[Samba] I: Missing 'security' tab
Claudio Nicora
claudio.nicora at gmail.com
Mon Feb 26 13:29:40 UTC 2018
Of course is not; /opt/shares/geoportale-lizmap belongs to /
> /dev/mapper/ubuntugis01--vg-root on / type ext4
(rw,relatime,errors=remount-ro,data=ordered)
It should read like this:
/dev/mapper/ubuntugis01--vg-root on / type ext4
(rw,relatime,errors=remount-ro,data=ordered,acl,user_xattr)
Edit /etc/fstab, add those 2 options then reboot (or remount).
Il 26/02/2018 13:44, Andrea Rossetti ha scritto:
>
> Is not mounted see below
>
> root at ubuntugis01:/opt/share# mount
>
> sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
>
> proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
>
> udev on /dev type devtmpfs
> (rw,nosuid,relatime,size=487712k,nr_inodes=121928,mode=755)
>
> devpts on /dev/pts type devpts
> (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
>
> tmpfs on /run type tmpfs (rw,nosuid,noexec,relatime,size=101604k,mode=755)
>
> /dev/mapper/ubuntugis01--vg-root on / type ext4
> (rw,relatime,errors=remount-ro,data=ordered)
>
> securityfs on /sys/kernel/security type securityfs
> (rw,nosuid,nodev,noexec,relatime)
>
> tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
>
> tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k)
>
> tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755)
>
> cgroup on /sys/fs/cgroup/systemd type cgroup
> (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd)
>
> pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
>
> cgroup on /sys/fs/cgroup/pids type cgroup
> (rw,nosuid,nodev,noexec,relatime,pids)
>
> cgroup on /sys/fs/cgroup/memory type cgroup
> (rw,nosuid,nodev,noexec,relatime,memory)
>
> cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup
> (rw,nosuid,nodev,noexec,relatime,net_cls,net_prio)
>
> cgroup on /sys/fs/cgroup/devices type cgroup
> (rw,nosuid,nodev,noexec,relatime,devices)
>
> cgroup on /sys/fs/cgroup/hugetlb type cgroup
> (rw,nosuid,nodev,noexec,relatime,hugetlb)
>
> cgroup on /sys/fs/cgroup/blkio type cgroup
> (rw,nosuid,nodev,noexec,relatime,blkio)
>
> cgroup on /sys/fs/cgroup/perf_event type cgroup
> (rw,nosuid,nodev,noexec,relatime,perf_event)
>
> cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup
> (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct)
>
> cgroup on /sys/fs/cgroup/freezer type cgroup
> (rw,nosuid,nodev,noexec,relatime,freezer)
>
> cgroup on /sys/fs/cgroup/cpuset type cgroup
> (rw,nosuid,nodev,noexec,relatime,cpuset)
>
> systemd-1 on /proc/sys/fs/binfmt_misc type autofs
> (rw,relatime,fd=22,pgrp=1,timeout=0,minproto=5,maxproto=5,direct)
>
> hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime)
>
> mqueue on /dev/mqueue type mqueue (rw,relatime)
>
> debugfs on /sys/kernel/debug type debugfs (rw,relatime)
>
> fusectl on /sys/fs/fuse/connections type fusectl (rw,relatime)
>
> /dev/sda1 on /boot type ext2
> (rw,relatime,block_validity,barrier,user_xattr,acl)
>
> lxcfs on /var/lib/lxcfs type fuse.lxcfs
> (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other)
>
> tmpfs on /run/user/1000 type tmpfs
> (rw,nosuid,nodev,relatime,size=101604k,mode=700,uid=1000,gid=1000)
>
> Inviato da Posta <https://go.microsoft.com/fwlink/?LinkId=550986>per
> Windows 10
>
> *Da: *Claudio Nicora <mailto:nicorac at yahoo.com>
> *Inviato: *lunedì 26 febbraio 2018 13:41
> *A: *samba at lists.samba.org <mailto:samba at lists.samba.org>
> *Oggetto: *Re: [Samba] I: Missing 'security' tab
>
> No, I asked how the filesystem holding that share is mounted.
> Post the output of "mount" command and/or the content of "/etc/fstab"
> file.
>
> Il 26/02/2018 13:06, Andrea Rossetti ha scritto:
>
> If I understand what you ask me these parameters are set in the
> global section of the smb.conf file
>
> …
>
> vfs objects = acl_xattr
>
> map acl inherit = yes
>
> store dos attributes = yes
>
> …
>
> see below my samba-debug-info.txt
>
> Collected config --- 2018-02-26-12:57 -----------
>
> Hostname: ubuntugis01
>
> DNS Domain: comune.spoleto.local
>
> FQDN: ubuntugis01.comune.spoleto.local
>
> ipaddress: 192.168.23.70
>
> -----------
>
> Samba is running as a Unix domain member
>
> Checking file: /etc/os-release
>
> NAME="Ubuntu"
>
> VERSION="16.04.4 LTS (Xenial Xerus)"
>
> ID=ubuntu
>
> ID_LIKE=debian
>
> PRETTY_NAME="Ubuntu 16.04.4 LTS"
>
> VERSION_ID="16.04"
>
> HOME_URL="http://www.ubuntu.com/" <http://www.ubuntu.com/>
>
> SUPPORT_URL="http://help.ubuntu.com/" <http://help.ubuntu.com/>
>
> BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
> <http://bugs.launchpad.net/ubuntu/>
>
> VERSION_CODENAME=xenial
>
> UBUNTU_CODENAME=xenial
>
> -----------
>
> Warning, /etc/devuan_version does not exist
>
> -----------
>
> running command : ip a
>
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state
> UNKNOWN group default qlen 1
>
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>
> inet 127.0.0.1/8 scope host lo
>
> inet6 ::1/128 scope host
>
> 2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
> pfifo_fast state UP group default qlen 1000
>
> link/ether 08:00:27:66:1b:d2 brd ff:ff:ff:ff:ff:ff
>
> inet 192.168.23.70/24 brd 192.168.23.255 scope global enp0s3
>
> inet6 fe80::a00:27ff:fe66:1bd2/64 scope link
>
> -----------
>
> Checking file: /etc/hosts
>
> 127.0.0.1 localhost
>
> 192.168.23.70 ubuntugis01.comune.spoleto.local ubuntugis01
>
> # The following lines are desirable for IPv6 capable hosts
>
> ::1 localhost ip6-localhost ip6-loopback
>
> ff02::1 ip6-allnodes
>
> ff02::2 ip6-allrouters
>
> -----------
>
> Checking file: /etc/resolv.conf
>
> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by
> resolvconf(8)
>
> # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE
> OVERWRITTEN
>
> nameserver 192.168.23.11
>
> nameserver 192.168.23.12
>
> search comune.spoleto.local
>
> -----------
>
> Checking file: /etc/krb5.conf
>
> [libdefaults]
>
> default_realm = COMUNE.SPOLETO.LOCAL
>
> dns_lookup_realm = false
>
> dns_lookup_kdc = true
>
> # The following krb5.conf variables are only for MIT Kerberos.
>
> # krb4_config = /etc/krb.conf
>
> # krb4_realms = /etc/krb.realms
>
> # kdc_timesync = 1
>
> # ccache_type = 4
>
> # forwardable = true
>
> # proxiable = true
>
> # The following encryption type specification will be used by MIT
> Kerberos
>
> # if uncommented. In general, the defaults in the MIT Kerberos
> code are
>
> # correct and overriding these specifications only serves to
> disable new
>
> # encryption types as they are added, creating interoperability
> problems.
>
> #
>
> # Thie only time when you might need to uncomment these lines and
> change
>
> # the enctypes is if you have local software that will break on ticket
>
> # caches containing ticket encryption types it doesn't know about
> (such as
>
> # old versions of Sun Java).
>
> # default_tgs_enctypes = des3-hmac-sha1
>
> # default_tkt_enctypes = des3-hmac-sha1
>
> # permitted_enctypes = des3-hmac-sha1
>
> # The following libdefaults parameters are only for Heimdal Kerberos.
>
> # v4_instance_resolve = false
>
> # v4_name_convert = {
>
> # host = {
>
> # rcmd = host
>
> # ftp = ftp
>
> # }
>
> # plain = {
>
> # something = something-else
>
> # }
>
> # }
>
> # fcc-mit-ticketflags = true
>
> #
>
> #[realms]
>
> # COMUNE.SPOLETO.LOCAL = {
>
> # kdc = kerberos.mit.edu:88
>
> # kdc = kerberos-1.mit.edu:88
>
> # kdc = kerberos-2.mit.edu:88
>
> # admin_server = kerberos.mit.edu
>
> # default_domain = mit.edu
>
> # }
>
> # MEDIA-LAB.MIT.EDU = {
>
> # kdc = kerberos.media.mit.edu
>
> # admin_server = kerberos.media.mit.edu
>
> # }
>
> # ZONE.MIT.EDU = {
>
> # kdc = casio.mit.edu
>
> # kdc = seiko.mit.edu
>
> # admin_server = casio.mit.edu
>
> # }
>
> # MOOF.MIT.EDU = {
>
> # kdc = three-headed-dogcow.mit.edu:88
>
> # kdc = three-headed-dogcow-1.mit.edu:88
>
> # admin_server = three-headed-dogcow.mit.edu
>
> # }
>
> # CSAIL.MIT.EDU = {
>
> # kdc = kerberos-1.csail.mit.edu
>
> # kdc = kerberos-2.csail.mit.edu
>
> # admin_server = kerberos.csail.mit.edu
>
> # default_domain = csail.mit.edu
>
> # krb524_server = krb524.csail.mit.edu
>
> # }
>
> # IHTFP.ORG = {
>
> # kdc = kerberos.ihtfp.org
>
> # admin_server = kerberos.ihtfp.org
>
> # }
>
> # GNU.ORG = {
>
> # kdc = kerberos.gnu.org
>
> # kdc = kerberos-2.gnu.org
>
> # kdc = kerberos-3.gnu.org
>
> # admin_server = kerberos.gnu.org
>
> # }
>
> # 1TS.ORG = {
>
> # kdc = kerberos.1ts.org
>
> # admin_server = kerberos.1ts.org
>
> # }
>
> # GRATUITOUS.ORG = {
>
> # kdc = kerberos.gratuitous.org
>
> # admin_server = kerberos.gratuitous.org
>
> # }
>
> # DOOMCOM.ORG = {
>
> # kdc = kerberos.doomcom.org
>
> # admin_server = kerberos.doomcom.org
>
> # }
>
> # ANDREW.CMU.EDU = {
>
> # kdc = kerberos.andrew.cmu.edu
>
> # kdc = kerberos2.andrew.cmu.edu
>
> # kdc = kerberos3.andrew.cmu.edu
>
> # admin_server = kerberos.andrew.cmu.edu
>
> # default_domain = andrew.cmu.edu
>
> # }
>
> # CS.CMU.EDU = {
>
> # kdc = kerberos.cs.cmu.edu
>
> # kdc = kerberos-2.srv.cs.cmu.edu
>
> # admin_server = kerberos.cs.cmu.edu
>
> # }
>
> # DEMENTIA.ORG = {
>
> # kdc = kerberos.dementix.org
>
> # kdc = kerberos2.dementix.org
>
> # admin_server = kerberos.dementix.org
>
> # }
>
> # stanford.edu = {
>
> # kdc = krb5auth1.stanford.edu
>
> # kdc = krb5auth2.stanford.edu
>
> # kdc = krb5auth3.stanford.edu
>
> # master_kdc = krb5auth1.stanford.edu
>
> # admin_server = krb5-admin.stanford.edu
>
> # default_domain = stanford.edu
>
> # }
>
> # UTORONTO.CA = {
>
> # kdc = kerberos1.utoronto.ca
>
> # kdc = kerberos2.utoronto.ca
>
> # kdc = kerberos3.utoronto.ca
>
> # admin_server = kerberos1.utoronto.ca
>
> # default_domain = utoronto.ca
>
> # }
>
> #
>
> #[domain_realm]
>
> # .mit.edu = ATHENA.MIT.EDU
>
> # mit.edu = ATHENA.MIT.EDU
>
> # .media.mit.edu = MEDIA-LAB.MIT.EDU
>
> # media.mit.edu = MEDIA-LAB.MIT.EDU
>
> # .csail.mit.edu = CSAIL.MIT.EDU
>
> # csail.mit.edu = CSAIL.MIT.EDU
>
> # .whoi.edu = ATHENA.MIT.EDU
>
> # whoi.edu = ATHENA.MIT.EDU
>
> # .stanford.edu = stanford.edu
>
> # .slac.stanford.edu = SLAC.STANFORD.EDU
>
> # .toronto.edu = UTORONTO.CA
>
> # .utoronto.ca = UTORONTO.CA
>
> #
>
> #[login]
>
> # krb4_convert = true
>
> # krb4_get_tickets = false
>
> -----------
>
> Checking file: /etc/nsswitch.conf
>
> # /etc/nsswitch.conf
>
> #
>
> # Example configuration of GNU Name Service Switch functionality.
>
> # If you have the `glibc-doc-reference' and `info' packages
> installed, try:
>
> # `info libc "Name Service Switch"' for information about this file.
>
> passwd: compat winbind
>
> group: compat winbind
>
> shadow: compat
>
> gshadow: files
>
> hosts: files dns
>
> networks: files
>
> protocols: db files
>
> services: db files
>
> ethers: db files
>
> rpc: db files
>
> netgroup: nis
>
> -----------
>
> Checking file: /etc/samba/smb.conf
>
> #
>
> # Sample configuration file for the Samba suite for Debian GNU/Linux.
>
> #
>
> #
>
> # This is the main Samba configuration file. You should read the
>
> # smb.conf(5) manual page in order to understand the options listed
>
> # here. Samba has a huge number of configurable options most of which
>
> # are not shown in this example
>
> #
>
> # Some options that are often worth tuning have been included as
>
> # commented-out examples in this file.
>
> # - When such options are commented with ";", the proposed setting
>
> # differs from the default Samba behaviour
>
> # - When commented with "#", the proposed setting is the default
>
> # behaviour of Samba but the option is considered important
>
> # enough to be mentioned here
>
> #
>
> # NOTE: Whenever you modify this file you should run the command
>
> # "testparm" to check that you have not made any basic syntactic
>
> # errors.
>
> #======================= Global Settings =======================
>
> [global]
>
> ## Browsing/Identification ###
>
> # Change this to the workgroup/NT-domain name your Samba server
> will part of
>
> workgroup = COM_SPOLETO
>
> realm = COMUNE.SPOLETO.LOCAL
>
> client signing = yes
>
> client use spnego = yes
>
> kerberos method = secrets and keytab
>
> security = ads
>
> # Just a member server
>
> domain master = no
>
> local master = no
>
> preferred master = no
>
> # Disable printing error log messages when CUPS is not installed.
>
> printcap name = /etc/printcap
>
> load printers = no
>
> bind interfaces only = yes
>
> interfaces = lo enp0s3
>
> enable privileges = yes
>
> idmap config * : backend = tdb
>
> idmap config * : range = 2000-9999
>
> # idmap config COMUNE.SPOLETO.LOCAL : backend = rid
>
> # idmap config COMUNE.SPOLETO.LOCAL : range = 10000-29999
>
> idmap config COM_SPOLETO : backend = rid
>
> idmap config COM_SPOLETO : range = 10000-999999
>
> username map = /etc/samba/user.map
>
> vfs objects = acl_xattr
>
> map acl inherit = yes
>
> store dos attributes = yes
>
> winbind refresh tickets = Yes
>
> # This way users log in with username instead of
> username at example.org <mailto:username at example.org>
>
> winbind use default domain = yes
>
> winbind enum users = yes
>
> winbind enum groups = yes
>
> # Inherit groups in groups
>
> winbind nested groups = yes
>
> winbind offline logon = true
>
> client ntlmv2 auth = yes
>
> # server string is the equivalent of the NT Description field
>
> server string = %h server (Samba, Ubuntu)
>
> # Windows Internet Name Serving Support Section:
>
> # WINS Support - Tells the NMBD component of Samba to enable its
> WINS Server
>
> # wins support = no
>
> # WINS Server - Tells the NMBD components of Samba to be a WINS Client
>
> # Note: Samba can be either a WINS Server, or a WINS Client, but
> NOT both
>
> ; wins server = w.x.y.z
>
> # This will prevent nmbd to search for NetBIOS names through DNS.
>
> dns proxy = no
>
> #### Networking ####
>
> # The specific set of interfaces / networks to bind to
>
> # This can be either the interface name or an IP address/netmask;
>
> # interface names are normally preferred
>
> ; interfaces = 127.0.0.0/8 eth0
>
> # Only bind to the named interfaces and/or networks; you must use the
>
> # 'interfaces' option above to use this.
>
> # It is recommended that you enable this feature if your Samba
> machine is
>
> # not protected by a firewall or is a firewall itself. However, this
>
> # option cannot handle dynamic or non-broadcast interfaces correctly.
>
> ; bind interfaces only = yes
>
> #### Debugging/Accounting ####
>
> # This tells Samba to use a separate log file for each machine
>
> # that connects
>
> log file = /var/log/samba/log.%m
>
> log level = 3
>
> # Cap the size of the individual log files (in KiB).
>
> max log size = 1000
>
> # If you want Samba to only log through syslog then set the following
>
> # parameter to 'yes'.
>
> # syslog only = no
>
> # We want Samba to log a minimum amount of information to syslog.
> Everything
>
> # should go to /var/log/samba/log.{smbd,nmbd} instead. If you want
> to log
>
> # through syslog you should set the following parameter to
> something higher.
>
> syslog = 0
>
> # Do something sensible when Samba crashes: mail the admin a backtrace
>
> panic action = /usr/share/samba/panic-action %d
>
> ####### Authentication #######
>
> # Server role. Defines in which mode Samba will operate. Possible
>
> # values are "standalone server", "member server", "classic primary
>
> # domain controller", "classic backup domain controller", "active
>
> # directory domain controller".
>
> #
>
> # Most people will want "standalone sever" or "member server".
>
> # Running as "active directory domain controller" will require first
>
> # running "samba-tool domain provision" to wipe databases and create a
>
> # new domain.
>
> # server role = standalone server
>
> server role = member server
>
> # server role = AUTO
>
> # If you are using encrypted passwords, Samba will need to know what
>
> # password database type you are using.
>
> passdb backend = tdbsam
>
> # obey pam restrictions = yes
>
> # This boolean parameter controls whether Samba attempts to sync
> the Unix
>
> # password with the SMB password when the encrypted SMB password
> in the
>
> # passdb is changed.
>
> # unix password sync = yes
>
> # For Unix password sync to work on a Debian GNU/Linux system, the
> following
>
> # parameters must be set (thanks to Ian Kahan
> <<kahan at informatik.tu-muenchen.de>
> <mailto:kahan at informatik.tu-muenchen.de> for
>
> # sending the correct chat script for the passwd program in Debian
> Sarge).
>
> # passwd program = /usr/bin/passwd %u
>
> # passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>
> # This boolean controls whether PAM will be used for password changes
>
> # when requested by an SMB client instead of the program listed in
>
> # 'passwd program'. The default is 'no'.
>
> # pam password change = yes
>
> # This option controls how unsuccessful authentication attempts
> are mapped
>
> # to anonymous connections
>
> map to guest = bad user
>
> ########## Domains ###########
>
> #
>
> # The following settings only takes effect if 'server role = primary
>
> # classic domain controller', 'server role = backup domain controller'
>
> # or 'domain logons' is set
>
> #
>
> # It specifies the location of the user's
>
> # profile directory from the client point of view) The following
>
> # required a [profiles] share to be setup on the samba server (see
>
> # below)
>
> ; logon path = \\%N\profiles\%U
>
> # Another common choice is storing the profile in the user's home
> directory
>
> # (this is Samba's default)
>
> # logon path = \\%N\%U\profile
>
> # The following setting only takes effect if 'domain logons' is set
>
> # It specifies the location of a user's home directory (from the
> client
>
> # point of view)
>
> ; logon drive = H:
>
> # logon home = \\%N\%U
>
> # The following setting only takes effect if 'domain logons' is set
>
> # It specifies the script to run during logon. The script must be
> stored
>
> # in the [netlogon] share
>
> # NOTE: Must be store in 'DOS' file format convention
>
> ; logon script = logon.cmd
>
> # This allows Unix users to be created on the domain controller
> via the SAMR
>
> # RPC pipe. The example command creates a user account with a
> disabled Unix
>
> # password; please adapt to your needs
>
> ; add user script = /usr/sbin/adduser --quiet --disabled-password
> --gecos "" %u
>
> # This allows machine accounts to be created on the domain
> controller via the
>
> # SAMR RPC pipe.
>
> # The following assumes a "machines" group exists on the system
>
> ; add machine script = /usr/sbin/useradd -g machines -c "%u
> machine account" -d /var/lib/samba -s /bin/false %u
>
> # This allows Unix groups to be created on the domain controller
> via the SAMR
>
> # RPC pipe.
>
> ; add group script = /usr/sbin/addgroup --force-badname %g
>
> ############ Misc ############
>
> # Using the following line enables you to customise your configuration
>
> # on a per machine basis. The %m gets replaced with the netbios name
>
> # of the machine that is connecting
>
> ; include = /home/samba/etc/smb.conf.%m
>
> # Some defaults for winbind (make sure you're not using the ranges
>
> # for something else.)
>
> ; idmap uid = 10000-20000
>
> ; idmap gid = 10000-20000
>
> ; template shell = /bin/bash
>
> # Setup usershare options to enable non-root users to share folders
>
> # with the net usershare command.
>
> # Maximum number of usershare. 0 (default) means that usershare is
> disabled.
>
> ; usershare max shares = 100
>
> # Allow users who've been granted usershare privileges to create
>
> # public shares, not just authenticated ones
>
> # usershare allow guests = yes
>
> usershare allow guests = no
>
> #======================= Share Definitions =======================
>
> # Un-comment the following (and tweak the other settings below to
> suit)
>
> # to enable the default home directory shares. This will share each
>
> # user's home directory as \\server\username
>
> ;[homes]
>
> ; comment = Home Directories
>
> ; browseable = no
>
> # By default, the home directories are exported read-only. Change the
>
> # next parameter to 'no' if you want to be able to write to them.
>
> ; read only = yes
>
> # File creation mask is set to 0700 for security reasons. If you
> want to
>
> # create files with group=rw permissions, set next parameter to 0775.
>
> ; create mask = 0700
>
> # Directory creation mask is set to 0700 for security reasons. If
> you want to
>
> # create dirs. with group=rw permissions, set next parameter to 0775.
>
> ; directory mask = 0700
>
> # By default, \\server\username shares can be connected to by anyone
>
> # with access to the samba server.
>
> # Un-comment the following parameter to make sure that only "username"
>
> # can connect to \\server\username
>
> # This might need tweaking when using external authentication schemes
>
> ; valid users = %S
>
> # Un-comment the following and create the netlogon directory for
> Domain Logons
>
> # (you need to configure Samba to act as a domain controller too.)
>
> ;[netlogon]
>
> ; comment = Network Logon Service
>
> ; path = /home/samba/netlogon
>
> ; guest ok = yes
>
> ; read only = yes
>
> # Un-comment the following and create the profiles directory to store
>
> # users profiles (see the "logon path" option above)
>
> # (you need to configure Samba to act as a domain controller too.)
>
> # The path below should be writable by all users so that their
>
> # profile directory may be created the first time they log on
>
> ;[profiles]
>
> ; comment = Users profiles
>
> ; path = /home/samba/profiles
>
> ; guest ok = no
>
> ; browseable = no
>
> ; create mask = 0600
>
> ; directory mask = 0700
>
> [printers]
>
> comment = All Printers
>
> browseable = no
>
> path = /var/spool/samba
>
> printable = yes
>
> guest ok = no
>
> read only = yes
>
> create mask = 0700
>
> # Windows clients look for this share name as a source of downloadable
>
> # printer drivers
>
> [print$]
>
> comment = Printer Drivers
>
> path = /var/lib/samba/printers
>
> browseable = yes
>
> read only = yes
>
> guest ok = no
>
> # Uncomment to allow remote administration of Windows print drivers.
>
> # You may need to replace 'lpadmin' with the name of the group your
>
> # admin users are members of.
>
> # Please note that you also need to set appropriate Unix permissions
>
> # to the drivers directory for these users to have write rights in it
>
> ; write list = root, @lpadmin
>
> [geoportale-lizmap]
>
> comment = Progetti QGIS per Lizmap
>
> path = /opt/shares/geoportale-lizmap
>
> read only = no
>
> inherit acls = yes
>
> -----------
>
> Content of /etc/samba/user.map
>
> !root = COM_SPOLETO\Adminserver
>
> -----------
>
> Installed packages, running: dpkg -l | egrep
> "samba|winbind|krb5|smb|acl|xattr"
>
> ii acl 2.2.52-3 amd64 Access control list utilities
>
> ii krb5-config 2.3
> all Configuration files for
> Kerberos Version 5
>
> ii krb5-locales 1.13.2+dfsg-5ubuntu2 all
> Internationalization support for MIT Kerberos
>
> ii krb5-user 1.13.2+dfsg-5ubuntu2 amd64
> Basic programs to authenticate using MIT Kerberos
>
> ii libacl1:amd64 2.2.52-3 amd64 Access control list shared
> library
>
> ii libgssapi-krb5-2:amd64 1.13.2+dfsg-5ubuntu2 amd64 MIT
> Kerberos runtime libraries - krb5 GSS-API Mechanism
>
> ii libkrb5-26-heimdal:amd64 1.7~git20150920+dfsg-4ubuntu1.16.04.1
> amd64 Heimdal Kerberos - libraries
>
> ii libkrb5-3:amd64 1.13.2+dfsg-5ubuntu2 amd64 MIT Kerberos
> runtime libraries
>
> ii libkrb5support0:amd64 1.13.2+dfsg-5ubuntu2 amd64 MIT
> Kerberos runtime libraries - Support library
>
> ii libnss-winbind:amd64 2:4.3.11+dfsg-0ubuntu0.16.04.12
> amd64 Samba nameservice integration plugins
>
> ii libpam-winbind:amd64 2:4.3.11+dfsg-0ubuntu0.16.04.12
> amd64 Windows domain authentication integration plugin
>
> ii libsmbclient:amd64 2:4.3.11+dfsg-0ubuntu0.16.04.12 amd64
> shared library for communication with SMB/CIFS servers
>
> ii libwbclient0:amd64 2:4.3.11+dfsg-0ubuntu0.16.04.12 amd64
> Samba winbind client library
>
> ii python-samba 2:4.3.11+dfsg-0ubuntu0.16.04.12 amd64
> Python bindings for Samba
>
> ii samba 2:4.3.11+dfsg-0ubuntu0.16.04.12 amd64 SMB/CIFS
> file, print, and login server for Unix
>
> ii samba-common 2:4.3.11+dfsg-0ubuntu0.16.04.12 all
> common files used by both the Samba server and client
>
> ii samba-common-bin 2:4.3.11+dfsg-0ubuntu0.16.04.12 amd64
> Samba common files used by both the server and the client
>
> ii samba-dsdb-modules 2:4.3.11+dfsg-0ubuntu0.16.04.12 amd64
> Samba Directory Services Database
>
> ii samba-libs:amd64 2:4.3.11+dfsg-0ubuntu0.16.04.12 amd64
> Samba core libraries
>
> ii samba-vfs-modules 2:4.3.11+dfsg-0ubuntu0.16.04.12 amd64
> Samba Virtual FileSystem plugins
>
> ii smbclient 2:4.3.11+dfsg-0ubuntu0.16.04.12 amd64
> command-line SMB/CIFS clients for Unix
>
> ii winbind 2:4.3.11+dfsg-0ubuntu0.16.04.12 amd64 service to
> resolve user and group information from Windows NT servers
>
> -----------
>
> Inviato da Posta <https://go.microsoft.com/fwlink/?LinkId=550986>
> per Windows 10
>
> *Da: *Claudio Nicora <mailto:nicorac at yahoo.com>
> *Inviato: *lunedì 26 febbraio 2018 12:50
> *A: *Andrea Rossetti <mailto:andy.ros at gmail.com>;
> samba at lists.samba.org <mailto:samba at lists.samba.org>
> *Oggetto: *Re: [Samba] I: Missing 'security' tab
>
> How is the share path "/opt/shares/geoportale-lizmap" mounted?
>
> Is it mounted with "acl,user_xattr" options?
>
> Claudio
>
More information about the samba
mailing list