Samba and XP permissions management
Hi, I've setup samba3 in freeBSD with a "Stuff" share under the user/group "bob/bob" with permission 770. I've also added an ACL to this dir to allow "joe" r-x access to the directory as well as ensuring the default ACL is nothing more than rwx for user/group. So far the ACL's in unix work and access appears to be correct when connecting from XP to the samba share. When I create a folder in "holidayphotos" as user "bob" from xp in the share the "holidayphotos" dir has the default permissions drwxrwx---+ gary gary holidayphotos With the ACL been the defaults previously set. This is as expected based on the ACL and smb.conf setup Now I want to allow "joe" to have read/execute access to the holidayphotos directory. I could do this by logging into the server and using setfacl -m u:joe:rx holidayphotos However, I want to instead be able to simply right click the folder at the time I created it in XP, select properties, go to the security tab click add (or go via advanced) and then add "joe" to the permissions list. The problem I'm facing is that "check names" will not accept joe as a valid name. The only way I've been able to do this is to add to the share config in smb.conf admin users = bob; Is there any way to allow bob to add new permissions without this? Without it, bob can only change existing permissions. The reason I'd like to avoid this, is that now when I create files, they're defaulted to "root:bob" which means I now also have to set "inherit owner = yes" to ensure new files I create are assigned to "bob:bob", this has the side effect that should any other users create files in subfolders, those files are also auto switched to "bob:bob" However, the biggest reason is that if I joe creates (or has a folder created for him) called joes-photos and joe wishes to allow "mandy" access to view the directory contents, he is unable to add mandy due to the above check names problem. He would also now have to be an admin of the share, which isn't going to happen. From what I can tell, my options are to always admin ACL permissions via ssh, or not allow users to create folders outside of shares they're admins of, which although possible may be a little more inconvenient. Any alternatives or a config option I've missed? One other quick question regarding ACL. If I create a directory with "root:wheel rwxr-x--- testing" is there any way to add a user "bob" with rwx permissions to the ACL of that directory without the wheel group having to change to rwx to prevent "bob" getting an effective "r-x" permission? Currently I'm using a dummy group with rwx by default to avoid this. Thanks, Gary ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: OT samba and XP
On Tue, Nov 04, 2003 at 04:15:53PM -0700, george wrote: > I can connect to my samba shares reliably with 98/95/ME/2000 but when i try and > connect > with XP pro the xp pro machine locks up like its waiting for something > and i eventually have to ctr/alt/del and reboot or log off of it. > > Below is my config file. Have you tried connecting from XP using the IP address of the samba server? \\1.2.3.4\data (in map network drive popup, making sure you use a user/pass that's valid on the smb server) If that works ok then it's perhaps an issue with netbios naming - perhaps try giving the smb server a netbios name and make sure it's in the same workgroup as the xp machine. -- Jez Hancock - System Administrator / PHP Developer http://munk.nu/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: OT samba and XP
Or run nmbd as well as smbd and enter WINS in Windows settings On Tue, Nov 04, 2003 at 03:41:21PM -0800, Rick Duvall wrote: > Check that your reverse DNS is set up correctly for both machines. I had > the same problem earlier today, where my laptop running win98 worked fine > but the XP machine would time out. I found my reverse DNS was wrong for the > samba server. So, I fixed it and it works fine now. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: OT samba and XP
Check that your reverse DNS is set up correctly for both machines. I had the same problem earlier today, where my laptop running win98 worked fine but the XP machine would time out. I found my reverse DNS was wrong for the samba server. So, I fixed it and it works fine now. Sincerely, Rick Duvall - Original Message - From: "george" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, November 04, 2003 3:15 PM Subject: OT samba and XP I can connect to my samba shares reliably with 98/95/ME/2000 but when i try and connect with XP pro the xp pro machine locks up like its waiting for something and i eventually have to ctr/alt/del and reboot or log off of it. Below is my config file. can someone suggest a fix? running version 2.2.8A # Samba config file created using SWAT # from 0.0.0.0 (0.0.0.0) # Date: 2003/11/04 16:11:39 # Global parameters [global] coding system = client code page = 850 code page directory = /usr/local/etc/codepages workgroup = WORKGROUP netbios name = netbios aliases = netbios scope = server string = Samba Server interfaces = bind interfaces only = No security = USER encrypt passwords = Yes update encrypted = No allow trusted domains = Yes hosts equiv = min passwd length = 6 map to guest = Never null passwords = No obey pam restrictions = No password server = smb passwd file = /usr/local/private/smbpasswd root directory = pam password change = No passwd program = /usr/bin/passwd passwd chat = *\n*ew\spassword* %n\n *ew\spassword* %n\n *updating\sthe\sdatabase...\npasswd:\sdone\n passwd chat debug = No username map = password level = 0 username level = 0 unix password sync = No restrict anonymous = No lanman auth = Yes use rhosts = No admin log = No log level = 0 syslog = 1 syslog only = No log file = /var/log/log.%m max log size = 50 timestamp logs = Yes debug hires timestamp = No debug pid = No debug uid = No protocol = NT1 large readwrite = Yes max protocol = NT1 min protocol = CORE read bmpx = No read raw = Yes write raw = Yes acl compatibility = nt smb support = Yes nt pipe support = Yes nt status support = Yes announce version = 4.9 announce as = NT max mux = 50 max xmit = 16644 name resolve order = lmhosts host wins bcast max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = No unix extensions = No change notify timeout = 60 deadtime = 0 getwd cache = Yes keepalive = 300 lpq cache time = 10 max smbd processes = 0 max disk size = 0 max open files = 1 name cache timeout = 660 read size = 16384 socket options = TCP_NODELAY stat cache size = 50 use mmap = Yes total print jobs = 0 load printers = Yes printcap name = /etc/printcap disable spoolss = No enumports command = addprinter command = deleteprinter command = show add printer wizard = Yes os2 driver map = strip dot = No mangling method = hash character set = mangled stack = 50 stat cache = Yes domain admin group = domain guest group = machine password timeout = 604800 add user script = delete user script = logon script = logon path = \\%N\%U\profile logon drive = logon home = \\%N\%U domain logons = No os level = 20 lm announce = Auto lm interval = 60 preferred master = Auto local master = Yes domain master = Auto browse list = Yes enhanced browsing = Yes dns proxy = No wins proxy = No wins server = wins support = Yes wins hook = kernel oplocks = Yes lock spin count = 3 lock spin time = 10 oplock break wait time = 0 add share command = change share command = delete share command = config file = preload = lock dir = /var/lock pid directory = /var/run default service = data message command = dfree command = valid chars = remote announce = remote browse sync = socket address = 0.0.0.0 homedir map = time offset = 0 NIS homedir = No source environment = panic action = hide local users = No winbind uid = winbind gid = template homedir = /home/%D/%U template shell = /bin/false winbind separator = \ winbind cache time = 15 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = No comment = path = alternate permissions = No username = guest account = nobody invalid users = valid users = admin users = read list = write list = printer admin = force user = force group = read only = No create mask = 0744 force create mode = 00 security mask = 0777 force security mode = 00 directory mask = 0755 force directory mode = 00 directory security mask = 0777 force directory security mode = 00 force unknown acl user = 00 inherit permissions = No inherit acls = No guest only = No guest ok = No only user = No hosts allow = hosts deny = status = Yes nt acl support = Yes profile acls = No block size = 1024 max connections = 0 min print space = 0 strict allocate = No strict sync = No sync always = No write cache size = 0 max print jobs = 1000 printable = No postscript = No printing = bsd print command = lpr -r -P%p %s lpq command = lpq -P%p lprm command = lprm -P%p %j lppause command = lpresume command = queuepause command = queueresume command = printer name =
OT samba and XP
I can connect to my samba shares reliably with 98/95/ME/2000 but when i try and connect with XP pro the xp pro machine locks up like its waiting for something and i eventually have to ctr/alt/del and reboot or log off of it. Below is my config file. can someone suggest a fix? running version 2.2.8A # Samba config file created using SWAT # from 0.0.0.0 (0.0.0.0) # Date: 2003/11/04 16:11:39 # Global parameters [global] coding system = client code page = 850 code page directory = /usr/local/etc/codepages workgroup = WORKGROUP netbios name = netbios aliases = netbios scope = server string = Samba Server interfaces = bind interfaces only = No security = USER encrypt passwords = Yes update encrypted = No allow trusted domains = Yes hosts equiv = min passwd length = 6 map to guest = Never null passwords = No obey pam restrictions = No password server = smb passwd file = /usr/local/private/smbpasswd root directory = pam password change = No passwd program = /usr/bin/passwd passwd chat = *\n*ew\spassword* %n\n *ew\spassword* %n\n *updating\sthe\sdatabase...\npasswd:\sdone\n passwd chat debug = No username map = password level = 0 username level = 0 unix password sync = No restrict anonymous = No lanman auth = Yes use rhosts = No admin log = No log level = 0 syslog = 1 syslog only = No log file = /var/log/log.%m max log size = 50 timestamp logs = Yes debug hires timestamp = No debug pid = No debug uid = No protocol = NT1 large readwrite = Yes max protocol = NT1 min protocol = CORE read bmpx = No read raw = Yes write raw = Yes acl compatibility = nt smb support = Yes nt pipe support = Yes nt status support = Yes announce version = 4.9 announce as = NT max mux = 50 max xmit = 16644 name resolve order = lmhosts host wins bcast max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = No unix extensions = No change notify timeout = 60 deadtime = 0 getwd cache = Yes keepalive = 300 lpq cache time = 10 max smbd processes = 0 max disk size = 0 max open files = 1 name cache timeout = 660 read size = 16384 socket options = TCP_NODELAY stat cache size = 50 use mmap = Yes total print jobs = 0 load printers = Yes printcap name = /etc/printcap disable spoolss = No enumports command = addprinter command = deleteprinter command = show add printer wizard = Yes os2 driver map = strip dot = No mangling method = hash character set = mangled stack = 50 stat cache = Yes domain admin group = domain guest group = machine password timeout = 604800 add user script = delete user script = logon script = logon path = \\%N\%U\profile logon drive = logon home = \\%N\%U domain logons = No os level = 20 lm announce = Auto lm interval = 60 preferred master = Auto local master = Yes domain master = Auto browse list = Yes enhanced browsing = Yes dns proxy = No wins proxy = No wins server = wins support = Yes wins hook = kernel oplocks = Yes lock spin count = 3 lock spin time = 10 oplock break wait time = 0 add share command = change share command = delete share command = config file = preload = lock dir = /var/lock pid directory = /var/run default service = data message command = dfree command = valid chars = remote announce = remote browse sync = socket address = 0.0.0.0 homedir map = time offset = 0 NIS homedir = No source environment = panic action = hide local users = No winbind uid = winbind gid = template homedir = /home/%D/%U template shell = /bin/false winbind separator = \ winbind cache time = 15 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = No comment = path = alternate permissions = No username = guest account = nobody invalid users = valid users = admin users = read list = write list = printe
Re: Samba and XP?
On Fri, 31 Jan 2003 16:08:44 -0500, John Wilson wrote: >I am currently seeking advice in regard to allowing an XP Home Edition >machine to have access to a FreeBSD mount. I've looked over Samba, and not >only have I seen references to XP's inability to join a 'domain >based-network', but also don't really like the idea of installing Samba as >it's a rather large package (relatively speaking) for what it simply does. > >My only other alternative, if I am correct, is trying to obtain an NFS >client for the XP machine and simply serve NFS mounts on the FBSD host. The >downside to this is the cost of the NFS clients for the XP machine. :) > >Are there any other alternatives available here? If not, which of the above >two 'solutions' would be best? I only have one BSD machine and one XP >machine, and I'd like to allow read/write access to a FBSD mount from the XP >machine. I have SAMBA 2.2.6 and Windows XP working great. I have Samba setup as a PDC. the worst you have to do is run the SignOrSeal.reg fix from microsoft to login. you have to do that with NT 5.0 as well. --- doug reynolds | the maverick | [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
OT - Re: Samba and XP?
On Sat, 1 Feb 2003, Jason Hunt wrote: > OT, but my understanding is that Windows XP Home Edition will not log > in to NT4-based (SMB-only) networks, but only Windows 2000 (Active > Directory) networks. However, Windows XP Professional will log in to > both. In my experience, XP Home is completely useless. One of the tricks it does is randomly drop any static IP addresses it has been set and grant itself new ones from ranges that are already assigned. Also, sometimes when there is nothing wrong network-wise other than an unplugged cable, it will lead the clueless user through a whole rigmarole where they are encouraged to "Set up home networking" or some such, which rips through every network setting on the box and they end up trying to do some non-IP nonsense called "Bridged connection" or whatever (nothing to do with Ethernet bridging I'm sure), and then the user wonders why they can't "get on the net" anymore - "Nothing works, I've followed all the instructions, I think your firewall thing is broken". XP pro doesn't seem to do anything like that, presumably because its designed to be actually used on a corporate network where they might be people around who'll see through it. -- W. Palfreman. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
RE: Samba and XP?
XP Home will not 'log into' ANY server-based network (NT4 domain model OR Active Directory). However, this does not mean you can't access samba shares on other machines. ie. it supports workgroup networking but not domain networking. Login to the local XP Home box, browse on the network to find the SMB server you want, and open it up. The XP Home box will attempt to authenticate using the local user's username and password: if that fails, it will pop up a box asking for a valid username and password. This should work just fine. XP Home CAN also access shares on servers that are part of a domain, using this same method. The only difference is that the username and password used must be valid on the domain. BTW: just to make it clear, if the credentials used to login to the local XP Home box exist on the SMB server, the user will be let straight through without being asked for another password. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jason Hunt Sent: Sunday, 2 February 2003 9:33 AM To: Bill Moran Cc: John Wilson; [EMAIL PROTECTED] Subject: Re: Samba and XP? On Fri, 31 Jan 2003, Bill Moran wrote: > There's an XP machine right behind me that talks to our Samba server just > fine. Just don't configure Samba to be a domain server. > > And, it does work just fine under domain systems as well. Samba just doesn't > do active directory yet. > OT, but my understanding is that indows XP Home Edition will not log in to NT4-based (SMB-only) networks, but only Windows 2000 (Active Directory) networks. However, Windows XP Professional will log in to both. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: Samba and XP?
On Fri, 31 Jan 2003, Bill Moran wrote: > There's an XP machine right behind me that talks to our Samba server just > fine. Just don't configure Samba to be a domain server. > > And, it does work just fine under domain systems as well. Samba just doesn't > do active directory yet. > OT, but my understanding is that indows XP Home Edition will not log in to NT4-based (SMB-only) networks, but only Windows 2000 (Active Directory) networks. However, Windows XP Professional will log in to both. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: Samba and XP?
If you don't want to install samba, find a windows ftp client that is easy to use... seems I've seen some that pretend to be hard drives on your desktop... can't remember the name, but the friend that had it seemed to like it. -philip On Fri, 31 Jan 2003, John Wilson wrote: > Good Day, > > I am currently seeking advice in regard to allowing an XP Home Edition > machine to have access to a FreeBSD mount. I've looked over Samba, and not > only have I seen references to XP's inability to join a 'domain > based-network', but also don't really like the idea of installing Samba as > it's a rather large package (relatively speaking) for what it simply does. > > My only other alternative, if I am correct, is trying to obtain an NFS > client for the XP machine and simply serve NFS mounts on the FBSD host. The > downside to this is the cost of the NFS clients for the XP machine. :) > > Are there any other alternatives available here? If not, which of the above > two 'solutions' would be best? I only have one BSD machine and one XP > machine, and I'd like to allow read/write access to a FBSD mount from the XP > machine. > > Any help or suggestions would be appreciated. > > - John > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: Samba and XP?
John Wilson wrote: Good Day, I am currently seeking advice in regard to allowing an XP Home Edition machine to have access to a FreeBSD mount. I've looked over Samba, and not only have I seen references to XP's inability to join a 'domain based-network', There's an XP machine right behind me that talks to our Samba server just fine. Just don't configure Samba to be a domain server. And, it does work just fine under domain systems as well. Samba just doesn't do active directory yet. but also don't really like the idea of installing Samba as it's a rather large package (relatively speaking) for what it simply does. Well, I didn't think it was a terribly big package, but that's my opinion. My only other alternative, if I am correct, is trying to obtain an NFS client for the XP machine and simply serve NFS mounts on the FBSD host. The downside to this is the cost of the NFS clients for the XP machine. :) I don't recommend this. Aside from the cost, I've never found one that worked worth a damn. Are there any other alternatives available here? If not, which of the above two 'solutions' would be best? I only have one BSD machine and one XP machine, and I'd like to allow read/write access to a FBSD mount from the XP machine. I think you'll be just fine with Samba. Just make sure you're properly firewalled off (you should be with Windows anyway) -- Bill Moran Potential Technologies http://www.potentialtech.com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
RE: Samba and XP?
You could go upside-down and use the FreeBSD machine mounting a XP-share. You say that you're using XPhome so ActiveDirectroy or any other Domain-Controlling issues shouldn't play a role. I think mount_smbfs is your friend. Best regards, -Harry [EMAIL PROTECTED] wrote: > Good Day, > > I am currently seeking advice in regard to allowing an XP Home Edition > machine to have access to a FreeBSD mount. I've looked over Samba, > and not only have I seen references to XP's inability to join a > 'domain based-network', but also don't really like the idea of > installing Samba as it's a rather large package (relatively speaking) > for what it simply does. > > My only other alternative, if I am correct, is trying to obtain an NFS > client for the XP machine and simply serve NFS mounts on the FBSD > host. The downside to this is the cost of the NFS clients for the XP > machine. :) > > Are there any other alternatives available here? If not, which of > the above two 'solutions' would be best? I only have one BSD machine > and one XP machine, and I'd like to allow read/write access to a FBSD > mount from the XP machine. > > Any help or suggestions would be appreciated. > > - John > > > To Unsubscribe: send mail to [EMAIL PROTECTED] > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Samba and XP?
Good Day, I am currently seeking advice in regard to allowing an XP Home Edition machine to have access to a FreeBSD mount. I've looked over Samba, and not only have I seen references to XP's inability to join a 'domain based-network', but also don't really like the idea of installing Samba as it's a rather large package (relatively speaking) for what it simply does. My only other alternative, if I am correct, is trying to obtain an NFS client for the XP machine and simply serve NFS mounts on the FBSD host. The downside to this is the cost of the NFS clients for the XP machine. :) Are there any other alternatives available here? If not, which of the above two 'solutions' would be best? I only have one BSD machine and one XP machine, and I'd like to allow read/write access to a FBSD mount from the XP machine. Any help or suggestions would be appreciated. - John To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message