Re: [Samba] Documentation issue.
On 13 October 2012 15:39, G.W. Haywood wrote: > Hi there, > > In > > http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/AccessControls.html > > all the links in tables 16.2, 16.3 and 16.4 seem to be dead. They should perhaps point here instead: http://www.samba.org/samba/docs/man/manpages/smb.conf.5.html -- Michael Wood -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] How can I show only the shares that user have access to in SAMBA
Dear All, As I have a issue to display only those shares the users have access too.. i am really trying to find a solution and came across a post http://serverfault.com/questions/144339/hiding-samba-share-from-browse-list-for-unauthorised-users its about the include statement this would exactly achieve my purpose but when I did that as I could put browseable = no in my kmplan section of my smb.conf file and browseable = yes in the include file testparm says Can't find include file /etc/samba/%G.conf i did try with other variables like u or U but its the same Appreciate your help regards simon --- On Thu, 10/11/12, simon ben wrote: From: simon ben Subject: Re: [Samba] How can I show only the shares that user have access to in SAMBA To: "Björn JACKE" Cc: samba@lists.samba.org Date: Thursday, October 11, 2012, 1:04 PM Dear Bjorn, Indeed so grateful for your quick reply I was indeed using earlier samba actually I just installed it using yum. now I did upgrade samba to recent one samba 3.6.8 and after running the testparm command displayed no errors but still I was not able to achieve my goal as christian mentioned in his reply i do think his mistaken cause there are many guys whos post i see and they have solved it by adding just his 2 below command in their smb.conf file hide unreadable = Yes hide unwriteable files = Yes Is there anything I could look into as I mentioned before I have used webmin to create both local and samba users whos user names are the same and so also groups here below my smb.conf [global] workgroup = MYGROUP server string = Samba Server Version %v disable spoolss = Yes domain master = No idmap config * : backend = tdb cups options = raw [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes print ok = Yes browseable = No [kmplan] comment = masterplan testing directory path = /opt/network/testplan valid users = @localgrp write list = @localgrp read only = No hide unreadable = Yes hide unwriteable files = Yes access based share enum = Yes also here below are the permissions of /opt/network/testplan directory drwxrws--T 3 root localgrp 4096 Oct 10 19:39 testplan Actually every things works fine what I mean is if I log in as a user who belongs to localgrp I can read/write the kmplan share which is perfect but when i log in as user who does not belong to localgrp i can see the kmplan share although i cannot access it. as christian said i can hide the share but even for valid users the share is hidden n i obviously dont want to hide the share for valid users regards simon --- On Thu, 10/11/12, Björn JACKE wrote: From: Björn JACKE Subject: Re: [Samba] How can I show only the shares that user have access to in SAMBA To: "simon ben" Cc: samba@lists.samba.org Date: Thursday, October 11, 2012, 2:10 AM On 2012-10-11 at 01:22 -0700 simon ben sent off: > but when I do a testparm it gives a error > --- > [root@kmshare samba]# testparm /etc/samba/smb.conf > Load smb config files from /etc/samba/smb.conf > Unknown parameter encountered: "access based share enum" > Ignoring unknown parameter "access based share enum" then your Samba version is too old then. This parameter was introduced with Samba 3.6 I think (maybe 3.5 already). On http://www.enterprisesamba.org you might find recent packages for your distribution that support that feature. Cheers Björn -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen ☎ +49-551-37-0, ℻ +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba Digest, Vol 118, Issue 14
Pessoal, bom dia! Estarei de férias no período de 05/10 a 28/10, retornando no dia 29/10/2012. Na minha ausência as dúvidas poderão ser resolvidas pela seguinte equipe: Ricardo: Coordenação da equipe TI, e-mails e servidores – AMP e Inpacom - (011) 3616-1417 Igor: Gemma - AMP e Inpacom - (011) 3616-1438 Luciano e Vagner: Ginjo/ Silbra - Todos os sistemas - (011) 3659-3096 Robson: Indisa - Todos os sistemas - (019) 3765-6000 Essa é uma resposta automática. Até mais. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Documentation issue.
Hi there, In http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/AccessControls.html all the links in tables 16.2, 16.3 and 16.4 seem to be dead. -- 73, Ged. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Joining Samba RODC, NT_STATUS_NOT_SUPPORTED
Dear Matthieu, After joining should I change just IP addresses in krb5.conf, smb.conf, lmhost to the local IP address? Could you please summary the steps from remote join to local authentication and getting user list? Thanks, -- Oguz YILMAZ On Sat, Oct 13, 2012 at 11:21 AM, Matthieu Patou wrote: > On 10/13/2012 01:18 AM, Oguz Yilmaz wrote: >> >> I have joined to central DC. AFAIK winbind/samba creates a machine >> account? What other thing is done in Active Directory DC during join >> process? I want to fully understand what samba is doing to be able to >> guide DC administrator. >> >> After this I can not join local DC again. If Central DC replicates >> into local DC, this machine account etc should have been replicated >> into local DC. Isnt it possible to disable this machine account >> creation process? > > If you joined the central one and waited for the replication why rejoin on > the local RODC one ? > > > Matthieu. > > -- > Matthieu Patou > Samba Team > http://samba.org > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] can not change mandatory owner to administrators
On Sat, 2012-10-13 at 09:58 +0330, Mohammad Ebrahim Abravi wrote: > Solved > > Thanks a lot Thanks. The root of the issue is this automatically generated entry in your idmap.ldb: # record 12 dn: CN=S-1-5-32-544 cn: S-1-5-32-544 objectClass: sidMap objectSid: S-1-5-32-544 type: ID_TYPE_GID xidNumber: 10 distinguishedName: CN=S-1-5-32-544 What we need to do in your case is to remove that record, so it becomes regenerated as an IDMAP_BOTH. We also need to remove the generation of that record from provision. The issue is that as a GID, you of course can't own a file. The ntvfs file server papered over this issue (didn't deal with file ownership at a unix level), but the smbd file server needs to correctly set posix permissions. I hope this clarifies things. If you can please file a bug, I'll try not to forget this. Thanks, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Joining Samba RODC, NT_STATUS_NOT_SUPPORTED
On 10/13/2012 01:18 AM, Oguz Yilmaz wrote: I have joined to central DC. AFAIK winbind/samba creates a machine account? What other thing is done in Active Directory DC during join process? I want to fully understand what samba is doing to be able to guide DC administrator. After this I can not join local DC again. If Central DC replicates into local DC, this machine account etc should have been replicated into local DC. Isnt it possible to disable this machine account creation process? If you joined the central one and waited for the replication why rejoin on the local RODC one ? Matthieu. -- Matthieu Patou Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Joining Samba RODC, NT_STATUS_NOT_SUPPORTED
I have joined to central DC. AFAIK winbind/samba creates a machine account? What other thing is done in Active Directory DC during join process? I want to fully understand what samba is doing to be able to guide DC administrator. After this I can not join local DC again. If Central DC replicates into local DC, this machine account etc should have been replicated into local DC. Isnt it possible to disable this machine account creation process? Thank you -- Oguz On Fri, Oct 12, 2012 at 10:53 AM, Matthieu Patou wrote: > On 10/12/2012 12:05 AM, Oguz Yilmaz wrote: >> >> RODC is Windows Server 2008 R2 Enterprise 7601 Service Pack 1. >> What do you suggest? We keep rodc as read only. How can I join and >> continue to auth and get user list over read only dc? > > Your first problem is the join, I think this can only be done with a RWDC. > As for the day to day use I think it's possible to use a RODC but if you > didn't allow the RODC to replicate then every auth request will be proxied > from the RODC to the RWDC. > The list of users will be served by the RODC directly. > > > Matthieu. > > -- > Matthieu Patou > Samba Team > http://samba.org > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Getting user list for each group
I use Winbind auth for squid-dansguardian ntlm authentication purpose. I need matching users/group for filtering in squid/dansguardian. getent group is used for finding users for groups except for group Domain Users. getent passwd is used for finding all users and specifically users for group Domain Users (over group ID). This requires enumeration option(winbind enum users, winbind enum groups) enabled in smb.conf. For thousands of users this may block many system functions puts wait even for tcpdump and ssh logins. So, I want to disable enum options end stop using getent. Are there any way to get user list for each group with wbinfo or any other other tools? What may be the best practice for the aim in paragraph 1? Thank you and Best Regards, -- Oguz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Question about printing
Hello all, is it possible to print from a linux box to a printer, shared on a windows 7 box? In Windows 7 the Administrator account is deactivated without a password in default. Have i to enable the account? Have i to set a password? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba