Re: [Samba] Applying head to wall to figure out permissions issues.
All files. Applies to simple text files created in Notepad. Today will be the test as users will be back on the network. On Tue, Apr 23, 2013 at 12:58 AM, Daniel Müller muel...@tropenklinik.dewrote: HI, MS Office files or all files? Office files can have this issue. --- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de --- -Ursprüngliche Nachricht- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Wayne Edgar Gesendet: Montag, 22. April 2013 19:33 An: samba@lists.samba.org Betreff: [Samba] Applying head to wall to figure out permissions issues. I have a permissions issue on a Samba DC running 3.5.6. UserA does not have permissions to write to file opened by UserB. Specifically, a file created by UserA gets 764 permissions and UserB can't write to the file until permissions are changed either on the server to +w for other or UserA changes the permissions on the file from Windows for Everyone to have write permissions. I have tried nt acl support = no. I have gone line by line through the conf and can't see why this is not working. What information can I provide to for someone to better understand the issue? Attached my smb.conf. -- Wayne Edgar http://j.mp/wayneedgar -- Wayne Edgar http://j.mp/wayneedgar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Applying head to wall to figure out permissions issues.
I have a permissions issue on a Samba DC running 3.5.6. UserA does not have permissions to write to file opened by UserB. Specifically, a file created by UserA gets 764 permissions and UserB can't write to the file until permissions are changed either on the server to +w for other or UserA changes the permissions on the file from Windows for Everyone to have write permissions. I have tried nt acl support = no. I have gone line by line through the conf and can't see why this is not working. What information can I provide to for someone to better understand the issue? Attached my smb.conf. -- Wayne Edgar http://j.mp/wayneedgar [global] netbios name = Sampson netbios aliases = gatr workgroup = GATRHSV server string = GATR File Server wins support = yes ; wins server = w.x.y.z dns proxy = no name resolve order = lmhosts host wins bcast time server = yes interfaces = eth0 hosts deny = 10.56.61.0/255.255.255.0 bind interfaces only = yes log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = user encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes domain logons = yes logon path = logon drive = H: logon home = \\%N\%U preexec = /etc/samba/bin/netlogon %U logon script = %U.bat add user script = /usr/sbin/adduser --quiet --disabled-password --gecos %u add machine script = /usr/sbin/useradd -g machines -c %u machine account -d /home/samba/machines/ -s /bin/false %u add group script = /usr/sbin/addgroup --force-badname %g ; printing = bsd ; printcap name = /etc/printcap ; printing = cups ; printcap name = cups ; include = /home/samba/etc/smb.conf.%m socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 ; message command = /bin/sh -c '/usr/bin/linpopup %f %m %s; rm %s' domain master = yes preferred master = yes local master = yes os level = 255 ; idmap uid = 1-2 ; idmap gid = 1-2 ; template shell = /bin/bash ; winbind enum groups = yes ; winbind enum users = yes ; usershare max shares = 100 [homes] comment = Home Directories browseable = no read only = no create mask = 0775 directory mask = 0775 valid users = %S profile acls = yes nt acl support = no [netlogon] comment = Network Logon Service path = /home/samba/netlogon browsable = no guest ok = yes read only = yes share modes = no [sysadmin] comment = Systems Administration Files writeable = yes valid users = @sysadmin path = /home/samba/sysadmin browseable = no guest ok = no create mask = 0775 directory mask = 0775 [finance] comment = Accounting Directory writeable = yes valid users = @finance,@quickbooks path = /home/samba/finance guest ok = no create mask = 0775 directory mask = 0775 oplocks = no [busdev] comment = Business Development Directory writeable = yes valid users = @busdev path = /home/samba/busdev guest ok = no create mask = 0775 directory mask = 0775 hide unreadable = true [hr] comment = Human Resources Directory writeable = yes valid users = @hr path = /home/samba/hr guest ok = no create mask = 0775 directory mask = 0775 hide unreadable = true [shared] comment = Shared Directory writeable = yes valid users = @gatr path = /home/samba/shared create mask = 0775 directory mask = 0775 nt acl support = no [oldserver] comment = Old Server Data writeable = yes valid users = @gatr, rick path = /home/samba/oldserver create mask = 0775 directory mask = 0775 follow symlinks = yes wide links = yes force group = gatr force create mode = 775 force directory mode = 775 [design] comment = Design Drive writeable = yes #valid users = @design read list = @gatr write list = @design path = /home/samba/design create mask = 0775 directory mask = 0775 [vault] comment = Solidworks Vault writeable = yes valid users = @design path = /home/samba/swvault create mask = 0775 directory mask = 0775 [production] comment = Production Management writeable = yes valid users = @production path = /home/samba/production create mask = 0775 directory mask = 0775 [scans] comment = Printer Scans writeable = yes valid users = @gatr path = /home/scans create mask = 0775 directory mask = 0775 [purchasing] comment = Purchasing writeable = yes valid users = @purchasing path = /home/samba/purchasing create mask = 0775 directory mask = 0775 [qms] comment = Quality Management System writeable = yes
Re: [Samba] Applying head to wall to figure out permissions issues.
That did alleviate the symptoms. I still don't know what caused this server to suddenly start doing this. It's worked fine for a long time. I've inherited this DC from a previous IT guy who had crazy tight security. Thanks for the assistance! On Mon, Apr 22, 2013 at 8:59 PM, Paul Venzke venz...@srt.com wrote: -Original Message- From: samba-boun...@lists.samba.org [mailto:samba- boun...@lists.samba.org] On Behalf Of Wayne Edgar Sent: Monday, April 22, 2013 12:33 PM To: samba@lists.samba.org Subject: [Samba] Applying head to wall to figure out permissions issues. I have a permissions issue on a Samba DC running 3.5.6. UserA does not have permissions to write to file opened by UserB. Specifically, a file created by UserA gets 764 permissions and UserB can't write to the file until permissions are changed either on the server to +w for other or UserA changes the permissions on the file from Windows for Everyone to have write permissions. I have tried nt acl support = no. I have gone line by line through the conf and can't see why this is not working. What information can I provide to for someone to better understand the issue? Attached my smb.conf. -- Wayne Edgar http://j.mp/wayneedgar Have you considered the force create mode and/or force directory mode parameters in your share? PV If it ain't broken you're not trying -- Wayne Edgar http://j.mp/wayneedgar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Setuid bit always set on Vista mount
Files on my Vista mount always have the S mode (setgid bit?) set according to ls -l. This is a security hole and causes other problems. I can't clear the bit with chmod; in fact the results of doing chmod don't make any sense to me (I'll be glad to provide examples). Typical files show as -rwxrwSrwx, though not all. The smb.conf file has create mask 0666 and directory mask 0777 various places. I inherited this smb.conf so am reluctant to mess with it since I don't know what I'm doing. Thanks for any advice. Robert. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] A little gift - Edgar
Edgar Nunes belongs to Skoost and sent you a little gift. Click below to collect your gift: http://www.skoost.com/fun?samba%40lists%2Esamba%2Eorg/20603312/5 P.S. This is a safe and innocent gift that Edgar Nunes sent from Skoost, the free goodies website. This e-mail was sent to samba@lists.samba.org on 6/24/2009 7:45:34 PM on behalf of Edgar Nunes (edgar...@gmail.com) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] slowdown in the network with Samba 3.0.26a
Hello, I am using the version of Samba 3.0.26a through an architecture for 64-Bit, but I have noticed a slowdown in the network and would like to know if any of you have had a similar problem and managed to resolve it. Now I am grateful for the help. Edgar Nunes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] The process cannot access the file because another process has locked a portion of the file
Author: Sandra Date: 2007-06-26 21:26 +200 To: samba Subject: [Samba] The process cannot access the file because another process has locked a portion of the file I have a directory in a linux server (Debian) and it was exported by nfs to another linux server (Debian). In this last server, the directory was included in smb.conf (Samba) for Windows users. I can access the share from windows and create news files, but I cannot move files inside the subdirectories of the share. When I try to do this, I receive the follow message: Cannot copy file_name. The process cannot access the file because another process has locked a portion of the file. Anybody knows something about it? Sandra Yup, samba's default strict locking has changed. Set strict locking = no in [global] and that should solve the problem. Horrible that it's not in the Debian changelog - took me a week to figure out! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re[2]: [Samba] File Locking
Hi, I'm experiencing similar problems and described them in the list here http://lists.samba.org/archive/samba/2007-January/128794.html Ute has also had similar problems. We haven't been able to solve the problem using the oplocks options and are stuck. Oddly enough the swap file is opened rw but the file itself read=yes, write=no Thursday, February 22, 2007, 4:14:56 PM, schreef jij: On Thu, 2007-02-22 at 09:31 -0500, Alan Cheers wrote: Hi- I'm running Samba on OpenSuse10.2 and have shared some drives with Windows clients. The clients are accessing a bunch of MS Word files on the server and we have experienced a lot of weird file locking problems. Sometimes MS Word will open the file as Read-Only which is creating a bit of a headache. I would like to turn off file locking completely on the Samba side and was wondering what I needed to add to the .conf file. Is this enough? oplocks = No level2 oplocks = No Also, if I turn off the file locking on Samba and not on the clients via the registry, what kind of behaviour might I expect? No, oplocks are only a performance tweak, but turning them off will not disable file locking. As per the the smb.conf man file, (and though I hesitate to even tell you this.) locking = no is what you are asking for. However, I caution that a Minor Headache is nothing compared to the trouble you are asking for with this approach. locking=no should never be used on a filesystem that isn't read-only to begin with! It would be better, rather, to try to discover the source of your woe. Maybe, when you find a workstation that refuses to open a file read-write, you can try to run smbstatus on the server to find which computer is keeping a lock on that file. Thanks for any input. -Alan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] What Happened to my SAMBA? Permissions Issue
Hi Travis, I and a few others have been having similar problems in http://lists.samba.org/archive/samba/2007-January/128794.html and http://lists.samba.org/archive/samba/2007-February/129778.html Have you found any solution yet? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Office 2007 saves files as read only on samba shares?
More people are suffering from this problem: http://lists.samba.org/archive/samba/2007-January/128794.html ([Samba] What Happened to my SAMBA? Permissions Issue) and http://lists.samba.org/archive/samba/2007-February/129778.html ([Samba] File Locking) Friday, January 26, 2007, 4:53:40 PM, schreef jij: I've been running the same configuration for a couple of years now, and since I've upgraded to Office 2007, MS Word and MS Excel files save to my samba shares as -r even when they are opened as being chmod 777. Files I create/edit using other editors or windows explorer are put onto the share with the correct permissions. My conf looks like this: [global] workgroup = WG server string = WG machine netbios name = WG obey pam restrictions = Yes password server = passdb backend = smbpasswd encrypt passwords = true guest account = nobody passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . smb passwd file = /etc/samba/smbpasswd log level = 2 log file = /var/log/samba/log.%m max log size = 1000 time server = Yes server signing = auto socket options = IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT add machine script = /usr/sbin/adduser --ingroup machine --system --home /dev/null --no-create-home --force-badname %u logon path = logon home = logon script = %Gnetlogon.bat domain logons = Yes preferred master = Yes domain master = Yes wins proxy = Yes wins support = Yes ldap ssl = no panic action = /usr/share/samba/panic-action %d hosts allow = 192.168.0. profile acls = Yes dos filetimes = Yes [here] comment = here path = /export/home/here valid users = user1, user2 valid users = @group force group = group read list = @group write list = @group read only = No force create mode = 0770 create mask = 0770 directory mask = 0770 guest ok = No browseable = No In this I've never had 'force create mode' before, but adding it hasn't helped. [dump] comment = dump path = /export/home/dump valid users = @group1, @group2 force group = group1 read only = No create mask = 0770 Both shares will create new Office documents as being read only for the user as well as saving over documents that were chmod 777 as 400, but ONLY using MS Office 2007! In the file logs for the connecting machine I get: [2007/01/26 16:36:55, 2] smbd/open.c:open_file(245) user opened file here/filename.xls read=Yes write=No (numopen=2) where write /should/ be 'Yes'. Upping loglevel to 3 gives me a huge amount of data. I'm using samba 3.0.14a-3sarge2 (debian) Any ideas?! Best regards, Robin Edgar Tripany tel: 070-3816462 fax: 070-3816463 web: www.tripany.com KvK: 27191044 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] What Happened to my SAMBA? Permissions Issue
