Re: [Samba] Cannot set ACL for "Authenticated Users"
Hi Jeremy, thanks for your answer. Le 29/04/2011 20:00, Jeremy Allison a écrit : On Fri, Apr 29, 2011 at 04:11:34PM +0200, Arnaud Lesauvage wrote: Yes, windows PDC running Windows 2003 R2 (NO unix extensions). wbinfo -u works fine. But "wbinfo -Y S-1-5-11" returns "Could not convert sid S-1-5-11 to gid" And that is exactly what happened to the OP of the discussion I quoted in my original message. Try "force unknown acl user = yes" Nope, no better. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cannot set ACL for "Authenticated Users"
Le 29/04/2011 14:45, Aaron E. a écrit : Does the file system your working with support ACL? IS it set to use acls in the /etc/fstab? Hi Aaron, thanks for your answer. Yes, it is set to use ACL and usr_xattr. Both work well. But "Authenticated Users" seem to be not mappable to a gid. On 04/29/2011 06:24 AM, Arnaud Lesauvage wrote: Hi list ! I have found someone having a similar problem back in 2007 (http://lists.samba.org/archive/samba/2007-April/131574.html), but as I understand it, this problem is fixed for a long time now. So basically, I am trying to give "Authenticated Users" some permissions on a folder in a samba share, but when I wheck back either with my windows GUI or via getfacl, the permission has just been dismissed and nothing ahas changed. The serveur is running samba version 3.2.7 on OpenSuse 11. Here is the result of testparm : [global] workgroup = dom realm = dom.ext server string = Samba Server security = ADS password server = pdc1.dom.ext pdc2.dom.ext idmap uid = 1200-2 idmap gid = 1200-2 winbind separator = + winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind expand groups = 3 And for the share where the folder is stored : [data] comment = data path = /srv/samba/data valid users = "@LOCAL+Domain Users" admin users = "@LOCAL+Domain Admins" read only = no browseable = no map acl inherit = yes inherit acls = yes create mask = 0600 directory mask = 0700 store dos attributes = yes csc policy = disable What should I change to be able to attribute permissions to the "Authenticated Users" group ? Thanks a lot for your help ! Arnaud -- Arnaud Lesauvage IT Executive Codata Belgium SA 143-145, Avenue bourgmestre Jean Materne - 5100 Namur - Belgium Tel : +32 81 21 53 48 - Fax : +32 81 21 54 24 Mel : arnaud.lesauv...@codata.eu Web : http://www.codata.eu/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cannot set ACL for "Authenticated Users"
Yes, windows PDC running Windows 2003 R2 (NO unix extensions). wbinfo -u works fine. But "wbinfo -Y S-1-5-11" returns "Could not convert sid S-1-5-11 to gid" And that is exactly what happened to the OP of the discussion I quoted in my original message. Le 29/04/2011 16:00, Aaron E. a écrit : Windows PDC? Does wbinfo -u return a list of domain users? On 04/29/2011 09:44 AM, Arnaud Lesauvage wrote: Le 29/04/2011 14:45, Aaron E. a écrit : Does the file system your working with support ACL? IS it set to use acls in the /etc/fstab? Hi Aaron, thanks for your answer. Yes, it is set to use ACL and usr_xattr. Both work well. But "Authenticated Users" seem to be not mappable to a gid. On 04/29/2011 06:24 AM, Arnaud Lesauvage wrote: Hi list ! I have found someone having a similar problem back in 2007 (http://lists.samba.org/archive/samba/2007-April/131574.html), but as I understand it, this problem is fixed for a long time now. So basically, I am trying to give "Authenticated Users" some permissions on a folder in a samba share, but when I wheck back either with my windows GUI or via getfacl, the permission has just been dismissed and nothing ahas changed. The serveur is running samba version 3.2.7 on OpenSuse 11. Here is the result of testparm : [global] workgroup = dom realm = dom.ext server string = Samba Server security = ADS password server = pdc1.dom.ext pdc2.dom.ext idmap uid = 1200-2 idmap gid = 1200-2 winbind separator = + winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind expand groups = 3 And for the share where the folder is stored : [data] comment = data path = /srv/samba/data valid users = "@LOCAL+Domain Users" admin users = "@LOCAL+Domain Admins" read only = no browseable = no map acl inherit = yes inherit acls = yes create mask = 0600 directory mask = 0700 store dos attributes = yes csc policy = disable What should I change to be able to attribute permissions to the "Authenticated Users" group ? Thanks a lot for your help ! Arnaud -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cannot set ACL for "Authenticated Users"
Le 29/04/2011 14:45, Aaron E. a écrit : Does the file system your working with support ACL? IS it set to use acls in the /etc/fstab? Hi Aaron, thanks for your answer. Yes, it is set to use ACL and usr_xattr. Both work well. But "Authenticated Users" seem to be not mappable to a gid. On 04/29/2011 06:24 AM, Arnaud Lesauvage wrote: Hi list ! I have found someone having a similar problem back in 2007 (http://lists.samba.org/archive/samba/2007-April/131574.html), but as I understand it, this problem is fixed for a long time now. So basically, I am trying to give "Authenticated Users" some permissions on a folder in a samba share, but when I wheck back either with my windows GUI or via getfacl, the permission has just been dismissed and nothing ahas changed. The serveur is running samba version 3.2.7 on OpenSuse 11. Here is the result of testparm : [global] workgroup = dom realm = dom.ext server string = Samba Server security = ADS password server = pdc1.dom.ext pdc2.dom.ext idmap uid = 1200-2 idmap gid = 1200-2 winbind separator = + winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind expand groups = 3 And for the share where the folder is stored : [data] comment = data path = /srv/samba/data valid users = "@LOCAL+Domain Users" admin users = "@LOCAL+Domain Admins" read only = no browseable = no map acl inherit = yes inherit acls = yes create mask = 0600 directory mask = 0700 store dos attributes = yes csc policy = disable What should I change to be able to attribute permissions to the "Authenticated Users" group ? Thanks a lot for your help ! Arnaud -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Cannot set ACL for "Authenticated Users"
Hi list ! I have found someone having a similar problem back in 2007 (http://lists.samba.org/archive/samba/2007-April/131574.html), but as I understand it, this problem is fixed for a long time now. So basically, I am trying to give "Authenticated Users" some permissions on a folder in a samba share, but when I wheck back either with my windows GUI or via getfacl, the permission has just been dismissed and nothing ahas changed. The serveur is running samba version 3.2.7 on OpenSuse 11. Here is the result of testparm : [global] workgroup = dom realm = dom.ext server string = Samba Server security = ADS password server = pdc1.dom.ext pdc2.dom.ext idmap uid = 1200-2 idmap gid = 1200-2 winbind separator = + winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind expand groups = 3 And for the share where the folder is stored : [data] comment = data path = /srv/samba/data valid users = "@LOCAL+Domain Users" admin users = "@LOCAL+Domain Admins" read only = no browseable = no map acl inherit = yes inherit acls = yes create mask = 0600 directory mask = 0700 store dos attributes = yes csc policy = disable What should I change to be able to attribute permissions to the "Authenticated Users" group ? Thanks a lot for your help ! Arnaud -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Set "hidden" attribute on folder
Hi list I have set up a share with "map hidden = yes", "create mask = 0777" and "directory mask = 0777". Setting and removing the "hidden" attribute on a file works as expected, but not on folders. If I check the unix permissions on the folders, the execute bit is always set for "other". Is this not implemented ? I know it is possible to manually hide folders by adding them in "hide files", but I would like users and applications to be able to set this attribute themselves. Regards -- Arnaud Lesauvage -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] krb5.conf in /var/lib/samba/smb_krb5 very different from original
Hi all ! I have some problems browsing a samba share from a Canon ImageRunner printer. It tries to write to a share located on a samba server, configured to authenticate users against a windows 2003 Active directory. Samba version 3.2.6 is running on opensuse 11.1. After a lot of search, I tought that maybe it did not support the encryption type requested by my Samba server, so I checked my kerberos configuration. To my surprise, I found a krb5.conf.MYDOMAIN file in /var/lib/samba/smb_krb5, and this file is quite different from my /etc/krb5.conf file. For instance, the 'enc_types...' lines do not match. In /var/lib/samba/smb_krb5/krb5.conf.MYDOMAIN I have [libdefaults] default_realm = MYDOMAIN.LOCAL default_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5 default_tkt_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5 preferred_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5 And in /etc/krb5.conf [libdefaults] default_realm = MYDOMAIN.LOCAL clockskew = 300 default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc I created the /etc/krb5.conf manually following different tutorials about active directory integration, so I am puzzled to find this totally different configuration here. So my questions are quite obvious : Which one is used by samba for authentication ? Where do these configuration parameters come from ? And, last but not least, how do I change this configuration ? Thanks a lot for your help ! Regards -- Arnaud Lesauvage -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba