[Samba] wierd permissions issue
Hey List- Okay, I've got a 2003 AD Server which has all the office users setup, groups, etc... I have a FreeBSD apache development box with a couple of shares on it for devels to use. This devel box also has proftpd authentication external domain users via PAM. The issue I was having is that the FTP users could login, but they couldn't write or create files. The permissions were showing up as: username : BUILTIN\users files are mostly 664 and directories are all 775 I'm guessing this is relating to the Domain Users group. So, I changed the group to be 'internalgroup' of which everyone is a member. Now, the FTP users have zero issue, but the internal users now can't create new files in those directories via the fileshares. I have double checked that everyone is in the 'internalgroup'. I even tried setting the 'Primary Group' option in Windows to be 'internalgroup' and having a user reboot and try again. No dice. As soon as I change the group owner back to 'BUILTIN\users' everything works fine again for internal users, but FTP users are hosed again. Any thoughts? Henrik -- Henrik Hudson [EMAIL PROTECTED] -- God, root, what is difference? Pitr; UF (http://www.userfriendly.org/) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] wierd permissions issue
On Thursday 20 September 2007, Frank Van Damme [EMAIL PROTECTED] sent a missive stating: On 9/20/07, Henrik Hudson [EMAIL PROTECTED] wrote: Hey List- Okay, I've got a 2003 AD Server which has all the office users setup, groups, etc... I have a FreeBSD apache development box with a couple of shares on it for devels to use. This devel box also has proftpd authentication external domain users via PAM. The issue I was having is that the FTP users could login, but they couldn't write or create files. The permissions were showing up as: username : BUILTIN\users files are mostly 664 and directories are all 775 I'm guessing this is relating to the Domain Users group. So, I changed the group to be 'internalgroup' of which everyone is a member. Now, the FTP users have zero issue, but the internal users now can't create new files in those directories via the fileshares. I have double checked that everyone is in the 'internalgroup'. I even tried setting the 'Primary Group' option in Windows to be 'internalgroup' and having a user reboot and try again. No dice. As soon as I change the group owner back to 'BUILTIN\users' everything works fine again for internal users, but FTP users are hosed again. Any thoughts? It's possible yith Samba to make shares read-only with read-only = yes or writeable = no (which are the same directives but the other way around). Maybe you have done so by accident or your default configuration comes with these? Thanks for the response. I narrowed it down to a dreamweaver issue () . Users can create, modify, move, delete, do everything outside of dreamweaver with the same permissions and then as soon as they try and save something inside of Dreamweaver it bitches it can't creat the TMP file and delete both the TMP and the original file. So, looking up that route. Thanks. henrik -- Henrik Hudson [EMAIL PROTECTED] -- God, root, what is difference? Pitr; UF (http://www.userfriendly.org/) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba and proftpd authentication
Hey List- Since samba is in the middle..trying here first. I have a samba FreeBSD box as just a member server which was authenticating against a samba PDC. For other reasons we migrated that to a Win2003 ADS box. I got the member server to join the ADS domain and users who are logged in can browse the shares, etc... without issue. The problem I have is that proftpd (via PAM) is no longer authenticating domain users. Here is my smb.conf: [global] workgroup = DOMAIN realm = int.DOMAIN.com netbios name = DOMAINTEST #server string = Samba %v on %L server string = security = ADS password server = DOMAINSERVER wins server = 10.0.0.3 encrypt passwords = yes idmap uid = 15000-2 idmap gid = 15000-2 #winbind use default domain = yes #winbind separator = \ #winbind nss info = sfu guest ok = yes follow symlinks = no case sensitive = no os level = 33 I was getting the following error: [2007/07/19 05:46:21, 0] nsswitch/winbindd.c:request_len_recv(544) request_len_recv: Invalid request size received: 1848 but a reboot and a library reload has cleared that up. My proftpd pam file (hasn't changed) looks like: #PAM config file for ProFTPD authrequired/usr/local/lib/pam_winbind.so account required/usr/local/lib/pam_winbind.so I changed the debug lvl to 10 and I can see the server doing a request for the FTP user and it doesn't throw any obvious errors. I am logging into proftpd using DOMAIN\ftpuser Thoughts? Henrik -- Henrik Hudson [EMAIL PROTECTED] -- God, root, what is difference? Pitr; UF (http://www.userfriendly.org/) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] wierd message
Hey List- I keep having issues with my Master Browser and a OS X machine. Master Browser: samba 3.0.23 (freebsd 6) os level = 77 preferred master = yes domain master = yes local master = yes The OS X keeps causing the system to reset and throwing logs like this: [2006/12/13 09:39:01, 1] nmbd/nmbd_incomingdgrams.c:process_reset_browser(729) process_reset_browser: received diagnostic browser reset request from SCANNERS-COMPUT00 IP 10.0.0.185 state=0x2 So, what's supposed to be the master keeps getting reset and some of the other samba enabled computers start seeing the OS X machine as the master and logins don't work right. Anyone know how to keep that error from happening or what is it doing? Thanks. henrik -- Henrik Hudson [EMAIL PROTECTED] -- God, root, what is difference? Pitr; UF (http://www.userfriendly.org/) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] group membership issue?
On Monday 11 September 2006 16:29, Henrik Hudson [EMAIL PROTECTED] sent a missive stating: Hey List- running samba 3.0.23b As a follow up to myself. I narrowed it down to this: On the PDC I can do:id -Gn userB and it shows that the user is in the correct group and has the correct effective permissions. On the member server, I do: id -Gn userB and it tells me the effective group of the user is none This is actually happening for 2 users and I'm at a lost to explain this. All my wbinfo -u / -g ,etc.. show the users to be part of the group, yet their effective permissions are showing them as none. As far as I am aware I only need to add users to /etc/group in order to add them to a NT group, right? As long as that group is mapped of course and it is, since the 10 other people have no issue. How to solve this? I have an issue with a single member of a group not being able to get write access to a share that all the other members have access to. I have checked the file permissions and they look good to me. Any thoughts on where to look or solve this? Below is some info. net rpc group members ecwusers: ECW\usera ECW\userb etc permissions of /data/www/webroot/files : nobody:ECW\ecwusers and 775 If I manually create a sub-folder and own it to: ECW\userb:nobody then userb can work inside that sub-folder just fine. However, WCW\userb can't do anything in the base folder. I'm kinda stuck. I've verified he exists in the group and other users in the group have no problem??? Thanks. Henrik -- Henrik Hudson [EMAIL PROTECTED] -- God, root, what is difference? Pitr; UF (http://www.userfriendly.org/) -- Henrik Hudson [EMAIL PROTECTED] -- God, root, what is difference? Pitr; UF (http://www.userfriendly.org/) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] group membership issue?
Hey List- running samba 3.0.23b I have an issue with a single member of a group not being able to get write access to a share that all the other members have access to. I have checked the file permissions and they look good to me. Any thoughts on where to look or solve this? Below is some info. share portion of smb.cnf: [ecwtest] path = /data/www/webroot writeable = yes create mode = 6775 force create mode = 6775 directory mode = 6775 force directory mode = 6775 valid users = @ECW\ecwusers admin users = @ECW\ecwadmins net rpc group members ecwusers: ECW\usera ECW\userb etc permissions of /data/www/webroot/files : nobody:ECW\ecwusers and 775 If I manually create a sub-folder and own it to: ECW\userb:nobody then userb can work inside that sub-folder just fine. However, WCW\userb can't do anything in the base folder. I'm kinda stuck. I've verified he exists in the group and other users in the group have no problem??? Thanks. Henrik -- Henrik Hudson [EMAIL PROTECTED] -- God, root, what is difference? Pitr; UF (http://www.userfriendly.org/) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] backing up samba?
Hey List- What are the appropriate files to be backing up on a samba PDC? I'm thinking: smb.conf /usr/local/etc/samba/ directory /var/db/samba/ directory /etc/passwd /etc/master.passwd This is running on FreeBSD as the PDC of the domain. If I need to rebuild or wipe and upgrade this box I do not want to have to re-install all the Windows clients into the domain and into the machine. Did I miss anything or need anything else? Henrik -- Henrik Hudson [EMAIL PROTECTED] -- God, root, what is difference? Pitr; UF (http://www.userfriendly.org/) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] member server can't authenticate users?
Hey List- I've got 2 samba servers. PDC: FreeBSD 5.4; samba: 3.0.23 name: bugs member server: FreeBSD 6-stable; samba: 3.0.23 name: daffy note: config files are at the bottom of the email The PDC was running an older version, but I just upgraded and it didn't fix the below issue. The member server was running fine with the old smb.conf file, but I rebuilt the server and now it doesn't work. Here is the problem: the member server is dual-homed and firewalled. note: I did try totally disabling the firewall and this didn't help or change the error. Using Konqueror and smb://daffy/ I can see the share I want to connect to, but it nevers lets me authenticate. I did also do a net join back into the domain and that worked fine. on the member server I can do the following: pw group show ecwusers - works fine wbinfo -u - works fine smbclient -L bugs -U username - works fine smbclient -L daffy -U username - get an error error = session setup failed: NT_STATUS_NO_LOGON_SERVERS smbclient -d 3 -L daffy -U username shows: Client started (version 3.0.23b). Connecting to 127.0.0.1 at port 445 Password: Doing spnego session setup (blob length=58) got OID=1 3 6 1 4 1 311 2 2 10 got principal=NONE Got challenge flags: Got NTLMSSP neg_flags=0x60890215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60080215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60080215 SPNEGO login failed: No logon servers session setup failed: NT_STATUS_NO_LOGON_SERVERS The only error which repeats when I try and make a connection is in the log.wb-ECW file on daffyand it shows: [2006/08/29 17:30:47, 1] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625) cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from remote machine bugs.int.ecreativeworks.com pipe \lsarpc fnum 0x74eb! PDC smb.conf: # Global parameters [global] workgroup = ECW netbios name = ECWSERVER passdb backend = tdbsam:/usr/local/etc/samba/private/passwd.tdb os level = 65 preferred master = yes domain master = yes local master = yes domain logons = yes wins support = yes #server string = Samba %v on %L server string = security = USER encrypt passwords = yes disable spoolss = Yes guest ok = no follow symlinks = no case sensitive = no idmap uid = 15000-2 idmap gid = 15000-2 username map = //usr/local/etc/samba/smbusers name resolve order = wins bcast hosts time server = Yes #printing options printing = cups printcap name = cups load printers = yes show add printer wizard = Yes printer admin = @ecwadmins,@wheel #user scripts add user script = /usr/sbin/pw useradd -n %u -g ecwusers -s /usr/sbin/nologin -c delete user script = /usr/sbin/pw userdel -n %u add group script = /usr/sbin/pw groupadd -n %g delete group script = /usr/sbin/pw groupdel -n %g add user to group script = /usr/sbin/pw usermod -n %u -g %g #add machine script = /usr/sbin/pw useradd -n %u -g 100 -s /usr/sbin/nologin -d /dev/null #user directories logon home = \\%N\%U\ logon drive = H: #roaming profiles logon path = #SHARES BELOW ###END PDC CONF member server smb.conf: # Global parameters [global] workgroup = ECW netbios name = ECWTEST #server string = Samba %v on %L server string = security = domain password server = bugs.int.domainname.com encrypt passwords = yes idmap uid = 15000-2 idmap gid = 15000-2 winbind use default domain = yes guest ok = no follow symlinks = no case sensitive = no preferred master = no domain master = no bind interfaces only = yes interfaces = fxp0 lo0 Henrik -- Henrik Hudson [EMAIL PROTECTED] -- God, root, what is difference? Pitr; UF (http://www.userfriendly.org/) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] share permission problem?
Hey List- I've got an interesting problem :) Network Description: W2K server is PDC FreeBSD samba is domain member server using winbind to grab user / group info wbinfo et all work just fine clients: mix of W2K, XP and OS X my smb.cnf file: # Global parameters [global] workgroup = DOM netbios name = DOMSERVER #server string = Samba %v on %L server string = security = DOMAIN password server = DOMAINSERVER encrypt passwords = yes printcap name = cups disable spoolss = Yes show add printer wizard = No idmap uid = 15000-2 idmap gid = 15000-2 winbind use default domain = Yes printing = cups guest ok = no follow symlinks = no case sensitive = no #SHARES #domainshare: sharename webdata and files [domainshare] path = /data/shares/domshares/sharename writeable = yes create mode = 6770 force create mode = 6770 directory mode = 6770 force directory mode = 6770 valid users = @DOM\DOMUSERS admin users = @DOM\Domain Admins The problem: All users which are in the DOMSALESUSERS and the DOMUSERS group can get access to the domainshare, but users who are just in the DOMUSERS group can't. Yes, I double checked that the valid users isn't set to DOMSALESUSERS :) I checked the file permissions and they're set to the domusers group. The OS doesn't matter for the access, just the if the users aren't in the DOMSALESUSERS group they can't get in. I did try mounting from my FreeBSD laptop as one of the standard users and it let's me mount, but gives me an access denied when doing a ls . As soon as I add the user to the DOMSALESUSERS then they can see the share fine. I'm confused :) Ideas? Thanks in advance. Henrik -- Henrik Hudson [EMAIL PROTECTED] RTFM: Not just an acronym, it's the LAW! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba