Re: [Samba] Samba + Winbind + Windows 2003 AD
I'm in a 2k8 r2 domain with SFU and home shells managed through the ADUC console. I'm using Samba/WInbind and use samba shares as user home directories that are mounted at login-time on Windows 7 machines. This is a first attempt as we migrated to Windows 2k8r2 in order to have better support for Win7 clients, as we had too many issues with Samba as our PDC. Mike On Mon, Jul 19, 2010 at 3:08 AM, Mucke, Tobias, FCI4 tobias.mu...@mbda-systems.de wrote: Hi, I'am afraid this is a general issue with Winbind. I am experiencing the same problems and my logs look quite similar to Henrik's logs. I am using Samba 3.5.4 and tried to resolve this issue without luck. In fact I have a working lab environment with Winbind 3.5.4, AD based on Windows Server 2008 R2 with IDMU. I set idmap backend = ad and winbind nss info = rfc2307. Unfortunately I was not able to port this setup back to the actual production environment with Winbind 3.5.4 and AD based on Windows Server 2003 with SFU 3.5. Besides AD versions there is another large difference between the production and the lab. In production the domain structure is far more complex ... Actually I am deploying a lab more close to the actual production environment. Another important thing to me would be a configuration example of somebody out there using Winbind in an actual version 3.5.x with backend ad and SFU for Shell and Home Directories. Anybody? Thank you. Tobias LFK-Lenkflugkörpersysteme GmbH Serverpool, FCI4 Landshuter Straße 26, 85716 Unterschleißheim, GERMANY Phone: +49 89 3179 8438 Fax: +49 89 3179 8927 Mobile: +49 170 635 3830 E-Mail: tobias.mu...@mbda-systems.de http://www.mbda.net Chairman of the Supervisory Board: Antoine Bouvier Managing Director: Werner Kaltenegger Registered Office: Schrobenhausen Commercial Register: Amtsgericht Ingolstadt, HRB 4365 -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Necos Secon Gesendet: Montag, 19. Juli 2010 01:50 An: samba@lists.samba.org Betreff: Re: [Samba] Samba + Winbind + Windows 2003 AD I accidentally deleted the first set of messages in my email for this thread, but does your DNS resolve properly? What does your resolv.conf look like? Also, what do these files look like: krb5.conf smb.conf There's an option in smb.conf, winbind enum users, which needs to be set in order for getent to function properly. There is a corresponding option for groups as well. Look at them and let us know. Date: Mon, 19 Jul 2010 01:12:41 +0200 From: h...@semark.dk To: esiot...@gmail.com CC: samba@lists.samba.org Subject: Re: [Samba] Samba + Winbind + Windows 2003 AD Hi Micheal Sorry for not sending that information in the first place, but I though that it was so basic that it wasn't necessary. My nsswitch.conf: # cat /etc/nsswitch.conf # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc Name Service Switch' for information about this file. passwd: compat winbind group: compat winbind shadow: compat winbind hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 networks: files services: db files ethers: db files protocols: db files rpc:db files netgroup: nis I will mean that it is the way to do this (and it works just fine on the UNIX servers that run there own Domain Controller) Med Venlig Hilsen / Best Regards Henrik Dige Semark Den 18-07-2010 17:03, Michael Wood skrev: On 18 July 2010 01:34, Henrik Dige Semarkh...@semark.dk wrote: Hey out there. I have to join my UNIX server with an existing Win2k3 AD network. My system info: Debian Lenny Samba - 3.4.8 Winbind - 3.4.8 Windows Server 2003 with 2000-style-AD My problem is that, I have en UNIX server that have to run auth up against our existing windows 2003 AD. I have successfully joined my UNIX server to the AD, without problems. # net ads join -U Administrator Enter Administrator's password: Using short domain name -- TEST Joined 'MAIL' to realm 'TEST.LOCAL' My Samba config: http://pastebin.com/ZqaA0Ypn After the join I'm able to lookup peoples with # wbinfo -u [...] # wbinfo -g [...] Now the problem, getent only returns the local users and not the users from the AD The funny thing is that if a user is local on the UNIX and in the AD, I can login with the password from both local and AD, so I know that it can lookup people and passwords # getent passwd hs ; echo $? 2 When I debug on getent it returns 2, witch means that it can't find the user. Do you have winbind specified in your nsswitch.conf file as mentioned here:
Re: [Samba] Samba + Winbind + Windows 2003 AD
In all honesty, this is my first time using a binary samba package (I am a native slackware user that converted to Fedora simply because it was easier from start-to-finish FWIW) []# smbd -V Version 3.4.7-58.fc12 Here's my smb.conf global section: [global] workgroup = WORKGROUPNAME realm = ad.university.edu server string = Samba Server Version %v netbios name = vm-srvname security = ADS password server = * passdb backend = tdbsam admin users = @WORKGROUPNAME+Domain Admins log level = 2 log file = /var/log/samba/log.%m max log size = 5000 interfaces = eth0 lo socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=524288 SO_SNDBUF=524288 load printers = No #printing = printcap name = /etc/printcap client use spnego = yes client ntlmv2 auth = yes winbind use default domain = yes winbind separator = + winbind nested groups = Yes winbind enum users = yes winbind enum groups = yes winbind nss info = rfc2307 allow trusted domains = yes idmap uid = 1-9 idmap gid = 1-9 #idmap backend = ad idmap domains = WORKGROUPNAME idmap config WORKGROUPNAME:backend = ad idmap config WORKGROUPNAME:schema_mode = rfc2307 idmap config WORKGROUPNAME:range = 1000-75999 #template shell = /bin/bash #template homedir = /home/share #server signing = enabled ;dead time = 15 getwd cache = yes nt acl support = yes acl map full control = no store dos attributes = yes map acl inherit = yes local master = yes master browser = no dns proxy = no unix extensions = no guest account = nobody Mike On Mon, Jul 19, 2010 at 11:09 AM, Mucke, Tobias, FCI4 tobias.mu...@mbda-systems.de wrote: Hi Michael, which version of Samba do you have? Are you able to post your Samba configuration? Thank you. Tobias Mit freundlichen Grüßen Tobias Mucke LFK-Lenkflugkörpersysteme GmbH Serverpool, FCI4 Landshuter Straße 26, 85716 Unterschleißheim, GERMANY Phone: +49 89 3179 8438 Fax: +49 89 3179 8927 Mobile: +49 170 635 3830 E-Mail: tobias.mu...@mbda-systems.de http://www.mbda.net Chairman of the Supervisory Board: Antoine Bouvier Managing Director: Werner Kaltenegger Registered Office: Schrobenhausen Commercial Register: Amtsgericht Ingolstadt, HRB 4365 Message sent from handheld via BlackBerry Server. Von: Michael Lyon mjl...@gmail.com An: Mucke, Tobias, FCI4; samba@lists.samba.org samba@lists.samba.org Gesendet: Mon Jul 19 14:22:37 2010 Betreff: Re: [Samba] Samba + Winbind + Windows 2003 AD I'm in a 2k8 r2 domain with SFU and home shells managed through the ADUC console. I'm using Samba/WInbind and use samba shares as user home directories that are mounted at login-time on Windows 7 machines. This is a first attempt as we migrated to Windows 2k8r2 in order to have better support for Win7 clients, as we had too many issues with Samba as our PDC. Mike On Mon, Jul 19, 2010 at 3:08 AM, Mucke, Tobias, FCI4 tobias.mu...@mbda-systems.de wrote: Hi, I'am afraid this is a general issue with Winbind. I am experiencing the same problems and my logs look quite similar to Henrik's logs. I am using Samba 3.5.4 and tried to resolve this issue without luck. In fact I have a working lab environment with Winbind 3.5.4, AD based on Windows Server 2008 R2 with IDMU. I set idmap backend = ad and winbind nss info = rfc2307. Unfortunately I was not able to port this setup back to the actual production environment with Winbind 3.5.4 and AD based on Windows Server 2003 with SFU 3.5. Besides AD versions there is another large difference between the production and the lab. In production the domain structure is far more complex ... Actually I am deploying a lab more close to the actual production environment. Another important thing to me would be a configuration example of somebody out there using Winbind in an actual version 3.5.x with backend ad and SFU for Shell and Home Directories. Anybody? Thank you. Tobias LFK-Lenkflugkörpersysteme GmbH Serverpool, FCI4 Landshuter Straße 26, 85716 Unterschleißheim, GERMANY Phone: +49 89 3179 8438 Fax: +49 89 3179 8927 Mobile: +49 170 635 3830 E-Mail: tobias.mu...@mbda-systems.de http://www.mbda.net Chairman of the Supervisory Board: Antoine Bouvier Managing Director: Werner Kaltenegger Registered Office: Schrobenhausen Commercial Register: Amtsgericht Ingolstadt, HRB 4365 -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto: samba-boun...@lists.samba.org] Im Auftrag von Necos Secon Gesendet: Montag, 19
[Samba] Can Map shares but cannot write
Here is the scenario: AD-authentication is functioning fine. I can query users and group info from wbinfo and getent just fine. The clients can map to the shares, but cannot write to the shares. I have tried variations of chmod 777 on absolute paths to enable read/write access to no avail. The share is configured as such: [student] comment = Test share path = /home/share/students public = yes writeable = yes browseable = yes create mask = 0770 force create mode = 0770 directory mask = 02770 force directory mode = 02770 directory security mask = 0775 admin users = DOMAIN\Administrator valid users = @students write list = @students inherit permissions = yes inherit acls = yes The error log reports: [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can Map shares but cannot write
I changed the share to look like this: [student] comment = Test share path = /home/share/students public = yes writeable = yes browseable = yes create mask = 0770 force create mode = 0770 directory mask = 02770 force directory mode = 02770 directory security mask = 0775 No luck. It is not an NFS/autofs mount, it is local to the linux server. I created a share under the /home/share/students directory called 'test' and made the students group the owner, along with 777 perms: [r...@vm-stusrv students]# ls -latrh total 20K drwxrwxrwx+ 3 root domain users 4.0K 2010-06-28 14:58 .. drwxrwxrwx. 2 root students 4.0K 2010-06-30 09:11 test drwxrwxrwx+ 3 root domain users 4.0K 2010-06-30 09:11 . I still cannot create files under the 'test' directory I created. Windows is reporting for the share that the owner and groups have 'Special' permissions. Drilling down into their 'special' permissions reveals that both 'domain users' and 'students' do have Create Folders/Write data checked under the 'Allow' column. (I'll attach the picture.) Mike On Wed, Jun 30, 2010 at 8:46 AM, Gaiseric Vandal gaiseric.van...@gmail.comwrote: Did you try temporarily commenting out the valid users and write list lines. That should make it writable by default.If you are then able to write it suggests that samba is not correctly matching up the users' groups to the valid users and write list groups. Although if this were the case then you would probably have been denied write permissions. Is /home/share/students an NFS/autofs mount? What happens if you create a subdirectory (via unix) under students, with group owner students, permissions 777. Can users create files under that? If you look at the advanced permissions of the directories or files in windows, do you see any deny ACE's that may be trumping the allow ACE's? In unix, 770 means user and group has full access, and no one else has rights unless they are the user or group. However in Windows this may be getting interpreted as deny everyone some rights even if they are explicited granted rights as the user or group. ( I ran into this with Samba 3.0.x with Solaris 10 and ZFS ACL's.) On 06/30/2010 09:21 AM, Michael Lyon wrote: Here is the scenario: AD-authentication is functioning fine. I can query users and group info from wbinfo and getent just fine. The clients can map to the shares, but cannot write to the shares. I have tried variations of chmod 777 on absolute paths to enable read/write access to no avail. The share is configured as such: [student] comment = Test share path = /home/share/students public = yes writeable = yes browseable = yes create mask = 0770 force create mode = 0770 directory mask = 02770 force directory mode = 02770 directory security mask = 0775 admin users = DOMAIN\Administrator valid users = @students write list = @students inherit permissions = yes inherit acls = yes The error log reports: [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can Map shares but cannot write
[r...@vm-stusrv students]# getfacl /home/share/students/ getfacl: Removing leading '/' from absolute path names # file: home/share/students/ # owner: root # group: domain\040users user::rwx group::rwx group:students:rwx mask::rwx other::rwx Mike On Wed, Jun 30, 2010 at 9:20 AM, t...@tms3.com wrote: [r...@vm-stusrv students]# ls -latrh total 20K drwxrwxrwx+ 3 root domain users 4.0K 2010-06-28 14:58 .. drwxrwxrwx. 2 root students 4.0K 2010-06-30 09:11 test drwxrwxrwx+ 3 root domain users 4.0K 2010-06-30 09:11 . The + sign is an ACL. getfacl directory Let's see what that has to say. I still cannot create files under the 'test' directory I created. Windows is reporting for the share that the owner and groups have 'Special' permissions. Drilling down into their 'special' permissions reveals that both 'domain users' and 'students' do have Create Folders/Write data checked under the 'Allow' column. (I'll attach the picture.) Mike On Wed, Jun 30, 2010 at 8:46 AM, Gaiseric Vandal gaiseric.van...@gmail.comwrote: Did you try temporarily commenting out the valid users and write list lines. That should make it writable by default. If you are then able to write it suggests that samba is not correctly matching up the users' groups to the valid users and write list groups. Although if this were the case then you would probably have been denied write permissions. Is /home/share/students an NFS/autofs mount? What happens if you create a subdirectory (via unix) under students, with group owner students, permissions 777. Can users create files under that? If you look at the advanced permissions of the directories or files in windows, do you see any deny ACE's that may be trumping the allow ACE's? In unix, 770 means user and group has full access, and no one else has rights unless they are the user or group. However in Windows this may be getting interpreted as deny everyone some rights even if they are explicited granted rights as the user or group. ( I ran into this with Samba 3.0.x with Solaris 10 and ZFS ACL's.) On 06/30/2010 09:21 AM, Michael Lyon wrote: Here is the scenario: AD-authentication is functioning fine. I can query users and group info from wbinfo and getent just fine. The clients can map to the shares, but cannot write to the shares. I have tried variations of chmod 777 on absolute paths to enable read/write access to no avail. The share is configured as such: [student] comment = Test share path = /home/share/students public = yes writeable = yes browseable = yes create mask = 0770 force create mode = 0770 directory mask = 02770 force directory mode = 02770 directory security mask = 0775 admin users = DOMAIN\Administrator valid users = @students write list = @students inherit permissions = yes inherit acls = yes The error log reports: [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can Map shares but cannot write
Heh, I made myself the owner, and still can't create a file. [r...@vm-stusrv test]# getfacl /home/share/students/ getfacl: Removing leading '/' from absolute path names # file: home/share/students/ # owner: mlyon # group: students user::rwx group::rwx group:students:rwx mask::rwx other::rwx Mike On Wed, Jun 30, 2010 at 9:31 AM, t...@tms3.com wrote: [r...@vm-stusrv students]# getfacl /home/share/students/ getfacl: Removing leading '/' from absolute path names # file: home/share/students/ # owner: root # group: domain\040users user::rwx group::rwx group:students:rwx mask::rwx other::rwx Gotta run, but looks ok. However, I do hate having root as an owner of user files and such. It's an unusual problem. For shts and giggles try: chown -R Windows-User(I like group supervisors):Windows Group /home/share/students Mike On Wed, Jun 30, 2010 at 9:20 AM, t...@tms3.com wrote: [r...@vm-stusrv students]# ls -latrh total 20K drwxrwxrwx+ 3 root domain users 4.0K 2010-06-28 14:58 .. drwxrwxrwx. 2 root students 4.0K 2010-06-30 09:11 test drwxrwxrwx+ 3 root domain users 4.0K 2010-06-30 09:11 . The + sign is an ACL. getfacl directory Let's see what that has to say. I still cannot create files under the 'test' directory I created. Windows is reporting for the share that the owner and groups have 'Special' permissions. Drilling down into their 'special' permissions reveals that both 'domain users' and 'students' do have Create Folders/Write data checked under the 'Allow' column. (I'll attach the picture.) Mike On Wed, Jun 30, 2010 at 8:46 AM, Gaiseric Vandal gaiseric.van...@gmail.comwrote: Did you try temporarily commenting out the valid users and write list lines. That should make it writable by default. If you are then able to write it suggests that samba is not correctly matching up the users' groups to the valid users and write list groups. Although if this were the case then you would probably have been denied write permissions. Is /home/share/students an NFS/autofs mount? What happens if you create a subdirectory (via unix) under students, with group owner students, permissions 777. Can users create files under that? If you look at the advanced permissions of the directories or files in windows, do you see any deny ACE's that may be trumping the allow ACE's? In unix, 770 means user and group has full access, and no one else has rights unless they are the user or group. However in Windows this may be getting interpreted as deny everyone some rights even if they are explicited granted rights as the user or group. ( I ran into this with Samba 3.0.x with Solaris 10 and ZFS ACL's.) On 06/30/2010 09:21 AM, Michael Lyon wrote: Here is the scenario: AD-authentication is functioning fine. I can query users and group info from wbinfo and getent just fine. The clients can map to the shares, but cannot write to the shares. I have tried variations of chmod 777 on absolute paths to enable read/write access to no avail. The share is configured as such: [student] comment = Test share path = /home/share/students public = yes writeable = yes browseable = yes create mask = 0770 force create mode = 0770 directory mask = 02770 force directory mode = 02770 directory security mask = 0775 admin users = DOMAIN\Administrator valid users = @students write list = @students �� inherit permissions = yes inherit acls = yes The error log reports: [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED [2010/06/29 09:42:45, 2] smbd/open.c:2447(open_directory) open_directory: unable to create New folder. Error was NT_STATUS_ACCESS_DENIED Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can Map shares but cannot write
I've simplified the share as you noted, and still have the same results. If I create a file/folder on the linux side, I can read it without a problem. Once I map as a Window$ client, I cannot write. smb.conf: [global] workgroup = DOMAIN realm = ds.domain.edu server string = Samba Server Version %v netbios name = vm-stusrv security = ADS password server = * passdb backend = tdbsam admin users = @DOMAIN+Domain Admins log level = 2 log file = /var/log/samba/log.%m max log size = 5000 interfaces = eth0 lo socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=524288 SO_SNDBUF=524288 load printers = No #printing = printcap name = /etc/printcap client use spnego = yes client ntlmv2 auth = yes winbind use default domain = yes winbind separator = + winbind nested groups = Yes winbind enum users = yes winbind enum groups = yes winbind nss info = rfc2307 allow trusted domains = yes idmap uid = 1-9 idmap gid = 1-9 #idmap backend = ad idmap domains = DOMAIN idmap config DOMAIN:backend = ad idmap config DOMAIN:schema_mode = rfc2307 idmap config DOMAIN:range = 1000-75999 #template shell = /bin/bash #template homedir = /home/share #server signing = enabled ;dead time = 15 getwd cache = yes nt acl support = yes acl map full control = no store dos attributes = yes map acl inherit = yes local master = yes master browser = no dns proxy = no unix extensions = no guest account = nobody [student] comment = Test share path = /home/share/students public = yes writeable = yes browseable = yes Mike On Wed, Jun 30, 2010 at 9:34 AM, Chris Smith smb...@chrissmith.org wrote: On Wed, Jun 30, 2010 at 10:18 AM, Michael Lyon mjl...@gmail.com wrote: [student] comment = Test share path = /home/share/students public = yes writeable = yes browseable = yes create mask = 0770 force create mode = 0770 directory mask = 02770 force directory mode = 02770 directory security mask = 0775 You can map the share but not write, can you read files? Try simplifying the share further: == [student] comment = Test share path = /home/share/students public = yes writeable = yes browseable = yes == And make sure there is no valid users statement in the global section. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can Map shares but cannot write
I've added in: username map = /etc/samba/smbusers [r...@vm-stusrv ~]# more /etc/samba/smbusers # Unix_name = SMB_name1 SMB_name2 ... root = administrator nobody = guest Restarted smb. No luck. Thanks all for the help so far though! Mike On Wed, Jun 30, 2010 at 9:59 AM, Chris Smith smb...@chrissmith.org wrote: On Wed, Jun 30, 2010 at 10:45 AM, Michael Lyon mjl...@gmail.com wrote: I've simplified the share as you noted, and still have the same results. If I create a file/folder on the linux side, I can read it without a problem. Once I map as a Window$ client, I cannot write. You have 'public = yes' which is the synonym for 'guest ok = yes' , therefore anyone should be able to write. Let's make sure we have proper guest capabilities by adding 'username map' parameter and its associated file. For example: In global: username map = /etc/samba/smbusers Contents of /etc/samba/smbusers: root = administrator nobody = guest And as the guest account is nobody make sure that the nobody account is valid. Restart Samba and if you still have trouble it looks to be a permissions issue on the nix side. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Can Map shares but cannot write
The culprit was selinux. Thanks for everyone's help! Mike On Wed, Jun 30, 2010 at 2:26 PM, Gaiseric Vandal gaiseric.van...@gmail.comwrote: What happens if you try to mount a samba share via CIFS from linux (e.g. smbclient, mount -o cifs ?) Or may be mount the drive in windows with the net use command.Either way you explicitly set the domain/username. Do any of the other log files refer to issues with mapping users? What is the Host OS? Guessing some linux varient? On 06/30/2010 02:40 PM, James Zuelow wrote: Original Message From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On Behalf Of Michael Lyon Sent: Wednesday, June 30, 2010 6:37 AM To: t...@tms3.com Cc: samba@lists.samba.org Subject: Re: [Samba] Can Map shares but cannot write Heh, I made myself the owner, and still can't create a file. [r...@vm-stusrv test]# getfacl /home/share/students/ getfacl: Removing leading '/' from absolute path names # file: home/share/students/ # owner: mlyon # group: students user::rwx group::rwx group:students:rwx mask::rwx other::rwx Mike Try using the default flag for setfacl. I always have this problem with setfacl: $ setfacl -m g:students:rwx foo doesn't work, but I have better luck with $ setfacl -d -m g:students:rwx foo I don't know why, it seems like it should work with the first setup but it rarely does for me. And if THAT doesn't work, I connect to the share as an admin Windows user (administrator in your case) and set the ACLs using Windows Explorer. James Zuelow Network Specialist City and Borough of Juneau MIS (907) 586-0236 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4 Auth Against OpenDirectory (OpenLDAP)
I've been working through the instructions on the samba wiki: http://wiki.samba.org/index.php/Samba4/LDAP_Backend/OpenLDAP My OpenLDAP is running on Snow Leopard Server in an OpenDirectory environment. I run into this error: Administrator password will be set randomly! Traceback (most recent call last): File setup/provision, line 222, in module nosync=opts.nosync,ldap_dryrun_mode=opts.ldap_dryrun_mode) File bin/python/samba/provision.py, line 1201, in provision provision_backend.init() File bin/python/samba/provisionbackend.py, line 190, in init raise ProvisioningError(Warning: LDAP-Backend must be setup with path to slapd, e.g. --slapd-path=\/usr/local/libexec/slapd\!) samba.provisionexceptions.ProvisioningError: Warning: LDAP-Backend must be setup with path to slapd, e.g. --slapd-path=/usr/local/libexec/slapd! Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] OpenLDAP Samba4
I've been working through the instructions on the samba wiki: http://wiki.samba.org/index.php/Samba4/LDAP_Backend/OpenLDAP My OpenLDAP is running on Snow Leopard Server in an OpenDirectory environment. I run into this error: Administrator password will be set randomly! Traceback (most recent call last): File setup/provision, line 222, in module nosync=opts.nosync,ldap_ dryrun_mode=opts.ldap_dryrun_mode) File bin/python/samba/provision.py, line 1201, in provision provision_backend.init() File bin/python/samba/provisionbackend.py, line 190, in init raise ProvisioningError(Warning: LDAP-Backend must be setup with path to slapd, e.g. --slapd-path=\/usr/local/libexec/slapd\!) samba.provisionexceptions.ProvisioningError: Warning: LDAP-Backend must be setup with path to slapd, e.g. --slapd-path=/usr/local/libexec/slapd! Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba