[Samba] How to give user access to only 1 directory on a share?
Hello, Is there a way to give a single user access to a single directory on a given share, and yet prevent that user from accessing the rest of the data on that share? All users on the system are within the *same* group, and if possible, I'd like to keep it this way. Would I have to go with ACLs to implement this? Any and all suggestions are appreciated! Thanks, Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Single Sign On, authentication, and Windows XP Home
Yes, this is all correct and I fully agree with everything that Gaiseric has said. However, the problem I'm dealing with is that I *still* have XP Home machines that I need to work with. Until these are phased out, and replaced with Pro Ed., I'm stuck if I want to implement SSO -- I think, unless I run an LDAP server and install pGina with the LDAP plugin. I didn't want to have to go this route, but I think that it may be the only option available! Thank you to everyone for their input -- --- Matt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gaiseric Vandal Sent: Thursday, December 27, 2007 8:46 AM To: samba@lists.samba.org Subject: Re: [Samba] Single Sign On, authentication, and Windows XP Home To the best of my knowledge, you can't join XP Home machines to a domain. Which would be a major argument against ever using XP Home in a work environment. (I realize many businesses buy this because they think it is cheaper.) If you don't use a domain setup, if you have a user account for each user on the server at set the password to be the same user's account on his or her own machine, the file access should be pretty transparent. My experience is that once you have more than 3 machines in a workgroup, switching to the domain model is well worth the effort. (And I would suspect less effort then going with an LDAP or NIS client.) just my 2c. On Dec 21, 2007 3:11 PM, Matt Lozier [EMAIL PROTECTED] wrote: Hello, I have a small (medium?) sized network of about 30 XP machines. About 2/3 of these machines are running Home Ed. while the other 1/3 are running Professional Ed. I currently have two samba shares, and I'm using 'user' security. I want to implement single sign on, some way, somehow. I've considered: NIS and LDAP, but I can't get the NIS pGina plugin to work with my NIS server, and LDAP seems like a beast to setup, though I'm willing to go for it if it means that I'll be able to get SSO working. Does any one have any suggestions / recommendations? Thanks, Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.22 and SUSE Linux 10.1
Hello, This has recently happened a couple of times on our network: A user is working on a file stored on the Samba share, and when they go to save it, a pop-up comes to their screen saying: The file 'FileNameGoesHere.xls' may have been changed by another user since you last saved it. In that case, what do you want to do? There are two options: o Save a copy o Overwrite changes I did a Google search for this and found in the archives of this list that the problem was corrected in Samba 3.0.11 (http://lists.samba.org/archive/samba/2005-January/098341.html), but we're using 3.0.22 - granted the version that comes with SUSE Linux 10.1, but 3.0.22 none the less. Anyone else run into this problem? Microsoft has put out a KB article acknowledging this problem, but they recommend not making any registry changes until one is certain of the underlying cause - I don't know what's causing this! Any help is appreciated. Thank you, --- Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Single Sign On, authentication, and Windows XP Home
Hi Rune, I just want to provide a means to allow all users who use the machines on the LAN to be able to login to *any* machine and have access to their Samba share. As it is now, there is only local authentication for each machine on the LAN (no Windows Domain here, only a workgroup) -- so if a user wants to be able to use a computer other than what they normally use, an account needs to be created for that user on the new machine, and then they will be able to access their Samba share. I want to allow any user to login to any machine, and be able to access their Samba share. Any suggestions? Thanks, --- Matt -Original Message- From: Rune Tønnesen [mailto:[EMAIL PROTECTED] Sent: Friday, December 21, 2007 4:16 PM To: Matt Lozier Cc: samba@lists.samba.org Subject: Re: [Samba] Single Sign On, authentication, and Windows XP Home Matt Lozier skrev: Hello, I have a small (medium?) sized network of about 30 XP machines. About 2/3 of these machines are running Home Ed. while the other 1/3 are running Professional Ed. I currently have two samba shares, and I'm using 'user' security. I want to implement single sign on, some way, somehow. I've considered: NIS and LDAP, but I can't get the NIS pGina plugin to work with my NIS server, and LDAP seems like a beast to setup, though I'm willing to go for it if it means that I'll be able to get SSO working. Does any one have any suggestions / recommendations? Thanks, Matt What applications do you want sso for? You might be interested in Mandriva directory server http://mds.mandriva.org/wiki/Documentation -- Rune Tønnesen Bedste Hilsner/Best Regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Single Sign On, authentication, and Windows XP Home
