Re: [Samba] Samba + ACLs: Can’t add group write permissions
Am 28.03.2013 09:40, schrieb Quintus: Am Tue, 26 Mar 2013 19:38:48 +0100 schrieb steve st...@steve-ss.com: WTF? Where did the write access for the group go? Hi Marvin Hi Steve, Just a thought but I found out the hard way that when there are acl's set, e.g. in your file called test2, the -rw-r- bit of the listing bit bears little resemblance to what the actual permissions are. Have you actually checked to see that the file test2 really isn't group writeable? Maybe worth a quick test. I just tested it with another user and no, the file is really not group-writable. But I found another really mysterious behaviour... This time I’ve connected as user steffi who is in the share group as well: % sudo mount //avalon/share -t cifs -o user=steffi,gid=quintus /mnt I tried to create a file now as this user: (1067) [9:28:47 quintus@hades] /mnt % ls -ahl total 4.0K drwxrws---+ 2 rootquintus0 Mar 28 09:28 . drwxr-xr-x 20 rootroot4.0K Mar 19 17:32 .. -rw-rw+ 1 quintus quintus0 Mar 26 14:54 test -rw-r-+ 1 quintus quintus0 Mar 26 15:04 test2 (1068) [9:29:29 quintus@hades] /mnt % touch test3 touch: cannot touch ‘test3’: Permission denied (1069) [9:29:34 quintus@hades] /mnt % ls -ahl total 4.0K drwxrws---+ 2 rootquintus0 Mar 28 09:29 . drwxr-xr-x 20 rootroot4.0K Mar 19 17:32 .. -rw-rw+ 1 quintus quintus0 Mar 26 14:54 test -rw-r-+ 1 quintus quintus0 Mar 26 15:04 test2 -rw-r-+ 11002 quintus0 Mar 28 09:29 test3 That is, I get a permission denied on the touch command, but the file is there nevertheless...? How is this possible at all? Even worse, I cannot write to the file I just created: (1070) [9:29:35 quintus@hades] /mnt % echo foo test3 zsh: permission denied: test3 And no, the file is really empty (I’ve chceked it on the server via SSH). Writing to the files owned by someone else, but still in the share group doesn’t work either: (1071) [9:31:19 quintus@hades] /mnt % echo foo test2 zsh: permission denied: test2 And again, this file really is empty. On the server, the permissions are reported like this: (433) [9:33:34 quintus@avalon] /srv/cifs/share % ls -ahl insgesamt 8,0K drwxrws---+ 2 rootshare 4,0K 28. Mär 09:29 . drwxr-xr-x 7 rootroot 4,0K 26. Mär 14:19 .. -rw-rw+ 1 quintus share0 26. Mär 14:54 test -rw-r-+ 1 quintus share0 26. Mär 15:04 test2 -rw-r-+ 1 steffi share0 28. Mär 09:29 test3 (434) [9:33:41 quintus@avalon] /srv/cifs/share % getfacl test3 # file: test3 # owner: steffi # group: share user::rw- group::rwx #effective:r-- group:share:rwx #effective:r-- mask::r-- other::--- And I cannot write to the test3 as user quintus on the server, but as user steffi it works (again, through SSH): (436) [9:35:32 quintus@avalon] /srv/cifs/share % echo foo test3 zsh: permission denied: test3 (437) [9:36:55 quintus@avalon] /srv/cifs/share % ls -ahl insgesamt 8,0K drwxrws---+ 2 rootshare 4,0K 28. Mär 09:29 . drwxr-xr-x 7 rootroot 4,0K 26. Mär 14:19 .. -rw-rw+ 1 quintus share0 26. Mär 14:54 test -rw-r-+ 1 quintus share0 26. Mär 15:04 test2 -rw-r-+ 1 steffi share0 28. Mär 09:29 test3 (438) [9:36:57 quintus@avalon] /srv/cifs/share % sudo su -s /bin/zsh - steffi [sudo] password for quintus: (1) [9:37:31 steffi@avalon] / % cd /srv/cifs/share (2) [9:37:35 steffi@avalon] /srv/cifs/share % echo foo test3 (3) [9:37:38 steffi@avalon] /srv/cifs/share % ls -ahl insgesamt 12K drwxrws---+ 2 rootshare 4,0K 28. Mär 09:29 . drwxr-xr-x 7 rootroot 4,0K 26. Mär 14:19 .. -rw-rw+ 1 quintus share0 26. Mär 14:54 test -rw-r-+ 1 quintus share0 26. Mär 15:04 test2 -rw-r-+ 1 steffi share4 28. Mär 09:37 test3 (4) [9:37:39 steffi@avalon] /srv/cifs/share % cat test3 foo Cheers, Steve Any idea? Vale, Marvin Hi Marvin, Just an idea: I remeber having an issue with testing permissions on cifs mounted filesystems. I was using touch to create files and kept failing. It turned out I had to make sure the file size exeeded 0 for the test to succeed. Mind you this was a couple of years ago and is possilbly not relevant any more. Greatings, Jochen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] %localappdata%\google\drive get lost
Hi Alex, a local user and a domain user with the same name are two different users. Different SIDs! Jochen Am 09.08.2012 15:25, schrieb Alexander Busam: Hello! I use samba 3.6.7 as PDC for Windows 7. For Google Drive the config files are stored in %localappdata%\google\drive. These files are needed for logon and syncronisation. As a local user all works fine. When I logout and logon to Windows as domain user the %localappdata%\google folder disappeared. Is this a Windows, Google or samba problem ? Any ideas? Thx! Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Automatic change of machine passwords seems to brake trust relationship for Windows 7 clients
There are three ways to change the machine password behavior: Client-Registry: HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters DisablePasswordChange = dword:1 or Client-Registry: HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters MaximumPasswordAge = dword:100 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Mounting share using cifstab fails with NT_STATUS_ACCESS_DENIED
Hi, I have a samba share on a linux server which I can access without problems from Windows XP. When I access the share from a different linux machine using smbclient Server\\Share -U username I get a connection to the share. When put //Server/Share /mnt/mountpoint cifs username=UserName,password=,uid=1234,gid=5678 into /etc/samba/cifstab I get mount error(13): Permission denied Other shares are mounted this way w/o any problems. And, No, NFS is not an option, it would screw up the file and group permissions Any ideas? Jochen -- IT-Management Nordwestdeutsche Forstliche Versuchsanstalt USt-ID: DE812813104 Grätzelstr. 2 37079 Göttingen Tel: 0551 69 40 11 64 Fax: 0551 69 40 11 60 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] username change
Hi, I need to change the unix username on a samba server. How can I change the samba username stored in passwd.tdb It is important not to loose the domain integration. The name of the corresponding profile on the windows machine need not change. When the user information was stored in smbpasswd, I could simply rename the user in the file. How do I do that in passwd.tdb? opensuse 11.3 samba-3.5.6 passdb.tdb Thanks, Jochen -- IT-Management Nordwestdeutsche Forstliche Versuchsanstalt Grätzelstr. 2 37079 Göttingen Tel: 0551 69 40 11 64 Fax: 0551 69 40 11 60 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Two Windows users with two passwords must map to the same unix user
Put force user in the service section.That should do the trick. Joe Am 18.11.2010 08:55, schrieb Andre Albsmeier: Hello, I have no idea how to implement the following scenario apart from running two instances of samba on the same machine... I need a setup where two different Windows users will authen- ticate with two different passwords but get mapped to the same unix user. That is JOE got password PASS1 and maps to unix user joe with uid 1000 and JACK got password PASS2 and maps to unix user joe with uid 1000 I can set up two instances of samba on the same machine with two sets of config files, tdbs, In instance 1 the smbpasswd file contains the password entry for joe: joe:1000:PASS1x:xPASS1xx:[UX ]:LCT-4B6836EF: In instance 2 the smbpasswd file contains the password entry for jack (but using joe as unix user): joe:1000:PASS2y:yyPASS2y:[UX ]:LCT-4B6836EF: and a user.map file containing joe = jack This should work but I hope there is a simpler method with only one instance of samba running... Thanks, -Andre -- IT-Management Nordwestdeutsche Forstliche Versuchsanstalt Grätzelstr. 2 37079 Göttingen Tel: 0551 69 40 11 64 Fax: 0551 69 40 11 60 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Converting smbpasswd to passwd.tdb fails
Hi, I'm trying to convert a working smbpasswd file with about 160 user to passwd.tdb on samba 3.5.1 with: pdbedit -i smbpasswd:/etc/samba/smbpasswd -e tdbsam:/etc/samba/passwd.tdb The smbpasswd is from our old samba 3.0.34 server which we want to replace. Only about 60 users are put into the new file. The others are simply dropped and no errors reported. Any ideas? Jochen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Converting smbpasswd to passwd.tdb fails
Am 23.03.2010 09:18, schrieb Jochen Eggemann: Hi, I'm trying to convert a working smbpasswd file with about 160 user to passwd.tdb on samba 3.5.1 with: pdbedit -i smbpasswd:/etc/samba/smbpasswd -e tdbsam:/etc/samba/passwd.tdb The smbpasswd is from our old samba 3.0.34 server which we want to replace. Only about 60 users are put into the new file. The others are simply dropped and no errors reported. Any ideas? Jochen Sorry, ashes on my head. I should have rtfm. The uids had changed for some users. Using the debug function pointed me in the right direction. Now everything works. Jochen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Failing to join NT 4.0 Server to a Samba 3.4.0 Domain
Am 16.03.2010 17:51, schrieb Gaiseric Vandal: On 03/16/2010 10:09 AM, Jochen Eggemann wrote: HI, we had a server crash and luckily no backup. So our samba domain is gone, so I had to set up a new server with a new domain. Except for one NT 4.0 Server all XP clients where able to join this new domain. When trying to put NT4 into the domain I get following error: make_connection: refusing to connect with no session setup. What changes in samba could be the reason for this message? This NT Server had no problem joining the former domain. Jochen What version of samba was the previous DC running?I would run testparm -v and see which versions of NTLM are enabled. I am pretty sure you need ntlm auth = Yes. Also, NT4 might not support some of the signing options. By default server signing = No is set - at least on my machines. However I don't have an NT4 server so I can't say for sure if this helps. Presumably you have at least SP4 installed on your NT4 machine? I would also guess that Samba 3.4 was not heavily tested against with NT4 clients. I believe it was samba 2.x.x, but I'm not sure since I had nothing to do with it before and nobody else remembers. My settings: ntml auth = yes server signing = no NT4 has SP6a installed Any other ideas? Jochen -- IT-Management Nordwestdeutsche Forstliche Versuchsanstalt Grätzelstr. 2 37079 Göttingen Tel: 0551 69 40 11 64 Fax: 0551 69 40 11 60 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Failing to join NT 4.0 Server to a Samba 3.4.0 Domain
HI, we had a server crash and luckily no backup. So our samba domain is gone, so I had to set up a new server with a new domain. Except for one NT 4.0 Server all XP clients where able to join this new domain. When trying to put NT4 into the domain I get following error: make_connection: refusing to connect with no session setup. What changes in samba could be the reason for this message? This NT Server had no problem joining the former domain. Jochen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba