Brook Humphrey wrote:
> On Friday 04 October 2002 07:44 am, Buchan Milne wrote:
>>>smb.conf that worked even up to rc2 no longer works also.
>>
>>Please define 'no longer works'
>>
>
>
> Well the users can see the shares but not access them. I call that not
> working. I have it set up to allow anonymous users to my system they are all
> mapped to an actual user on the system this allows me to admin the file sever
> as a user on my linux box instead of as root. With the final mandrake 9.0
> however, They can't access the shares anymore. It is also set up so that they
> don't have to login to access the public shares. The strange part is that
> right after service smb restart the windows boxes can get on and use it for a
> few minutes and then it starts asking for passwords again.
>
>
>>>indeed. I will definately wait till 2.2.6 to see how this goes. Hopefully
>>>printing will work agan also.
>>
>>I have a production machine running 9.0RC2 with samba as wins server,
>>domain controller, serving quite a few printers with downloadeable print
>>drivers, so I fail to see why printing wasn't working. If we had shipped
>
>
> Please if this is running correctly share your smb.conf with us. At the verry
> least we may get a few pointers as to how to get it all running like it
> should be.
Depends on what you want it to do. 95% of the configuration I used was
uncommenting stuff that was in the default config. Besides that, one
change for profiles ('writeable = yes'), one change for ntlogon (add
trailing / to netlogon directory).
The rest was adding 3 other shares.
>
>
>>with 2.2.5, it would have had lots of patches (taken from 2.2.6 CVS) to
>>fix printing in 2.2.5 ....
>
>
> Ok I know I stated as of rc2 it was still working but now I'm running 9.0
> final and not rc2 anymore.
Samba (AFAIK) didn't change between rc2 and final.
> I really know nothing about the current samba code
> and was not trying to say for you guys to patch anything. All I know is that
> what ever it's doing now does not work. I will note printing does not work
> using the very tools provided with mandrake.
Printing worked out the box for me ...
> I'm not even using custom
> samba.conf but the tools mandrake provides.
AFAIK, the closest any of the samba maintainers get to the samba wizard
is sending a good default smb.conf (which the wizard maintainers should
request before each release, since it seems they still have an old one
from 8.2, nothing would have broken, but more examples would be there,
and some more features out-the-box).
I hove done nothing extra at this
> point but use the built in tool with the files it produces and I am running
> 9.0 final. I am using an epson printer that worked before. Where should I
> look to but to the samba packages. Something is different. I don't know what
> it is but it's broke if it doesn't work. Now if you have any ideas I will
> give you any other information you need. Also attached is my current smb.conf
> produced by the server wizard.
>
>
>
> ------------------------------------------------------------------------
>
>
> # This is the main Samba configuration file. You should read the
> # smb.conf(5) manual page in order to understand the options listed
> # here. Samba has a huge number of configurable options (perhaps too
> # many!) most of which are not shown in this example
> #
> # Any line which starts with a ; (semi-colon) or a # (hash)
> # is a comment and is ignored. In this example we will use a #
> # for commentry and a ; for parts of the config file that you
> # may wish to enable
> #
> # NOTE: Whenever you modify this file you should run the command "testparm"
> # to check that you have not made any basic syntactic errors.
> #
> #======================= Global Settings =====================================
> [global]
>
> # 1. Server Naming Options:
> # workgroup = NT-Domain-Name or Workgroup-Name
> workgroup = WORKGROUP
>
> # netbios name is the name you will see in "Network Neighbourhood",
> # but defaults to your hostname
> ; netbios name = <name_of_this_server>
>
> # server string is the equivalent of the NT Description field
> server string = mandrake
>
> # 2. Printing Options:
> # CHANGES TO ENABLE PRINTING ON ALL CUPS PRINTERS IN THE NETWORK
> # (as cups is now used in linux-mandrake 7.2 by default)
> # if you want to automatically load your printer list rather
> # than setting them up individually then you'll need this
> printcap name = lpstat
> load printers = yes
correct
>
> # It should not be necessary to spell out the print system type unless
> # yours is non-standard. Currently supported print systems include:
> # bsd, sysv, plp, lprng, aix, hpux, qnx, cups
> printing = cups
>
correct, if you can get cups to move paper out the printer.
> # Samba 2.2 supports the Windows NT-style point-and-print feature. To
> # use this, you need to be able to upload print drivers to the samba
> # server. The printer admins (or root) may install drivers onto samba.
> # Note that this feature uses the print$ share, and not the printers share,
> # so you will need to enable it below.
> # This parameter works like domain admins:
> # printer admin = @<group> <user>
> ; printer admin = @adm
Uncomment above line, add someone to the adm group, or change adm to the
group of people you want to be able to upload drivers, from. chgrp -R
/var/lib/samba/printers to be the same group
You can then upload print drivers from an NT/2k/XP Pro box.
>
> # 3. Logging Options:
> # this tells Samba to use a separate log file for each machine
> # that connects
> log file = /var/log/samba/log.%m
>
> # Put a capping on the size of the log files (in Kb).
> max log size = 50
>
> # Set the log (verbosity) level (0 <= log level <= 10)
> ; log level = 3
>
> # 4. Security Options:
> # This option is important for security. It allows you to restrict
> # connections to machines which are on your local network. The
> # following example restricts access to two C class networks and
> # the "loopback" interface. For more examples of the syntax see
> # the smb.conf man page. Do not enable this if (tcp/ip) name resolution does
> # not work for all the hosts in your network.
> ; hosts allow =
>
> # Uncomment this if you want a guest account, you must add this to /etc/passwd
> # otherwise the user "nobody" is used
> ; guest account = pcguest
>
> # Security mode. Most people will want user level security. See
> # security_level.txt for details.
> security = share
I never use security = share, I always use one of user and domain.
You may need a 'guesk ok = yes' somewhere in the global to make this work?
> # Use password server option only with security = server or security = domain
> # When using security = domain, you should use password server = *
> ; password server = <NT-Server-Name>
>
> # Password Level allows matching of _n_ characters of the password for
> # all combinations of upper and lower case.
> ; password level = 8
> ; username level = 8
>
> # You may wish to use password encryption. Please read
> # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
> # Do not enable this option unless you have read those documents
> # Encrypted passwords are required for any use of samba in a Windows NT domain
> # The smbpasswd file is only required by a server doing authentication, thus
> # members of a domain do not need one.
> encrypt passwords = yes
> smb passwd file = /etc/samba/smbpasswd
>
> # The following are needed to allow password changing from Windows to
> # also update the Linux system password.
> # NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.
> # NOTE2: You do NOT need these to allow workstations to change only
> # the encrypted SMB passwords. They allow the Unix password
> # to be kept in sync with the SMB password.
> unix password sync = Yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
> *passwd:*all*authentication*tokens*updated*successfully*
>
> # Unix users can map to different SMB User names
> ; username map = /etc/samba/smbusers
>
> # Using the following line enables you to customise your configuration
> # on a per machine basis. The %m gets replaced with the netbios name
> # of the machine that is connecting
> ; include = /etc/samba/smb.conf.%m
>
> # 5. Browser Control and Networking Options:
> # Most people will find that this option gives better performance.
> # See speed.txt and the manual pages for details
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>
> # Configure Samba to use multiple interfaces
> # If you have multiple network interfaces then you must list them
> # here. See the man page for details.
> ; interfaces = 192.168.12.2/24 192.168.13.2/24
>
> # Configure remote browse list synchronisation here
> # request announcement to, or browse list sync from:
> # a specific host or from / to a whole subnet (see below)
> ; remote browse sync = 192.168.3.25 192.168.5.255
> # Cause this host to announce itself to local subnets here
> ; remote announce = 192.168.1.255 192.168.2.44
>
> # set local master to no if you don't want Samba to become a master
> # browser on your network. Otherwise the normal election rules apply
> ; local master = no
>
> # OS Level determines the precedence of this server in master browser
> # elections. The default value should be reasonable
> ; os level = 33
>
> # Domain Master specifies Samba to be the Domain Master Browser. This
> # allows Samba to collate browse lists between subnets. Don't use this
> # if you already have a Windows NT domain controller doing this job
> ; domain master = yes
>
> # Preferred Master causes Samba to force a local browser election on startup
> # and gives it a slightly higher chance of winning the election
> ; preferred master = yes
>
> # 6. Domain Control Options:
> # Enable this if you want Samba to be a domain logon server for
> # Windows95 workstations or Primary Domain Controller for WinNT and Win2k
> ; domain logons = yes
If you want a domain controller, you probably want to uncomment one line
from each paragraph below, and the line above.
>
> # if you enable domain logons then you may want a per-machine or
> # per user logon script
> # run a specific logon batch file per workstation (machine)
> ; logon script = %U.bat
> # run a specific logon batch file per username
> ; logon script = %U.bat
>
> # Where to store roaming profiles for WinNT and Win2k
> # %L substitutes for this servers netbios name, %U is username
> # You must uncomment the [Profiles] share below
> ; logon path = \\%L\Profiles\%U
>
> # Where to store roaming profiles for Win9x. Be careful with this as it also
> # impacts where Win2k finds it's /HOME share
> ; logon home = \\%L\%U\.profile
>
> # The add user script is used by a domain member to add local user accounts
> # that have been authenticated by the domain controller, or by the domain
> # controller to add local machine accounts when adding machines to the domain.
> # The script must work from the command line when replacing the macros,
> # or the operation will fail. Check that groups exist if forcing a group.
> # Script for domain controller for adding machines:
> ; add user script = /usr/sbin/useradd -s /bin/false %u
> # Script for domain member for addig local accounts for authenticated users:
> ; add user script = /usr/sbin/useradd -s /bin/false %u
>
> # 7. Name Resolution Options:
> # All NetBIOS names must be resolved to IP Addresses
> # 'Name Resolve Order' allows the named resolution mechanism to be specified
> # the default order is "host lmhosts wins bcast". "host" means use the unix
> # system gethostbyname() function call that will use either /etc/hosts OR
> # DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf
> # and the /etc/resolv.conf file. "host" therefore is system configuration
> # dependant. This parameter is most often of use to prevent DNS lookups
> # in order to resolve NetBIOS names to IP Addresses. Use with care!
> # The example below excludes use of name resolution for machines that are NOT
> # on the local network segment
> # - OR - are not deliberately to be known via lmhosts or via WINS.
> ; name resolve order = wins lmhosts bcast
Uncomment if you have a different wins server.
>
> # Windows Internet Name Serving Support Section:
Uncomment one of these two, wins usually helps speed up name resolution
under windows.
> # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
> ; wins support = yes
>
> # WINS Server - Tells the NMBD components of Samba to be a WINS Client
> # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
> ; wins server = w.x.y.z
>
> # WINS Proxy - Tells Samba to answer name resolution queries on
> # behalf of a non WINS capable client, for this to work there must be
> # at least one WINS Server on the network. The default is NO.
> ; wins proxy = yes
>
> # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
> # via DNS nslookups. The built-in default for versions 1.9.17 is yes,
> # this has been changed in version 1.9.18 to no.
> dns proxy = no
>
> # 8. File Naming Options:
> # Case Preservation can be handy - system default is _no_
> # NOTE: These can be set on a per share basis
> ; preserve case = no
> ; short preserve case = no
> # Default case is normally upper case for all DOS files
> ; default case = lower
> # Be very careful with case sensitivity - it can break things!
> ; case sensitive = no
>
> # Enabling internationalization:
> # you can match a Windows code page with a UNIX character set.
> # Windows: 437 (US), 737 (GREEK), 850 (Latin1 - Western European),
> # 852 (Eastern Eu.), 861 (Icelandic), 932 (Cyrillic - Russian),
> # 936 (Japanese - Shift-JIS), 936 (Simpl. Chinese), 949 (Korean Hangul),
> # 950 (Trad. Chin.).
> # UNIX: ISO8859-1 (Western European), ISO8859-2 (Eastern Eu.),
> # ISO8859-5 (Russian Cyrillic), KOI8-R (Alt-Russ. Cyril.)
> # This is an example for french users:
> ; client code page = 850
> ; character set = ISO8859-1
>
>
> #============================ Share Definitions ==============================
> [homes]
> comment = Home Directories
> browseable = no
> writable = yes
>
Uncomment this if you are running a domain controller.
> # Un-comment the following and create the netlogon directory for Domain Logons
> ; [netlogon]
> ; comment = Network Logon Service
> ; path = /var/lib/samba/netlogon
> ; guest ok = yes
> ; writable = no
> ; share modes = no
>
> #Uncomment the following 2 lines if you would like your login scripts to
> #be created dynamically by ntlogon (check that you have it in the correct
> #locationn (the default of the ntlogon rpm available in contribs)
> ;root preexec = /usr/bin/ntlogon -u %U -g %G -o %a -d /var/lib/samba/netlogon
Uncomment previous and next if you run a domain controller, and want
dynamic login scripts, but change previous to
root preexec = /usr/bin/ntlogon -u %U -g %G -o %a -d
/var/lib/samba/netlogon/
> ;root postexec = rm -f /var/lib/samba/netlogon/%U.bat
>
Uncomment next if you enabled roaming profiles above. Ensure the
directory is writeable by everyone who would log into a domain account,
unless you are prepared to make profile directories manually (this is
what we do).
> # Un-comment the following to provide a specific roving profile share
> # the default is to use the user's home directory
> ;[Profiles]
> ; path = /var/lib/samba/profiles
> ; browseable = no
> ; guest ok = yes
>
>
> # NOTE: If you have a CUPS print system there is no need to
> # specifically define each individual printer.
> # You must configure the samba printers with the appropriate Windows
> # drivers on your Windows clients. On the Samba server no filtering is
> # done. If you wish that the server provides the driver and the clients
> # send PostScript ("Generic PostScript Printer" under Windows), you have
> # to swap the 'print command' line below with the commented one.
> [printers]
> comment = All Printers
> path = /var/spool/samba
> browseable = no
> # to allow user 'guest account' to print.
> guest ok = yes
> writable = no
> printable = yes
> create mode = 0700
> # =====================================
> # print command: see above for details.
> # =====================================
> #print command = lpr-cups -P %p %s # using cups own drivers (use generic PostScript
>on clients).
> #print command = lpr-cups -P %p %s # using cups own drivers (use generic PostScript
>on clients).
> #lpq command = lpstat -o %p
> #lprm command = cancel %p-%j
>
Something is wrong here, if you are going to use client side drivers.
Grab the lines from /etc/samba/smb-winbind.conf instead.
Uncomment next share if you want to upload printer drivers.
> # This share is used for Windows NT-style point-and-print support.
> # To be able to install drivers, you need to be either root, or listed
> # in the printer admin parameter above. Note that you also need write access
> # to the directory and share definition to be able to upload the drivers.
> # You must disable (by commenting out) the share above if you enable this.
> # For more information on this, please see the Printing Support Section of
> # /usr/share/doc/samba-2.2.1a/docs/Samba-HOWTO-Collection.pdf
> # Please note that this has not yet been tested as packaged here with CUPS.
> ;[print$]
> ; path = /var/lib/samba/printers
> ; browseable = yes
> ; read only = yes
> ; write list = @adm root
>
> # This one is useful for people to share files
> ;[tmp]
> ; comment = Temporary file space
> ; path = /tmp
> ; read only = no
> ; public = yes
>
> # A publicly accessible directory, but read only, except for people in
> # the "staff" group
> [public]
> comment = Public Stuff
> path = /home/samba/public
> public = yes
> writable = no
> write list = @staff
>
> # Other examples.
> #
> # A private printer, usable only by Fred. Spool data will be placed in Fred's
> # home directory. Note that fred must have write access to the spool directory,
> # wherever it is.
> ;[fredsprn]
> ; comment = Fred's Printer
> ; valid users = fred
> ; path = /homes/fred
> ; printer = freds_printer
> ; public = no
> ; writable = no
> ; printable = yes
>
> # A private directory, usable only by Fred. Note that Fred requires write
> # access to the directory.
> ;[fredsdir]
> ; comment = Fred's Service
> ; path = /usr/somewhere/private
> ; valid users = fred
> ; public = no
> ; writable = yes
> ; printable = no
>
> # a service which has a different directory for each machine that connects
> # this allows you to tailor configurations to incoming machines. You could
> # also use the %u option to tailor it by user name.
> # The %m gets replaced with the machine name that is connecting.
> ;[pchome]
> ; comment = PC Directories
> ; path = /usr/pc/%m
> ; public = no
> ; writable = yes
>
> # The following two entries demonstrate how to share a directory so that two
> # users can place files there that will be owned by the specific users. In this
> # setup, the directory should be writable by both users and should have the
> # sticky bit set on it to prevent abuse. Obviously this could be extended to
> # as many users as required.
> ;[myshare]
> ; comment = Mary's and Fred's stuff
> ; path = /usr/somewhere/shared
> ; valid users = mary fred
> ; public = no
> ; writable = yes
> ; printable = no
> ; create mask = 0765
>
It all depends on how you are setup. The reason there are so many config
options is because people needed them. Getting them right for your
environment requires knowledge of your network, but the majority of
things that can work out-the-box do.
But, I have no input on the samba wizard, so it may be more worthwhile to :
$ su
# kate smb.conf
(or preferred editor that has syntax support for smb.conf, such as
vim-enhanced)
and
$ man smb.conf
Also, you might at least want to read
http://ranger.dnsalias.com/mandrake/muo/connect/csamba6.html if you want
to run a domain controller, or
http://ranger.dnsalias.com/mandrake/muo/connect/csamba5.html if you want
to run a domain member (also, if you have two samba servers, one of
which is a domain controller).
I did an article on Mandrake Forum about a year ago on printing in
samba-2.2.x, which covered most of the printing related stuff (including
uploading printer drivers).
<IMHO>SWAT isn't supported by me. Webmin I will tolerate. Linuxconf
should be removed.</IMHO>
Buchan
--
|----------------Registered Linux User #182071-----------------|
Buchan Milne Mechanical Engineer, Network Manager
Cellphone * Work +27 82 472 2231 * +27 21 8828820x121
Stellenbosch Automotive Engineering http://www.cae.co.za
GPG Key http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