Hello, I have a small (medium?) sized network of about 30 XP machines. About 2/3 of these machines are running Home Ed. while the other 1/3 are running Professional Ed. I currently have two samba shares, and I'm using 'user' security. I want to implement single sign on, some way, somehow. I've considered: NIS and LDAP, but I can't get the NIS pGina plugin to work with my NIS server, and LDAP seems like a beast to setup, though I'm willing to go for it if it means that I'll be able to get SSO working. Does any one have any suggestions / recommendations? Thanks, Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Unanswered question
Hi Michael, Yeah, if someone is writing to a file in a Samba share, and another user opens it up, they'll be notified that the file is currently in use, and that it's available for read only. This happens all of the time where I work (unfortunately). Depending on what kind of information is stored in your file, you may want to look into storing your data in a database. Hope this helps! --- Matt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Dykstra Sent: Wednesday, December 19, 2007 10:20 PM To: samba@lists.samba.org Subject: [Samba] Unanswered question How long does one have to typically wait for an answer to a post? Tomorrow my message will have been up a week, and I've gotten no replies. It was about whether a file, while it was being written to, could subsequently be opened by another client for reading. I used a DVR with chasing play as an example. Didn't seem like that difficult of a question, but maybe it isn't geeky enough for some. (Or perhaps the answer is No and people are too embarrassed to admit Samba can't do it.) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] smbclient printout
Hi Michael, Yes, basically I'm trying to get a continuous log of who accesses which files, and when. Any and all suggestions are greatly appreciated! Thanks, --- Matt -Original Message- From: Michael Heydon [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 28, 2007 6:33 PM To: Matt Lozier Cc: samba@lists.samba.org Subject: Re: [Samba] smbclient printout Can I suggest that you explain the problem you are trying to solve rather than how you plan on solving it? I suspect that the audit vfs module would be a far better option...but without knowing exactly what you want to do its a bit hard to say for sure. *Michael Heydon - IT Administrator * [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Matt Lozier wrote: Hello, Sorry, I guess my first post wasn't allowed - perhaps because I had HTML embedded in it? Question: Is there a way that I can have the output of smbclient be redirected to a file and have it updated every time someone opens / closes a file in the share? The only idea that I have thus far is to write a script that would output this data to a log file, and have the script run every 5 min. or so. I suppose that I could use diff to compare the changes, and only update the log file with the changes? Any and all input is greatly appreciated! Thank you, --- Matt Lozier Network Administrator 972.644.2581, ext. 248 972.661.2701 fax -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Access control question.
Josh, Very cool. This works! Thank you so much -- I really appreciate this! This made my day! All the Best, --- Matt Lozier Network Administrator 972.644.2581, ext. 248 972.661.2701 fax The information contained in this message or any attached document is confidential and intended only for the individual(s) or entity to which it is addressed. The information should be considered privileged and confidential. If you are not the intended recipient, you are hereby notified that any unauthorized use of the information contained in or transmitted with the communication, or dissemination, distribution, or copying of this communication is strictly prohibited by law. If you have received this communication in error, please inform the sender by immediately returning this communication to the sender and then deleting the original message and any copy of it in your possession. -Original Message- From: Josh Kelley [mailto:[EMAIL PROTECTED] Sent: Monday, November 26, 2007 9:30 PM To: Matt Lozier Cc: samba@lists.samba.org Subject: Re: [Samba] Access control question. On Nov 26, 2007 3:13 PM, Matt Lozier [EMAIL PROTECTED] wrote: Thanks for this. I did think about using ACLs, but even if I set this up (for *every* directory that our users need access to) won't they still be able to *see* those directories even if they don't have r/w/x permission? Add hide unreadable = yes to your smb.conf. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbclient printout
Hello, Sorry, I guess my first post wasn't allowed - perhaps because I had HTML embedded in it? Question: Is there a way that I can have the output of smbclient be redirected to a file and have it updated every time someone opens / closes a file in the share? The only idea that I have thus far is to write a script that would output this data to a log file, and have the script run every 5 min. or so. I suppose that I could use diff to compare the changes, and only update the log file with the changes? Any and all input is greatly appreciated! Thank you, --- Matt Lozier Network Administrator 972.644.2581, ext. 248 972.661.2701 fax -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] smbclient printout
I'm sorry -- I didn't mean smbclient, I meant _smbstatus_ !! My apologies --- Matt Lozier Network Administrator 972.644.2581, ext. 248 972.661.2701 fax The information contained in this message or any attached document is confidential and intended only for the individual(s) or entity to which it is addressed. The information should be considered privileged and confidential. If you are not the intended recipient, you are hereby notified that any unauthorized use of the information contained in or transmitted with the communication, or dissemination, distribution, or copying of this communication is strictly prohibited by law. If you have received this communication in error, please inform the sender by immediately returning this communication to the sender and then deleting the original message and any copy of it in your possession. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Lozier Sent: Wednesday, November 28, 2007 4:22 PM To: samba@lists.samba.org Subject: [Samba] smbclient printout Hello, Sorry, I guess my first post wasn't allowed - perhaps because I had HTML embedded in it? Question: Is there a way that I can have the output of smbclient be redirected to a file and have it updated every time someone opens / closes a file in the share? The only idea that I have thus far is to write a script that would output this data to a log file, and have the script run every 5 min. or so. I suppose that I could use diff to compare the changes, and only update the log file with the changes? Any and all input is greatly appreciated! Thank you, --- Matt Lozier Network Administrator 972.644.2581, ext. 248 972.661.2701 fax -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Access control question.
Hi Andrew, Thanks for this. I did think about using ACLs, but even if I set this up (for *every* directory that our users need access to) won't they still be able to *see* those directories even if they don't have r/w/x permission? I'm looking for a way to setup user permissions so that they can only see that which they have access to. Thanks again for the pointer, and if any thought come to mind, please do share! --- Matt Lozier IT Analyst 972.644.2581, ext. 248 972.661.2701 fax The information contained in this message or any attached document is confidential and intended only for the individual(s) or entity to which it is addressed. The information should be considered privileged and confidential. If you are not the intended recipient, you are hereby notified that any unauthorized use of the information contained in or transmitted with the communication, or dissemination, distribution, or copying of this communication is strictly prohibited by law. If you have received this communication in error, please inform the sender by immediately returning this communication to the sender and then deleting the original message and any copy of it in your possession. -Original Message- From: Andrew Sherlock-CF [mailto:[EMAIL PROTECTED] Sent: Thursday, November 22, 2007 8:34 AM To: Matt Lozier; samba@lists.samba.org Subject: RE: [Samba] Access control question. Hi Matt, You may wish to look into the 'setfacl' command. http://bama.ua.edu/cgi-bin/man-cgi?setfacl+1 Hope this helps! --- -Original Message- From: Matt Lozier [mailto:[EMAIL PROTECTED] Sent: 21 November 2007 17:39 To: Andrew Sherlock-CF; samba@lists.samba.org Subject: RE: [Samba] Access control question. Hi Andrew, Thank you for your response. The only problem with going this route is that I really need to have finer grain control over what the users are able to access. I have situations where user1 needs to have access to /smbshare/dir1 and dir3 then user2 needs to have access to /smbshare/dir1/subdir1 and /smbshare/dir3, but *no* access to /smbshare/dir1. I suppose that the real problem lies in the poor setup of the root /smbshare. However, any changes to this configuration are out of the question because too many people who are resistant to change already understand things the way they are ;-) If I understand LDAP properly (I'm new to this technology) then I should be able to store user permissions in the LDAP database, no? Thanks, Matt -Original Message- From: Andrew Sherlock-CF [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 21, 2007 11:07 AM To: Matt Lozier; samba@lists.samba.org Subject: RE: [Samba] Access control question. Is it out of the question to create many different shares and then secure the system on a per-share basis? I'm securing shares individually using Active Directory. In each share config I have: valid [EMAIL PROTECTED] @MR_ADGROUP_FOR_READING write [EMAIL PROTECTED] read [EMAIL PROTECTED] Create different groups for each share and you're golden. Of course, this model can be followed without AD. --- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g] On Behalf Of Matt Lozier Sent: 21 November 2007 15:58 To: samba@lists.samba.org Subject: [Samba] Access control question. Hello, I have a general administrative question concerning Samba shares. I have a large amount of data that about 25 users have limited access to. I only want these users to have access to a sub-set of this data, but I also only want the users to see that which they have access to. So, for example, suppose that the share looks like thus: /smbshare /smbshare/dir1 /smbshare/dir2 /smbshare/dir3 And I only want the users to see that they have access to /smbshare/dir1 and /smbshare/dir3. The way that this is currently setup is that I have symlinks from the user's home directory to /smbshare/dir1 and /smbshare/dir3. That way then the user maps their home share, they only see dir1 and dir3 - dir2 is out of sight, and thus (hopefully) out of mind. Is there a better way to implement what I'm trying to do? I'm currently looking into setting up permissions as an LDAP directory and using this as the means to control access to the data - have also considered using ACLs - not sure which way to go! Any and all help / input is appreciated. Thank you, Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba http://www.bbc.co.uk/ This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated. If you have received it in error, please delete it from
[Samba] Access control question.
Hello, I have a general administrative question concerning Samba shares. I have a large amount of data that about 25 users have limited access to. I only want these users to have access to a sub-set of this data, but I also only want the users to see that which they have access to. So, for example, suppose that the share looks like thus: /smbshare /smbshare/dir1 /smbshare/dir2 /smbshare/dir3 And I only want the users to see that they have access to /smbshare/dir1 and /smbshare/dir3. The way that this is currently setup is that I have symlinks from the user's home directory to /smbshare/dir1 and /smbshare/dir3. That way then the user maps their home share, they only see dir1 and dir3 - dir2 is out of sight, and thus (hopefully) out of mind. Is there a better way to implement what I'm trying to do? I'm currently looking into setting up permissions as an LDAP directory and using this as the means to control access to the data - have also considered using ACLs - not sure which way to go! Any and all help / input is appreciated. Thank you, Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Access control question.
Hi Andrew, Thank you for your response. The only problem with going this route is that I really need to have finer grain control over what the users are able to access. I have situations where user1 needs to have access to /smbshare/dir1 and dir3 then user2 needs to have access to /smbshare/dir1/subdir1 and /smbshare/dir3, but *no* access to /smbshare/dir1. I suppose that the real problem lies in the poor setup of the root /smbshare. However, any changes to this configuration are out of the question because too many people who are resistant to change already understand things the way they are ;-) If I understand LDAP properly (I'm new to this technology) then I should be able to store user permissions in the LDAP database, no? Thanks, Matt -Original Message- From: Andrew Sherlock-CF [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 21, 2007 11:07 AM To: Matt Lozier; samba@lists.samba.org Subject: RE: [Samba] Access control question. Is it out of the question to create many different shares and then secure the system on a per-share basis? I'm securing shares individually using Active Directory. In each share config I have: valid [EMAIL PROTECTED] @MR_ADGROUP_FOR_READING write [EMAIL PROTECTED] read [EMAIL PROTECTED] Create different groups for each share and you're golden. Of course, this model can be followed without AD. --- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g] On Behalf Of Matt Lozier Sent: 21 November 2007 15:58 To: samba@lists.samba.org Subject: [Samba] Access control question. Hello, I have a general administrative question concerning Samba shares. I have a large amount of data that about 25 users have limited access to. I only want these users to have access to a sub-set of this data, but I also only want the users to see that which they have access to. So, for example, suppose that the share looks like thus: /smbshare /smbshare/dir1 /smbshare/dir2 /smbshare/dir3 And I only want the users to see that they have access to /smbshare/dir1 and /smbshare/dir3. The way that this is currently setup is that I have symlinks from the user's home directory to /smbshare/dir1 and /smbshare/dir3. That way then the user maps their home share, they only see dir1 and dir3 - dir2 is out of sight, and thus (hopefully) out of mind. Is there a better way to implement what I'm trying to do? I'm currently looking into setting up permissions as an LDAP directory and using this as the means to control access to the data - have also considered using ACLs - not sure which way to go! Any and all help / input is appreciated. Thank you, Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba http://www.bbc.co.uk/ This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received. Further communication will signify your consent to this. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba