RE: [Samba] guest not permitted to access share
Check the posix permissions in the shares are set to allow the group nobody (or whichever you are mapping as guest) to r/w. Check the logs at level 3, am willing to bet there is a Chdir/Permission Denied error somewhere... Carlos -Original Message- From: [EMAIL PROTECTED] on behalf of John Drescher Sent: Thu 9/27/2007 11:23 AM To: Wayne Johnson Cc: samba@lists.samba.org; Jacek Kowalski Subject: Re: [Samba] guest not permitted to access share On 9/27/07, Wayne Johnson [EMAIL PROTECTED] wrote: I'm having a similar problem. We're both using security=ads. I tried security=domain, same issue. I'm properly joined to the domain. It's a domain user that's having the issue. If I set up a Unix account for them, it works. I'd rather not have to set up 300 unix accounts just for guest access. Could this be the same issue as having to prefix domain users in write list with their domain? Is the guest account (guest or nobody) able to able to access the folder you are mounting as a samba share on your native unix filesystem? John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] wbinfo
Do a getent passwd. Do you get a list of the local *and* domain users? Carlos -Original Message- From: [EMAIL PROTECTED] on behalf of Jason Greene Sent: Wed 9/19/2007 9:03 AM To: samba@lists.samba.org Subject: [Samba] wbinfo Hi, I am trying to configure a RHEL-4 server with SAMBA. We need the server to authenticate against our Windows AD servers. We have several trusted domains. I have been working with RedHat's support and so far they have not been able to resolve this issue. We can join the domain but we cannot map the shares from any pc (windows or linux) using a domain account (user or admin) It takes up to 12 attempts to get a response from wbinfo -u or -g. We don't have any local firewalls running and the network firewalls are open on the necessary ports. I don't know what else to put in the request for help. -- Jason Greene -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba and AD: Strange problem with connection
Please check: 1 - that your nsswitch.conf file is correctly configured. 2 - use klist to verify the tokens are A ok, if not kinit to refresh. 3 - verify that the server joined the domain as a regular mcomputer and not a DC. 4 - check that the DNS related things are all correct: windows DNS, linux hosts file,lmhosts, wins (if used) etc. 5 - verify AD is set to Mixed Mode. Please post your smb.conf... Carlos -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tristan Alder Sent: Friday, September 07, 2007 3:22 PM To: samba@lists.samba.org Subject: [Samba] Samba and AD: Strange problem with connection Hi, I have BIG problem with samba and Active Directory. Usually it can't get sid... But sometimes it works And it can connect to AD. Until restart net rpc getsid; Unable to find a suitable server sometimes it gets -- Storing SID S-1-5-21-232394995-2236763843-2194921025 for Domain SBSMENIS in secrets.tdb I have to make many tries to join to AD... And then it works... Until restart. samba 3.0.24-2ubuntu1.2 winbind3.0.24-2ubuntu1.2 libkrb53 1.4.4-5ubuntu3.1 this is in /var/log/samba/log.winbindd when i try get sid [2007/09/07 18:46:34, 0] nsswitch/winbindd_util.c:init_domain_list(518) Could not fetch our SID - did we join? [2007/09/07 18:46:34, 0] nsswitch/winbindd.c:main(1051) unable to initalize domain list Can anyone help me? -- Tristan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] FOUND SOLUTION and question: Cannot access shares after joining Samba to AD 2000 domain
We had a Samba Version 3.0.23c-4 workgroup server on clarkconnect 4.1 (had to hunt for kbr5-workstation!) with a smbpasswd back-end that was accessed from machines joined into an Active Directory Windows 2000 domain. We switched the Samba server to be a domain member. We have done this before so thought we knew all the could happen had already happened and took extra care to follow our experience. Did everything right, wbinfo and getent all showed fine etc etc etc. The logs showed everything working etc. We also started with a fresh samba cache, passwd, group and smbpasswd files. First issue was: - Shares displayed when connecting to the server via \\servername or \\ip.ser.ve.r but couldn't access them. After much cajoling we found out the underlying issue: the shares all pointed to directories inside an external drive, and while the directories had correct permissions, the mount point didn't. We had great fun turning access on and off by simply doing chgrp on the mount point. Weird, and to my knowledge, undocumented. - Then we had another harrowing expeirence, when certain users couldn't even get the share list via \\servername and got a login screen when they did \\ip.ser.ve.r If we typed correct authentication info there would still be no success. We identified the issue as an authentication issue on the client side: A) Clients whose username and passwords where the same in the domain and the smbpasswd had no problems B) Clients whose username was different had the issue. We renamed the accounts on the domain to fit that of the old smbpasswd. Yet now we got the same login screen, no success. Then we changed the account passwords. Logged off. Logged in, got the same login screen, but we could login now. We logged off again. We got the login screen but this time we checked remember. Logged off again... Then it worked even if the password changed, as expected. What is the root issue of this at a technical level? It is weird it behaved different when authenticating via domain or ip. It weird in general! WE HAVE ALREADY SOLVED THESE ISSUES. However, have others experienced this? Thanks, Carlos -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Setting up Print$ share
-Original Message- From: Ken Smith Is there some obvious config setting that I have missed? Hard to tell if you don't provide smb.conf Carlos -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] inconsistency?
I get similar errors when I have dummy shares (ie shares in smb.conf that point to non-existent directories), check that too. However if using as PDC, the most common situation is when the samba server is not in the DNS/WINS for given machine. If it is standalone, then make sure there is no AD server in the same workgroup: it can kick out the samba server as not trusted for the domain/workgroup. You can join it into the AD as member server to fix this, and if the AD server is also dns server, it will take care of that too. All said and done, read the docs. It seems like you are missing a part of the network planning. Carlos -Original Message- From: [EMAIL PROTECTED] on behalf of John Drescher Sent: Fri 8/3/2007 12:49 PM To: joop gerritse Cc: samba@lists.samba.org Subject: Re: [Samba] inconsistency? On 8/3/07, joop gerritse [EMAIL PROTECTED] wrote: I am less than familiar with Microsoft, so I guess it might be an FAQ... if I click on network neighborhood which reveals a Samba server, it shows a list of all shares. If I click on a share, I get a message cannot find share name. Somehow this does not sound logical to me... what is wrong? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba This is not normal with samba. Perhaps something is wrong with either your permissions on the share or your network browsing (WINS, DNS or lmhosts). John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] maybe I should explain what i am after!
Translation: If you need help, sweat a little, and show us why we should. Otherwise, RTFM. Carlos From: Felipe Augusto van de Wiel This is not exactly a RTFM, but you will need to give us more information if you really want help, smb.conf, logs and better subject lines would be a great improvement. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] SSO across multiple physical subnets
I assume the remote VPNs are full tunnels, and that you can ping any of the computers in any of the networks from any of the networks. You should create trust relationships among all of the domains, along with permissions that allow logons and file access cross-domain - an important omission in the documentation. Search google with - trust relationship site:samba.org -. You will also want wins running on all servers, and that each server calls the others and allows calls from the servers. This is also documented. The key with the laptop users is to logon first to the home domain. This caches the profile password, and as long as the password is not changed (in either side) while the home server is unavailable, everything will be OK. Assuming 2000, XP, and/or Vista clients, of course. (You might also want to consider an LDAP backend with master/slave relationships among them, but this is highly complex and error prone if you are not an LDAP expert.) I run similar complex setups without a problem, the key is to make sure the smb.conf has the wins and subneting info in place, that the trust relationships work, and that permissions are set correctly. It does require some planning, an quite an amount of rote work, but all the documentation is right there in samba.org. This is done pretty much in the same way it was done in NT4, so any docus/flowcharts you find for NT4 apply to samba. Samba howto/docs + NT4 charts = easiest way Thanks, Carlos -Original Message- From: [EMAIL PROTECTED] on behalf of Thomas Smith Sent: Sun 7/29/2007 9:22 PM To: samba@lists.samba.org Subject: [Samba] SSO across multiple physical subnets Hi, I¹ve been reading up on SSO-based logins for the last couple of weeks. I¹ve found a lot of information about it, but nothing that matches my situation. Here¹s the gist of my situation... - I have a Samba 3 PDC in our corporate office as well as three remote offices. - Each remote office is in a different physical building and connected to the Corporate office either via Point-to-Point T-1 or a Cisco PIX on-demand VPN tunnel. Each office resides in a separate IP subnet. - Each office is a separate domain. Each server has it's own domain user and group accounts. - I have laptop users who travel between the various offices on a regular basis. I also have some desktop users who travel to remote offices to provide training and such. What I'd like to do is make this a fault tolerant, SSO environment. Fault tolerance is very important for us in case one of the VPN tunnels or T-1s goes down--each office would still need to be able to log in to their server(s) and work. Another challenge has been laptop users--if they're configured for the Corporate office domain, they cannot access the domains of remote offices while on-site at those locations. This has always been a manual workaround for them to get access to printers and network shares. Can anyone suggest a direction to go in here? I know this is a lot, I'm not looking for someone to do the work. I just need some help locating the appropriate technology or how-tos for configuring something of this scale. Thanks, in advance, for your help! ~ Tom -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3.0.22 error with domain accounts
As a suggestion, do not publish your SIDs on the web. If any of us wanted to, we would be able to hack into your network quite easily. Carlos -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gaiseric Vandal Sent: Monday, May 21, 2007 1:59 PM To: samba@lists.samba.org Subject: [Samba] Samba 3.0.22 error with domain accounts I have compiled Samba 3.0.22 on Solaris 10 (sparc.) It has been configured as a PDC with a domain of, say, SAMBADOMAIN. It has some predefined group mappings for the Administrators and Domain Admins group. These mappings were dropped in later versions of Samba. (I have been working with 3.0.24 as well. Unfortunately it doesn't seem to play nice with Sun's PC Netlink so I am hoping a older version might.) # net groupmap list System Operators (S-1-5-32-549) - -1 Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - -1 Domain Users (S-1-5-21-3994835435-1155125117-4257552229-513) - -1 Power Users (S-1-5-32-547) - -1 Print Operators (S-1-5-32-550) - -1 *Administrators (S-1-5-32-544) - -1*** Domain Admins (S-1-5-21-1184431512-2651584230-490432928-512) - -1 Domain Guests (S-1-5-21-1184431512-2651584230-490432928-514) - -1 Account Operators (S-1-5-32-548) - -1 Domain Users (S-1-5-21-1184431512-2651584230-490432928-513) - -1 *Domain Admins (S-1-5-21-3994835435-1155125117-4257552229-512) - -1*** Domain Guests (S-1-5-21-3994835435-1155125117-4257552229-514) - -1 Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - -1 There is no unix group with GID -1 so I am not quite sure if I should be explicitly changing the group mappings to match real groups. I do have a unix group administrators defined, which includes the root and administrator account (this was for version 3.0.24.) I joined this machine to its own domain: # net join SAMBADOMAIN -U root I can list users from, or add users to, local groups e.g. #net rpc group ADDMEM Administrators root #net rpc group ADDMEM Administrators administrator but not with domain groups, whether predefined or not: e.g. # bin/net groupmap add ntgroup=Domain Admins unixgroup=domadm rid=512 type=d adding entry for group Domain Admins failed! e..g. #net groupmap add ntgroup=Engineering unixgroup=engr rid=10300 type=d Successfully added group Engineering to the mapping db #/net rpc group members engineering : [2007/05/18 14:42:08, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790) rpc_api_pipe: Remote machine 127.0.0.1 pipe \samr fnum 0x721ereturned critical error. Error was Call returned zero bytes (EOF) [2007/05/18 14:42:08, 0] libsmb/clientgen.c:cli_rpc_pipe_close(375) cli_rpc_pipe_close: cli_close failed on pipe \samr, fnum 0x721e to machine 127.0.0.1. Error was Call returned zero bytes (EOF) I compiled the software on my linux workstation- but I get the same errors when running the net command against the solaris samba server. THe solaris server is configured as an LDAP client. So my questions are: 1 - What is causing the error (and how do I fix it)? 2 - Do I need to change the group mappings to match real unix group GID's? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Guide to porting to non-unix like systems?
I wonder, however, why port a networking system so completely tied-in to POSIX, like SMB, to a non-POSIX OS? What is the need? The experience (particularly with Samba3) has been that it is easier to add a POSIX layer to the OS than to keep 'fixing' samba. Yes. That also has the added advantage of immediate compatability with other systems that depend on POSIX. Carlos -Original Message- From: [EMAIL PROTECTED] on behalf of Andrew Bartlett Sent: Sat 4/28/2007 12:13 PM To: Andreas Fredriksson Cc: samba@lists.samba.org Subject: Re: [Samba] Guide to porting to non-unix like systems? On Sat, 2007-04-28 at 00:43 +0200, Andreas Fredriksson wrote: Hi, I'd like to get a rough idea on how much work it would be to port Samba to a non-unix platform. My plan was to use a slimmed-down samba to read and write files on a particularly unfriendly piece of proprietary hardware we use at work. I'm fine with a minimalistic samba as this port would be for internal, single-developer use and not intended for file serving in general. Here are some things I'm wondering about, given the background: 1) Is fork() required, or could it be emulated via threads? Threads are not an option (we expect that variables will not be shared after the fork), but in Samba4 we can execute as a single process (as a state machine) 2) Could nmdb and smbd share a single process w.r.t 1) or is even possible to drop nmdb and just serve stuff slowly with a single smbd process? nmbd is required for browsing and name registration. In Samba4, it is just part of the smbd state machine. 3) Is Samba very tightly tied to the POSIX file/directory APIs? My intended target system has a rich I/O API (including async capabilities and various bells and whistles) but the APIs are fairly exotic and don't map well to e.g. DIR and file descriptors. Samba4 is less tied to this than Samba3, but doing without anything like POSIX will be hard. 4) Is there a checklist somewhere of stuff a target system for smbd/nmbd would have to support to make a port feasible? The experience (particularly with Samba3) has been that it is easier to add a POSIX layer to the OS than to keep 'fixing' samba. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] delete readonly = no ..not working on windows
Not built in. As mentioned, this is impossible to do in Windows itself (unless you do some pretty complicated Group Policy stuff in AD). Carlos -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of xrado Sent: Wednesday, April 18, 2007 11:52 AM To: samba@lists.samba.org Subject: Re: [Samba] delete readonly = no ..not working on windows so is there a way to prevent deletion of read-only flagged files? or maybe even disallow deletion of files with some prefix in file name anyway i want to prevent deletion of files that are marked some way on writeable share rado. Jeremy Allison wrote: On Tue, Apr 17, 2007 at 11:49:49PM +0200, xrado wrote: i tried with samba 3.0.22 and 3.0.24 and not working or i have something misconfigurated when i copy file to share it have -rwxrw after flaging it readonly become -r-xr- and i can still delete it with windows explorer any idea why? Firstly, modern Samba stores DOS attributes in extended attributes, so removing the 'w' bits doesn't make a file read-only, it changes the access permissions (not the same thing). Check what the setting of the user.DOSATTRIB ea is. Secondly, Windows explorer asks if you want to delete a read-only file first - if you say yes it removes the read-only attrib then deletes it. Samba works correctly with these calls. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] file permissions with inherit permission + ACL's
drwxrws---+ 2 ralfgro ve6 2007-04-18 17:28 testdir 2770 [drwxrws--] permissions will force inherit at the file level system, ignoring Samba. Set the directory to 0770 permissions, and new items would be created with 660 as per smb.conf Other thing is to insure that the main group for the user is the same for all users. Carlos -Original Message- From: Ralf Gross Sent: Wednesday, April 18, 2007 11:45 AM default:other::--- I created a new directory and a new file in this share. drwxrws---+ 2 ralfgro ve6 2007-04-18 17:28 testdir -rwxrwx---+ 1 ralfgro ve0 2007-04-18 17:28 testfile.txt # file: testdir # owner: ralfgro # group: ve user::rwx group::--- group:testgroup1:rwx group:testgroup2:rwx mask::rwx other::--- default:user::rwx default:group::--- default:group:testgroup1:rwx default:group:testgroup2:rwx default:mask::rwx default:other::--- The permissions of this new directory are fine. But new files should be created with 660 permissions, not 770. # file: testfile.txt # owner: ralfgro # group: ve user::rwx group::--- group:testgroup1:rwx group:testgroup2:rwx mask::rwx other::--- This is the relevant part of smb.conf: [testshare] force create mode = 0660 create mask = 0660 force directory mode = 2770 directory security mask = 2770 force directory security mode = directory mask = 2770 force security mode = security mask = 0770 inherit acls = yes inherit permissions = yes map archive = no map system = no ... Some of the options might be needless now, but I needed them as I used 'force group = ...' instead of 'inherit permissions'. I already played with the default mask ACL, but then I always ended with no executable bit on files _and_ directories which denies access to the new created directories... Any ideas? Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] SAMBA Problem - Users take ownership
Smb.conf share settings? carlos -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Travis Bullock Sent: Wednesday, April 18, 2007 4:09 PM To: samba Subject: Re: [Samba] SAMBA Problem - Users take ownership Can anyone help me with this? This is a serious problem and it is really screwing me over. Cheers, Travis Bullock Systems Administrator Avmax Group Inc. - Original Message - From: Travis Bullock [EMAIL PROTECTED] To: samba samba@lists.samba.org Sent: Saturday, April 14, 2007 10:12:30 AM (GMT-0700) America/Denver Subject: [Samba] SAMBA Problem - Users take ownership Hi, I have a problem with my Samba/WinBIND implementation. In folders shared by multiple people the last one to access and modify a file takes ownership of the file and changes the permissions so other users cannot make changes to the same file: [EMAIL PROTECTED] PLANNING RECORDS]# cd REGIONAL\ 1\ AIRLINE\ DOCS/ [EMAIL PROTECTED] REGIONAL 1 AIRLINE DOCS]# ls -al total 1232 drwxrws---+ 8 root AVMAX+Domain Admins 4096 Apr 13 13:16 . drwxrws---+ 23 root AVMAX+Domain Admins 4096 Apr 3 08:14 .. drwxrws---+ 7 root AVMAX+Domain Admins 4096 Mar 20 13:01 AALI Reserves drwxrws---+ 3 root AVMAX+Domain Admins 4096 Mar 20 13:02 Archived drwxrws---+ Documents for Reg. 1 -rwxrwx---+ 1 AVMAX+RMesheau AVMAX+Domain Admins 64512 Apr 13 12:56 LOG -rwxrwx---+ BOOK entry template.xls drwxrws---+ 6 root AVMAX+Domain Admins 4096 Mar 30 16:20 Logpages drwxrws---+ Monthly Templates Reports etc -rwxrwx---+ 1 AVMAX+ALee AVMAX+Domain Admins 552448 Apr 13 13:16 MOD SB -rwxrwx---+ Compliance Status ALEX.xls -r--rwx---+ 1 AVMAX+ALee AVMAX+Domain Admins 552448 Apr 12 13:35 MOD SB -r--rwx---+ Compliance Status.xls drwxrws---+ 2 root AVMAX+Domain Admins 4096 Mar 30 16:09 Monthly drwxrws---+ Workorder Templates drwxrws---+ 3 root AVMAX+Domain Admins 4096 Apr 3 09:06 SIP + Audit drwxrws---+ Spreadsheets drwxrws---+ 5 root AVMAX+Domain Admins 4096 Mar 20 13:04 Tally Sheets drwxrws---+ for Regional 1 I want all ownerships to remain root:AVMAX+Domain Admins with drwxrws--- set as the permissions. My ACL's look like this for a file: [EMAIL PROTECTED] REGIONAL 1 AIRLINE DOCS]# getfacl MOD\ SB\ Compliance\ Status.xls # file: MOD SB Compliance Status.xls # owner: AVMAX+ALee # group: AVMAX+Domain Admins user::r-- user:root:rwx group::rw- group:AVMAX+Planning:rwx mask::rwx other::--- I think group:AVMAX+Planning:rwx is good but appears to be ineffective once a user takes ownership of a file. And this for a directory: [EMAIL PROTECTED] REGIONAL 1 AIRLINE DOCS]# getfacl Tally\ Sheets\ for\ Regional\ 1/ # file: Tally Sheets for Regional 1 # owner: root # group: AVMAX+Domain Admins user::rwx group::rwx group:AVMAX+Planning:rwx mask::rwx other::--- default:user::rwx default:group::rwx default:group:AVMAX+Planning:rwx default:mask::rwx default:other::--- Any ideas as to why this is happening? Travis Bullock Systems Administrator Avmax Group Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] SAMBA Problem - Users take ownership
create mask = 0765 create mode = 0777 directory mode = 0770 force create mode = 000 Turn it to create mask = 2765 create mode = 2777 directory mode = 2770 Delete force create mode = 000 Test carlos -Original Message- From: Travis Bullock [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 18, 2007 4:19 PM To: Carlos Rivera-Jones Cc: samba Subject: Re: [Samba] SAMBA Problem - Users take ownership smb.conf file: [global] security = domain workgroup = AVMAX netbios name = atlas map to guest = Bad User encrypt passwords = yes password server = 10.2.32.1 10.2.0.4 10.4.0.3 username level = 0 #password server = 10.2.0.3 10.2.0.4 10.2.32.1 deadtime = 3 local master = no domain master = no domain logons = no wins support = yes remote announce = 10.4.0.0/20 10.3.0.0/20 #winbind use default domain = yes winbind separator = + winbind cache time = 10 idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes hosts allow = 10.0.0.0/20 10.2.0.0/20 10.2.32.0/20 10.2.16.0/20 10.3.0.0/16 10.128.0.0/16 10.4.0.0/16 interfaces = 10.2.0.12 192.168.0.4 log level = 2 winbind:5 [Planning] comment = Avmax Planning Group Share browseable = yes writable = yes read only = no create mode = 0770 directory mode = 0770 path = /usr/avmax_shares/Planning [GFQ] comment = Great Falls QA browseable = yes writable = yes read only = no create mask = 0765 create mode = 0777 directory mode = 0770 force create mode = 000 path = /usr/avmax_shares/GFQ Those are two different types of shares. I am playing with the settings to see if I can make a difference to the share but so far no joy. Probably because I don't have a firm understanding of how those settings work. Cheers, Travis - Original Message - From: Carlos Rivera-Jones [EMAIL PROTECTED] To: Travis Bullock [EMAIL PROTECTED], samba samba@lists.samba.org Sent: Wednesday, April 18, 2007 2:14:19 PM (GMT-0700) America/Denver Subject: RE: [Samba] SAMBA Problem - Users take ownership Smb.conf share settings? carlos -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Travis Bullock Sent: Wednesday, April 18, 2007 4:09 PM To: samba Subject: Re: [Samba] SAMBA Problem - Users take ownership Can anyone help me with this? This is a serious problem and it is really screwing me over. Cheers, Travis Bullock Systems Administrator Avmax Group Inc. - Original Message - From: Travis Bullock [EMAIL PROTECTED] To: samba samba@lists.samba.org Sent: Saturday, April 14, 2007 10:12:30 AM (GMT-0700) America/Denver Subject: [Samba] SAMBA Problem - Users take ownership Hi, I have a problem with my Samba/WinBIND implementation. In folders shared by multiple people the last one to access and modify a file takes ownership of the file and changes the permissions so other users cannot make changes to the same file: [EMAIL PROTECTED] PLANNING RECORDS]# cd REGIONAL\ 1\ AIRLINE\ DOCS/ [EMAIL PROTECTED] REGIONAL 1 AIRLINE DOCS]# ls -al total 1232 drwxrws---+ 8 root AVMAX+Domain Admins 4096 Apr 13 13:16 . drwxrws---+ 23 root AVMAX+Domain Admins 4096 Apr 3 08:14 .. drwxrws---+ 7 root AVMAX+Domain Admins 4096 Mar 20 13:01 AALI Reserves drwxrws---+ 3 root AVMAX+Domain Admins 4096 Mar 20 13:02 Archived drwxrws---+ Documents for Reg. 1 -rwxrwx---+ 1 AVMAX+RMesheau AVMAX+Domain Admins 64512 Apr 13 12:56 LOG -rwxrwx---+ BOOK entry template.xls drwxrws---+ 6 root AVMAX+Domain Admins 4096 Mar 30 16:20 Logpages drwxrws---+ Monthly Templates Reports etc -rwxrwx---+ 1 AVMAX+ALee AVMAX+Domain Admins 552448 Apr 13 13:16 MOD SB -rwxrwx---+ Compliance Status ALEX.xls -r--rwx---+ 1 AVMAX+ALee AVMAX+Domain Admins 552448 Apr 12 13:35 MOD SB -r--rwx---+ Compliance Status.xls drwxrws---+ 2 root AVMAX+Domain Admins 4096 Mar 30 16:09 Monthly drwxrws---+ Workorder Templates drwxrws---+ 3 root AVMAX+Domain Admins 4096 Apr 3 09:06 SIP + Audit drwxrws---+ Spreadsheets drwxrws---+ 5 root AVMAX+Domain Admins 4096 Mar 20 13:04 Tally Sheets drwxrws---+ for Regional 1 I want all ownerships to remain root:AVMAX+Domain Admins with drwxrws--- set as the permissions. My ACL's look like this for a file: [EMAIL PROTECTED] REGIONAL 1 AIRLINE DOCS]# getfacl MOD\ SB\ Compliance\ Status.xls # file: MOD SB Compliance Status.xls # owner: AVMAX+ALee # group: AVMAX+Domain Admins user::r-- user:root:rwx group::rw- group:AVMAX+Planning:rwx mask::rwx other::--- I think group:AVMAX+Planning:rwx is good but appears to be ineffective once a user takes ownership of a file. And this for a directory: [EMAIL PROTECTED] REGIONAL 1 AIRLINE DOCS]# getfacl Tally\ Sheets\ for\ Regional\ 1/ # file: Tally Sheets for Regional 1 # owner: root # group: AVMAX+Domain Admins user::rwx group::rwx