[Samba] samba 4.1.17

Tadewos Alemneh tadewosa at yahoo.com
Tue Sep 15 17:02:12 UTC 2015 

      From: Rowland Penny <rowlandpenny241155 at gmail.com>
 To: "samba at lists.samba.org" <samba at lists.samba.org> 
 Sent: Sunday, September 13, 2015 9:06 PM
 Subject: Re: [Samba] samba 4.1.17
   
On 13/09/15 19:46, Tadewos Alemneh wrote:
> Disc partition ext4.
> / partition 800 Gb
> swap 20 GB

Is everything in / ?
Yes

so looks my fstab:# <file system> <mount point>   <type>  <options>       <dump>  <pass>
proc            /proc           proc    nodev,noexec,nosuid 0       0
# / was on /dev/md1 during installation
UUID=3f9a2ca7-21a3-40d6-9d43-06d0334c494a /               ext4    user_xattr,acl,barrier=1,errors=remount-ro 1       1
# swap was on /dev/md0 during installation
#UUID=b1f620f6-4763-48c4-a45e-f7ab56e8d398 none            swap    sw              0       0
/dev/mapper/cryptswap1 none swap sw 0 0

Can you read some problems here that can affect my permissions?Can I edit fstab like this?UUID=3f9a2ca7-21a3-40d6-9d43-06d0334c494a /home/Shares              ext4    user_xattr,acl,barrier=1,errors=remount-ro 1       1


You probably don't need a 20GB swap partition.

>
> Software RAID is also configured.
> My Question is: except for share path, is there any configuration and 
> permission setting error in my configuration?

As I said, it is a personal thing not put anything into /usr/local/samba 
other than what samba puts there it self, also I said you don't need any 
permission settings in the share configuration i.e. directory mask = 0777
> Is it necessary to have one main share folder in /home in which I 
> create subfolders as independent shares for corresponding users (only 
> privileged users can access) or should I create in /home directly so 
> many share folders as needed?

No, it is not a requirement, it is your AD DC, you can do what you like, 
I can only advise, I cannot and would not demand you do anything. I 
personally use /home (on a separate partition) for two main reasons, I 
can easily upgrade/change the OS without losing the contents of /home 
and I can easily back it up.

>
> What do you mean by "make sure you use something that will cope with ACLs"

If you use the wrong tool to back up /home for instance, when you come 
to restore from this backup, you may find all the permissions are 
screwed up or totally missing. Early versions of tar know nothing about 
ACLs, later versions have the '--acls' & '--xattrs' switches.

Rowland

>
> Thank you
>
> Tadewos
>
>
>
> ------------------------------------------------------------------------
> *From:* Rowland Penny <rowlandpenny241155 at gmail.com>
> *To:* "samba at lists.samba.org" <samba at lists.samba.org>
> *Sent:* Sunday, September 13, 2015 8:25 PM
> *Subject:* Re: [Samba] samba 4.1.17
>
> On 13/09/15 19:02, Tadewos Alemneh wrote:
> > Thank you very much Rowland.
> >
> > As you correctly said I've installed AD DC.
> > Here are some configuration details.
> >
> > krb5.conf
> >
> >        #default_realm = ${REALM}
> >        default_realm = INTRASRV.LOCAL
> >        dns_lookup_realm = false
> >        dns_lookup_kdc = true
>
> krb5.conf is correct
>
> >
> > resolv.conf
> >
> > #    DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
> > nameserver 192.168.1.210
> > nameserver 8.8.8.8
> > search INTRASRV.local
> >
>
> If you haven't stopped what ever put the '#    DO NOT EDIT THIS FILE BY
> HAND' message in resolv.conf, then I would suggest you do, this may be
> dnsmasq, resolvconf or network manager. I would also suggest that the
> google nameserver line is removed.
>
> > interfaces
> >
> > # This file describes the network interfaces available on your system
> > # and how to activate them. For more information, see interfaces(5).
> >
> > # The loopback network interface
> > auto lo
> > iface lo inet loopback
> >
> > # The primary network interface
> > auto eth0
> > #iface eth0 inet dhcp
> > iface eth0 inet static
> > address 192.168.1.210
> > netmask 255.255.255.0
> > network 192.168.1.0
> > broadcast 192.168.1.255
> > gateway 192.168.1.1
> > dns-nameservers 192.168.1.210 8.8.8.8
> > dns-search INTRASRV.local
> >
>
> for dns-nameservers, see comment above.
>
> > smb.conf
> > /usr/local/samba/etc/smb.conf
> >
> > # Global parameters
> > [global]
> >        workgroup = INTRASRV
> >        realm = INTRASRV.local
> >        netbios name = ACERSRV
> >        server role = active directory domain controller
> >        #dns forwarder = 192.168.1.210
> >        dns forwarder = 8.8.8.8
> >
> > [netlogon]
> >        path = /usr/local/samba/var/locks/sysvol/INTRASRV.local/scripts
> >        read only = No
> >
> > [sysvol]
> >        path = /usr/local/samba/var/locks/sysvol
> >        read only = No
> >
> > [home]
> >    path = /usr/local/samba/var/home/
> >        read only = No
> >
> > [Users]
> >        directory_mode: parameter = 0700
> >        read only = no
> >        path = /Users
> >        csc policy = documents
> >
> > # Share Folders
> > [Book]
> >        path = /usr/local/samba/var/Book
> >        read only = no
> >
> > [Prodev]
> >        path = /usr/local/samba/var/Projectdev
> >        read only = no
> >
> > [Counseling]
> >        path = /usr/local/samba/var/Counseling
> >    read only = no
> >        directory mask = 0777
> >        create mask = 0777
> >
> > [Documents]
> >        path = /usr/local/samba/var/Documents
> >        read only = no
> > The permissions are set using remote server administration tools for
> > windows 8 - Computer Management. After choosing the share names (in
> > properties) I gave permissions to users under permission tab. Next I
> > used the Tab "Security" to give them full control of the corresponding
> > share folders.
>
> If you are setting the permissions from windows, you only really need
> the path line and 'read only = no', in fact anything else you have could
> be making the situation worse.
>
> >
> > Which path would you advise to be selected for share folders?
> >
>
> You need to put them somewhere that makes them easy to backup and isn't
> going to possibly affect anything else. My personal opinion is where you
> have put them is the wrong place, as I don't know your disc structure,
> it is hard to comment, all I can say is that on unix /home is the
> standard place to put Unix users home dirs, you could use this as a
> base, then you would just need to backup the entire /home directory, but
> make sure you use something that will cope with ACLs. You also need to
> ensure there is going to be enough space to hold everything, now and in
> the future.
>
> Rowland
>
> > Thank you,
> >
> > Tadewos
> >
> > ------------------------------------------------------------------------
> > *From:* Rowland Penny <rowlandpenny241155 at gmail.com 
> <mailto:rowlandpenny241155 at gmail.com>>
> > *To:* samba at lists.samba.org <mailto:samba at lists.samba.org>
> > *Sent:* Saturday, September 12, 2015 7:14 PM
> > *Subject:* Re: [Samba] samba 4.1.17
> >
> > On 11/09/15 23:57, Tadewos Alemneh wrote:
> >
> >
> >
> > > I've installed samba 4.1.17 as a pdc on Ubuntu 12.04server. I wanted
> > to use the same samba 4 as file server, where users sharecommon
> > Documents. Therefore I’ve created some users and groups and gave them
> > fullpermissions to their corresponding folders. The path for shared
> > folders is /usr/local/samba/var/.In /usr/local/samba/var/ I’ve created
> > the share folders withthe command for eg. “mkdir Documents” (Documents
> > is one of the shared folder names). So far is every thing went good.
> > All Users can login tothe machine (primary domain controller). They
> > can map the shares as networkdrive on windows machines. They also have
> > access to their folders andDocuments. But at times, these same users
> > got “access denied” messages to theirown ms office and pdf files.
> > Further these users are not able to access filesthey downloaded from
> > the internet (say it email attachments or free download fileslike pdf,
> > graphics …) and saved to their folders.  When I login in as an
> > administrator I noticed that the permissionrights given to the user on
> > this folder is lost for some documents (but notfor other files of the
> > same type like .doc, .pdf etc) created by the useritself. If users
> > have to regain access to the access denied documents, I mustlogin (as
> > an administrator) and give them again exclusive rights to these
> > particularfiles in order they can open, edit and save the files. This
> > issue occurs not always but now and then at least ones in a day. Is
> > this aknown issue or did I make a mistake in configuring the shares?
> > How can I fixthis problem? Thank youTadewos
> >
> >
> > OK, firstly, I don't think you have installed samba as a PDC, I think
> > you have installed an AD DC. I also am struggling to help you because
> > you do not tell us how you set the permissions on the folders and what
> > you set them to. I would also move the shares to somewhere else, you
> > really shouldn't put shares there.
> > Could you please post your smb.conf (you can sanitise this) so we can
> > see what, if anything, you have altered.
> >
> > Rowland
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba


>
>
>
> >
> >
> >
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list