[Samba] a lot of nonbody session with same pid

Alberto Maria Fiaschi alberto.fiaschi at estar.toscana.it
Mon Apr 19 13:44:56 UTC 2021 

I not use acl.
i just want to use valid user and write list. I want to stick to a purely textual configuration
User can read and write
User are in group uosi_vpn_rw -
Force user are only at level of unix process ... all files are 777 mode .
If user  connect from pc in ad  non nobody session are created. but the force usere option is still present.
the workgroups have different names. 
all clients will be with the time passed to ad. but it cannot be done immediately. this is not the correct behavior of the program


----- Messaggio originale -----
> On 19/04/2021 09:16, Alberto Maria Fiaschi wrote:
> > I make a test machine. The sever is member of AD domain (config at he end
> > of these mail).
> > The behavior is identical. The PCs that are in workgroups generate many
> > sessions with the nobody user, especially when they open excell files or
> > run some program.
> > The server SO is Ubuntu 20.04.2 LTS with samba ver 4.11.6-Ubuntu .
> >
> 
> On top of what Louis has said, lets look at your share:
> 
> [TEST2]
>          comment = Cartella documenti TEST
>          path = /sambatest/shares/Uosi/groups/TEST2
>          valid users = @uosi_vpn_ro, at uosi_vpn_rw
>          write list = @uosi_vpn_rw
>          force user = nobody
>          force group = uosi_quota
> 
> You are not using the Samba guest user 'nobody' but you are forcing all
> the created files & directories to belong to 'nobody' with the group
> 'uosi_quota'. the only users that can connect to the share are members
> of the 'uosi_vpn_ro' & 'uosi_vpn_rw' groups, but, as the share is read
> only, only members of the 'uosi_vpn_rw' can write to the share. However,
> because everything ends up with 'nobody:uosi_quota' ownership, no one
> will be able to read anything.
> 
> Can I suggest you do two things, read this wikipage:
> 
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
> 
> And then set the share permissions from Windows by following this wikipage:
> 
> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
> 
> There is also a problem with using a workgroup machine in an AD domain,
> even if the workgroup user has the same name as a domain user, it will
> be unknown to the domain. I personally would suggest you join any
> workgroup machines to the AD domain, that way, all users are domain users.
> 
> Rowland
> 
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 

-- 
Alberto Maria Fiaschi 
alberto.fiaschi at estar.toscana.it 
ESTAR - Ente di Supporto Tecnico Amministrativo Regionale 
Dip.to Tecnologie Informatiche 
Area: Tecnologie Informatiche Nord-Ovest 
UOC: Reti e Sistemi Area Nord-Ovest 
c/o Azienda Ospedaliero Universitaria Pisana 
Presidio Ospedaliero Spedali Riuniti Santa Chiara 
Via Roma, 67 - 56126 Pisa, Italy 
Tel. +39 050 99 3117 
Fax +39 050 99 3396 
profilo su https://it.linkedin.com/in/alberto-fiaschi

More information about the samba mailing list