[Samba] samba 4.1.17

Tadewos Alemneh tadewosa at yahoo.com
Sun Sep 13 18:46:08 UTC 2015

Disc partition ext4./ partition 800 Gbswap 20 GB
Software RAID is also configured.My Question is: except for share path, is there any configuration and permission setting error in my configuration?Is it necessary to have one main share folder in /home in which I create subfolders as independent shares for corresponding users (only privileged users can access) or should I create in /home directly so many share folders as needed?
What do you mean by "make sure you use something that will cope with ACLs"
Thank you

      From: Rowland Penny <rowlandpenny241155 at gmail.com>
 To: "samba at lists.samba.org" <samba at lists.samba.org> 
 Sent: Sunday, September 13, 2015 8:25 PM
 Subject: Re: [Samba] samba 4.1.17
On 13/09/15 19:02, Tadewos Alemneh wrote:
> Thank you very much Rowland.
> As you correctly said I've installed AD DC.
> Here are some configuration details.
> krb5.conf
>        #default_realm = ${REALM}
>        default_realm = INTRASRV.LOCAL
>        dns_lookup_realm = false
>        dns_lookup_kdc = true

krb5.conf is correct

> resolv.conf
> nameserver
> nameserver
> search INTRASRV.local

If you haven't stopped what ever put the '#    DO NOT EDIT THIS FILE BY 
HAND' message in resolv.conf, then I would suggest you do, this may be 
dnsmasq, resolvconf or network manager. I would also suggest that the 
google nameserver line is removed.

> interfaces
> # This file describes the network interfaces available on your system
> # and how to activate them. For more information, see interfaces(5).
> # The loopback network interface
> auto lo
> iface lo inet loopback
> # The primary network interface
> auto eth0
> #iface eth0 inet dhcp
> iface eth0 inet static
> address
> netmask
> network
> broadcast
> gateway
> dns-nameservers
> dns-search INTRASRV.local

for dns-nameservers, see comment above.

> smb.conf
> /usr/local/samba/etc/smb.conf
> # Global parameters
> [global]
>        workgroup = INTRASRV
>        realm = INTRASRV.local
>        netbios name = ACERSRV
>        server role = active directory domain controller
>        #dns forwarder =
>        dns forwarder =
> [netlogon]
>        path = /usr/local/samba/var/locks/sysvol/INTRASRV.local/scripts
>        read only = No
> [sysvol]
>        path = /usr/local/samba/var/locks/sysvol
>        read only = No
> [home]
>    path = /usr/local/samba/var/home/
>        read only = No
> [Users]
>        directory_mode: parameter = 0700
>        read only = no
>        path = /Users
>        csc policy = documents
> # Share Folders
> [Book]
>        path = /usr/local/samba/var/Book
>        read only = no
> [Prodev]
>        path = /usr/local/samba/var/Projectdev
>        read only = no
> [Counseling]
>        path = /usr/local/samba/var/Counseling
>    read only = no
>        directory mask = 0777
>        create mask = 0777
> [Documents]
>        path = /usr/local/samba/var/Documents
>        read only = no
> The permissions are set using remote server administration tools for 
> windows 8 - Computer Management. After choosing the share names (in 
> properties) I gave permissions to users under permission tab. Next I 
> used the Tab "Security" to give them full control of the corresponding 
> share folders.

If you are setting the permissions from windows, you only really need 
the path line and 'read only = no', in fact anything else you have could 
be making the situation worse.

> Which path would you advise to be selected for share folders?

You need to put them somewhere that makes them easy to backup and isn't 
going to possibly affect anything else. My personal opinion is where you 
have put them is the wrong place, as I don't know your disc structure, 
it is hard to comment, all I can say is that on unix /home is the 
standard place to put Unix users home dirs, you could use this as a 
base, then you would just need to backup the entire /home directory, but 
make sure you use something that will cope with ACLs. You also need to 
ensure there is going to be enough space to hold everything, now and in 
the future.


> Thank you,
> Tadewos
> ------------------------------------------------------------------------
> *From:* Rowland Penny <rowlandpenny241155 at gmail.com>
> *To:* samba at lists.samba.org
> *Sent:* Saturday, September 12, 2015 7:14 PM
> *Subject:* Re: [Samba] samba 4.1.17
> On 11/09/15 23:57, Tadewos Alemneh wrote:
> > I've installed samba 4.1.17 as a pdc on Ubuntu 12.04server. I wanted 
> to use the same samba 4 as file server, where users sharecommon 
> Documents. Therefore I’ve created some users and groups and gave them 
> fullpermissions to their corresponding folders. The path for shared 
> folders is /usr/local/samba/var/.In /usr/local/samba/var/ I’ve created 
> the share folders withthe command for eg. “mkdir Documents” (Documents 
> is one of the shared folder names). So far is every thing went good. 
> All Users can login tothe machine (primary domain controller). They 
> can map the shares as networkdrive on windows machines. They also have 
> access to their folders andDocuments. But at times, these same users 
> got “access denied” messages to theirown ms office and pdf files. 
> Further these users are not able to access filesthey downloaded from 
> the internet (say it email attachments or free download fileslike pdf, 
> graphics …) and saved to their folders.  When I login in as an 
> administrator I noticed that the permissionrights given to the user on 
> this folder is lost for some documents (but notfor other files of the 
> same type like .doc, .pdf etc) created by the useritself. If users 
> have to regain access to the access denied documents, I mustlogin (as 
> an administrator) and give them again exclusive rights to these 
> particularfiles in order they can open, edit and save the files. This 
> issue occurs not always but now and then at least ones in a day. Is 
> this aknown issue or did I make a mistake in configuring the shares? 
> How can I fixthis problem? Thank youTadewos
> OK, firstly, I don't think you have installed samba as a PDC, I think
> you have installed an AD DC. I also am struggling to help you because
> you do not tell us how you set the permissions on the folders and what
> you set them to. I would also move the shares to somewhere else, you
> really shouldn't put shares there.
> Could you please post your smb.conf (you can sanitise this) so we can
> see what, if anything, you have altered.
> Rowland
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


More information about the samba mailing list