>>> /var/log/samba/log.%m
>>>>> # Cap the size of the
>>>>> individual log
>>>>> files (in
>>>>> KiB).
>>>>> max log size = 1000
>>>>> # If you want Samba to only log
>>>>> through syslog
>>>>> then set
>>>>> the following
>>>>> # parameter to 'yes'.
>>>>> # syslog only = no
>>>>> # We want Samba to log a
>>>>> minimum amount of
>>>>> information to
>>>>> syslog.
>>>>> Everything
>>>>> # should go to
>>>>> /var/log/samba/log.{smbd,nmbd}
>>>>> instead. If
>>>>> you want
>>>>> to log
>>>>> # through syslog you should
>>>>> set the
>>>>> following
>>>>> parameter to
>>>>> something higher.
>>>>> syslog = 0
>>>>> # Do something sensible when
>>>>> Samba
>>>>> crashes:
>>>>> mail the admin
>>>>> a backtrace
>>>>> panic action =
>>>>> /usr/share/samba/panic-action %d
>>>>>
>>>>> ####### Authentication #######
>>>>> # "security = user" is always
>>>>> a good idea.
>>>>> This will require a
>>>>> Unix account
>>>>> # in this server for every user
>>>>> accessing the
>>>>> server. See
>>>>> #
>>>>> /usr/share/doc/samba-doc/
>>>>> htmldocs/Samba3-HOWTO/ServerType.html
>>>>> # in the samba-doc package for
>>>>> details.
>>>>> # security = user
>>>>> # You may wish to use password
>>>>> encryption. See the section on
>>>>> # 'encrypt passwords' in the
>>>>> smb.conf(5)
>>>>> manpage before
>>>>> enabling.
>>>>> encrypt passwords = true
>>>>> # If you are using encrypted
>>>>> passwords, Samba
>>>>> will need to
>>>>> know what
>>>>> # password database type you
>>>>> are using.
>>>>> passdb backend = tdbsam
>>>>> obey pam restrictions = yes
>>>>> # This boolean parameter
>>>>> controls whether
>>>>> Samba attempts
>>>>> to sync
>>>>> the Unix
>>>>> # password with the SMB
>>>>> password when the
>>>>> encrypted SMB
>>>>> password
>>>>> in the
>>>>> # passdb is changed.
>>>>> unix password sync = yes
>>>>> # For Unix password sync to
>>>>> work on a
>>>>> Debian
>>>>> GNU/Linux
>>>>> system, the
>>>>> following
>>>>> # parameters must be set
>>>>> (thanks to
>>>>> Ian Kahan
>>>>> <<kahan at informatik.tu-
>>>>> muenchen.de
>>>>> <mailto:kahan at informatik.tu-muenchen.de>
>>>>> <mailto:kahan at informatik.tu-muenchen.de
>>>>> <mailto:kahan at informatik.tu-muenchen.de>>
>>>>> <mailto:kahan at informatik.tu-muenchen.de
>>>>> <mailto:kahan at informatik.tu-muenchen.de>
>>>>> <mailto:kahan at informatik.tu-muenchen.de
>>>>> <mailto:kahan at informatik.tu-muenchen.de>>>
>>>>> <mailto:
>>>>> kahan at informatik.tu-muenchen.de
>>>>> <mailto:kahan at informatik.tu-muenchen.de>
>>>>> <mailto:kahan at informatik.tu-muenchen.de
>>>>> <mailto:kahan at informatik.tu-muenchen.de>>
>>>>> <mailto:kahan at informatik.tu-muenchen.de
>>>>> <mailto:kahan at informatik.tu-muenchen.de>
>>>>> <mailto:kahan at informatik.tu-muenchen.de
>>>>> <mailto:kahan at informatik.tu-muenchen.de>>>>
>>>>> <mailto:
>>>>> kahan at informatik.tu-muenchen.de
>>>>> <mailto:kahan at informatik.tu-muenchen.de>
>>>>> <mailto:kahan at informatik.tu-muenchen.de
>>>>> <mailto:kahan at informatik.tu-muenchen.de>>
>>>>> <mailto:kahan at informatik.tu-muenchen.de
>>>>> <mailto:kahan at informatik.tu-muenchen.de>
>>>>> <mailto:kahan at informatik.tu-muenchen.de
>>>>> <mailto:kahan at informatik.tu-muenchen.de>>>
>>>>>
>>>>> <mailto:
>>>>> kahan at informatik.tu-muenchen.de
>>>>> <mailto:kahan at informatik.tu-muenchen.de>
>>>>> <mailto:kahan at informatik.tu-muenchen.de
>>>>> <mailto:kahan at informatik.tu-muenchen.de>>
>>>>> <mailto:kahan at informatik.tu-muenchen.de
>>>>> <mailto:kahan at informatik.tu-muenchen.de>
>>>>> <mailto:kahan at informatik.tu-muenchen.de
>>>>> <mailto:kahan at informatik.tu-muenchen.de>>>>>> for
>>>>>
>>>>> # sending the correct chat
>>>>> script for the
>>>>> passwd program
>>>>> in Debian
>>>>> Sarge).
>>>>> passwd program =
>>>>> /usr/bin/passwd %u
>>>>> passwd chat =
>>>>> *Enter\snew\s*\spassword:* %n\n
>>>>> *Retype\snew\s*\spassword:* %n\n
>>>>> *password\supdated\ssuccessfully*
>>>>> .
>>>>> # This boolean controls
>>>>> whether PAM
>>>>> will be
>>>>> used for
>>>>> password changes
>>>>> # when requested by an SMB
>>>>> client
>>>>> instead of
>>>>> the program
>>>>> listed in
>>>>> # 'passwd program'. The
>>>>> default is 'no'.
>>>>> pam password change = yes
>>>>> # This option controls how
>>>>> unsuccessful
>>>>> authentication
>>>>> attempts
>>>>> are mapped
>>>>> # to anonymous connections
>>>>> map to guest = bad user
>>>>> ########## Domains ###########
>>>>> # Is this machine able to
>>>>> authenticate
>>>>> users.
>>>>> Both PDC and BDC
>>>>> # must have this setting
>>>>> enabled. If
>>>>> you are
>>>>> the BDC you must
>>>>> # change the 'domain master'
>>>>> setting to no
>>>>> #
>>>>> ; domain logons = yes
>>>>> #
>>>>> # The following setting only
>>>>> takes
>>>>> effect if
>>>>> 'domain
>>>>> logons' is set
>>>>> # It specifies the location of
>>>>> the user's
>>>>> profile directory
>>>>> # from the client point of
>>>>> view)
>>>>> # The following required a
>>>>> [profiles]
>>>>> share to
>>>>> be setup on the
>>>>> # samba server (see below)
>>>>> ; logon path =
>>>>> \\%N\profiles\%U
>>>>> # Another common choice is
>>>>> storing the
>>>>> profile
>>>>> in the
>>>>> user's home
>>>>> directory
>>>>> # (this is Samba's default)
>>>>> # logon path =
>>>>> \\%N\%U\profile
>>>>> # The following setting only
>>>>> takes
>>>>> effect if
>>>>> 'domain
>>>>> logons' is set
>>>>> # It specifies the location of
>>>>> a
>>>>> user's home
>>>>> directory
>>>>> (from the
>>>>> client
>>>>> # point of view)
>>>>> ; logon drive = H:
>>>>> # logon home = \\%N\%U
>>>>> # The following setting only
>>>>> takes
>>>>> effect if
>>>>> 'domain
>>>>> logons' is set
>>>>> # It specifies the script to
>>>>> run
>>>>> during logon.
>>>>> The script
>>>>> must be
>>>>> stored
>>>>> # in the [netlogon] share
>>>>> # NOTE: Must be store in 'DOS'
>>>>> file format
>>>>> convention
>>>>> ; logon script = logon.cmd
>>>>> # This allows Unix users to be
>>>>> created
>>>>> on the
>>>>> domain
>>>>> controller
>>>>> via the SAMR
>>>>> # RPC pipe. The example
>>>>> command creates a
>>>>> user account with a
>>>>> disabled Unix
>>>>> # password; please adapt to
>>>>> your needs
>>>>> ; add user script =
>>>>> /usr/sbin/adduser
>>>>> --quiet
>>>>> --disabled-password
>>>>> --gecos "" %u
>>>>> # This allows machine accounts
>>>>> to be
>>>>> created
>>>>> on the domain
>>>>> controller via the
>>>>> # SAMR RPC pipe.
>>>>> # The following assumes a
>>>>> "machines" group
>>>>> exists on the
>>>>> system
>>>>> ; add machine script =
>>>>> /usr/sbin/useradd -g
>>>>> machines -c "%u
>>>>> machine account" -d
>>>>> /var/lib/samba -s
>>>>> /bin/false %u
>>>>> # This allows Unix groups to be
>>>>> created on the
>>>>> domain
>>>>> controller
>>>>> via the SAMR
>>>>> # RPC pipe.
>>>>> ; add group script =
>>>>> /usr/sbin/addgroup
>>>>> --force-badname %g
>>>>> ########## Printing ##########
>>>>> # If you want to automatically
>>>>> load your
>>>>> printer list rather
>>>>> # than setting them up
>>>>> individually then
>>>>> you'll need this
>>>>> # load printers = yes
>>>>> # lpr(ng) printing. You may
>>>>> wish to
>>>>> override
>>>>> the location
>>>>> of the
>>>>> # printcap file
>>>>> ; printing = bsd
>>>>> ; printcap name =
>>>>> /etc/printcap
>>>>> # CUPS printing. See also the
>>>>> cupsaddsmb(8)
>>>>> manpage in the
>>>>> # cupsys-client package.
>>>>> ; printing = cups
>>>>> ; printcap name = cups
>>>>> ############ Misc ############
>>>>> # Using the following line
>>>>> enables you to
>>>>> customise your
>>>>> configuration
>>>>> # on a per machine basis. The
>>>>> %m gets
>>>>> replaced
>>>>> with the
>>>>> netbios name
>>>>> # of the machine that is
>>>>> connecting
>>>>> ; include =
>>>>> /home/samba/etc/smb.conf.%m
>>>>> # Most people will find that
>>>>> this
>>>>> option gives
>>>>> better
>>>>> performance.
>>>>> # See smb.conf(5) and
>>>>> /usr/share/doc/samba-doc/htmldocs/Samba3-HOWTO/speed.
>>>>> html
>>>>> # for details
>>>>> # You may want to add the
>>>>> following on
>>>>> a Linux
>>>>> system:
>>>>> # SO_RCVBUF=8192 SO_SNDBUF=8192
>>>>> # socket options =
>>>>> TCP_NODELAY
>>>>> # The following parameter is
>>>>> useful
>>>>> only if
>>>>> you have the
>>>>> linpopup
>>>>> package
>>>>> # installed. The samba
>>>>> maintainer and
>>>>> the linpopup
>>>>> maintainer are
>>>>> # working to ease installation
>>>>> and
>>>>> configuration of
>>>>> linpopup and
>>>>> samba.
>>>>> ; message command = /bin/sh
>>>>> -c
>>>>> '/usr/bin/linpopup "%f"
>>>>> "%m" %s;
>>>>> rm %s' &
>>>>> # Domain Master specifies
>>>>> Samba to be the
>>>>> Domain Master
>>>>> Browser.
>>>>> If this
>>>>> # machine will be configured
>>>>> as a BDC (a
>>>>> secondary logon
>>>>> server), you
>>>>> # must set this to 'no';
>>>>> otherwise, the
>>>>> default behavior is
>>>>> recommended.
>>>>> # domain master = auto
>>>>> # Some defaults for winbind
>>>>> (make sure
>>>>> you're
>>>>> not using
>>>>> the ranges
>>>>> # for something else.)
>>>>> ; idmap uid = 10000-20000
>>>>> ; idmap gid = 10000-20000
>>>>> ; template shell = /bin/bash
>>>>> # The following was the default
>>>>> behaviour in
>>>>> sarge,
>>>>> # but samba upstream reverted
>>>>> the default
>>>>> because it might
>>>>> induce
>>>>> # performance issues in large
>>>>> organizations.
>>>>> # See Debian bug #368251 for
>>>>> some of the
>>>>> consequences of *not*
>>>>> # having this setting and
>>>>> smb.conf(5)
>>>>> for details.
>>>>> ; winbind enum groups = yes
>>>>> ; winbind enum users = yes
>>>>> # Setup usershare options to
>>>>> enable
>>>>> non-root
>>>>> users to
>>>>> share folders
>>>>> # with the net usershare
>>>>> command.
>>>>> # Maximum number of usershare.
>>>>> 0 (default)
>>>>> means that
>>>>> usershare is
>>>>> disabled.
>>>>> ; usershare max shares = 100
>>>>> # Allow users who've been
>>>>> granted
>>>>> usershare
>>>>> privileges to
>>>>> create
>>>>> # public shares, not just
>>>>> authenticated ones
>>>>> usershare allow guests = yes
>>>>> #======================= Share
>>>>> Definitions
>>>>> =======================
>>>>> [homes]
>>>>> comment = Home Directories
>>>>> browseable = no
>>>>> # By default, the home
>>>>> directories are
>>>>> exported read-only.
>>>>> Change the
>>>>> # next parameter to 'no' if
>>>>> you want to be
>>>>> able to write
>>>>> to them.
>>>>> read only = yes
>>>>> # File creation mask is set to
>>>>> 0700 for
>>>>> security reasons.
>>>>> If you
>>>>> want to
>>>>> # create files with group=rw
>>>>> permissions, set next
>>>>> parameter to 0775.
>>>>> create mask = 0700
>>>>> # Directory creation mask is
>>>>> set to
>>>>> 0700 for
>>>>> security
>>>>> reasons. If
>>>>> you want to
>>>>> # create dirs. with group=rw
>>>>> permissions, set next
>>>>> parameter to 0775.
>>>>> directory mask = 0700
>>>>> # By default,
>>>>> \\server\username shares
>>>>> can be
>>>>> connected to
>>>>> by anyone
>>>>> # with access to the samba
>>>>> server.
>>>>> # The following parameter
>>>>> makes sure
>>>>> that only
>>>>> "username"
>>>>> can connect
>>>>> # to \\server\username
>>>>> # This might need tweaking
>>>>> when using
>>>>> external
>>>>> authentication schemes
>>>>> valid users = %S
>>>>> # Un-comment the following and
>>>>> create
>>>>> the netlogon
>>>>> directory for
>>>>> Domain Logons
>>>>> # (you need to configure Samba
>>>>> to act
>>>>> as a domain
>>>>> controller too.)
>>>>> ;[netlogon]
>>>>> ; comment = Network Logon
>>>>> Service
>>>>> ; path = /home/samba/netlogon
>>>>> ; guest ok = yes
>>>>> ; read only = yes
>>>>> # Un-comment the following and
>>>>> create
>>>>> the profiles
>>>>> directory to store
>>>>> # users profiles (see the
>>>>> "logon path"
>>>>> option
>>>>> above)
>>>>> # (you need to configure Samba
>>>>> to act
>>>>> as a domain
>>>>> controller too.)
>>>>> # The path below should be
>>>>> writable by all
>>>>> users so that their
>>>>> # profile directory may be
>>>>> created the
>>>>> first
>>>>> time they log on
>>>>> ;[profiles]
>>>>> ; comment = Users profiles
>>>>> ; path = /home/samba/profiles
>>>>> ; guest ok = no
>>>>> ; browseable = no
>>>>> ; create mask = 0600
>>>>> ; directory mask = 0700
>>>>> [printers]
>>>>> comment = All Printers
>>>>> browseable = no
>>>>> path = /var/spool/samba
>>>>> printable = yes
>>>>> guest ok = no
>>>>> read only = yes
>>>>> create mask = 0700
>>>>> # Windows clients look for
>>>>> this share
>>>>> name as
>>>>> a source of
>>>>> downloadable
>>>>> # printer drivers
>>>>> [print$]
>>>>> comment = Printer Drivers
>>>>> path =
>>>>> /var/lib/samba/printers
>>>>> browseable = yes
>>>>> read only = yes
>>>>> guest ok = no
>>>>> # Uncomment to allow remote
>>>>> administration of
>>>>> Windows
>>>>> print drivers.
>>>>> # You may need to replace
>>>>> 'lpadmin'
>>>>> with the
>>>>> name of the
>>>>> group your
>>>>> # admin users are members of.
>>>>> # Please note that you also
>>>>> need to set
>>>>> appropriate Unix
>>>>> permissions
>>>>> # to the drivers directory for
>>>>> these
>>>>> users to
>>>>> have write
>>>>> rights in it
>>>>> ; write list = root, @lpadmin
>>>>> # A sample share for sharing
>>>>> your
>>>>> CD-ROM with
>>>>> others.
>>>>> ;[cdrom]
>>>>> ; comment = Samba server's
>>>>> CD-ROM
>>>>> ; read only = yes
>>>>> ; locking = no
>>>>> ; path = /cdrom
>>>>> ; guest ok = yes
>>>>> # The next two parameters show
>>>>> how to
>>>>> auto-mount a CD-ROM
>>>>> when the
>>>>> #cdrom share is accesed. For
>>>>> this to work
>>>>> /etc/fstab must
>>>>> contain
>>>>> #an entry like this:
>>>>> #
>>>>> # /dev/scd0 /cdrom
>>>>> iso9660
>>>>> defaults,noauto,ro,user 0 0
>>>>> #
>>>>> # The CD-ROM gets unmounted
>>>>> automatically
>>>>> after the
>>>>> connection to the
>>>>> #
>>>>> # If you don't want to use
>>>>> auto-mounting/unmounting make
>>>>> sure the CD
>>>>> #is mounted on /cdrom
>>>>> #
>>>>> ; preexec = /bin/mount /cdrom
>>>>> ; postexec = /bin/umount
>>>>> /cdrom
>>>>>
>>>>> [data]
>>>>> writeable = yes
>>>>> path = /data
>>>>>
>>>>>
>>>>>
>>>>> 2014-10-20 22:26 GMT+02:00 Rowland
>>>>
>>>>
>>>
>>
>
More information about the samba
mailing list