It turns out that profile acls = Yes in the [globals] section caused my problem. Removing it solved the problem. Monday, February 26, 2007, 11:01:42 AM, schreef jij: Hi Travis, I and a few others have been having similar problems in http://lists.samba.org/archive/samba/2007-January/128794.html and http://lists.samba.org/archive/samba/2007-February/129778.html Have you found any solution yet? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File Locking
profile acls = Yes in the [globals] section caused my problem. Removing it solved the problem. Thursday, February 22, 2007, 3:31:16 PM, schreef jij: Hi- I'm running Samba on OpenSuse10.2 and have shared some drives with Windows clients. The clients are accessing a bunch of MS Word files on the server and we have experienced a lot of weird file locking problems. Sometimes MS Word will open the file as Read-Only which is creating a bit of a headache. I would like to turn off file locking completely on the Samba side and was wondering what I needed to add to the .conf file. Is this enough? oplocks = No level2 oplocks = No Also, if I turn off the file locking on Samba and not on the clients via the registry, what kind of behaviour might I expect? Thanks for any input. -Alan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Office 2007 saves files as read only on samba shares? [solved]
It turns out that profile acls = Yes in the [globals] section caused my problem. Removing it solved the problem. Friday, January 26, 2007, 4:53:40 PM, schreef jij: I've been running the same configuration for a couple of years now, and since I've upgraded to Office 2007, MS Word and MS Excel files save to my samba shares as -r even when they are opened as being chmod 777. Files I create/edit using other editors or windows explorer are put onto the share with the correct permissions. My conf looks like this: [global] workgroup = WG server string = WG machine netbios name = WG obey pam restrictions = Yes password server = passdb backend = smbpasswd encrypt passwords = true guest account = nobody passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . smb passwd file = /etc/samba/smbpasswd log level = 2 log file = /var/log/samba/log.%m max log size = 1000 time server = Yes server signing = auto socket options = IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT add machine script = /usr/sbin/adduser --ingroup machine --system --home /dev/null --no-create-home --force-badname %u logon path = logon home = logon script = %Gnetlogon.bat domain logons = Yes preferred master = Yes domain master = Yes wins proxy = Yes wins support = Yes ldap ssl = no panic action = /usr/share/samba/panic-action %d hosts allow = 192.168.0. profile acls = Yes dos filetimes = Yes [here] comment = here path = /export/home/here valid users = user1, user2 valid users = @group force group = group read list = @group write list = @group read only = No force create mode = 0770 create mask = 0770 directory mask = 0770 guest ok = No browseable = No In this I've never had 'force create mode' before, but adding it hasn't helped. [dump] comment = dump path = /export/home/dump valid users = @group1, @group2 force group = group1 read only = No create mask = 0770 Both shares will create new Office documents as being read only for the user as well as saving over documents that were chmod 777 as 400, but ONLY using MS Office 2007! In the file logs for the connecting machine I get: [2007/01/26 16:36:55, 2] smbd/open.c:open_file(245) user opened file here/filename.xls read=Yes write=No (numopen=2) where write /should/ be 'Yes'. Upping loglevel to 3 gives me a huge amount of data. I'm using samba 3.0.14a-3sarge2 (debian) Any ideas?! Best regards, Robin Edgar Tripany tel: 070-3816462 fax: 070-3816463 web: www.tripany.com KvK: 27191044 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Fwd: [Samba] Office 2007 saves files as read only on samba shares?
So the situation now gets weirder the more I play with it: If I use windows to create a file and a directory the permissions are set properly: machine:/export/home/here/test# ls -alp total 12 drwxrwx--- 3 user group 4096 Jan 29 17:21 ./ drwxr-xr-x 28 root root 4096 Jan 29 17:20 ../ drwxrwx--- 2 user group 4096 Jan 29 17:21 testdir/ -rwxrwx--- 1 user group0 Jan 29 17:21 testtxt.txt When I create a word (or excel) document and save it, I get this: machine:/export/home/here/test# ls -alp total 28 drwxrwx--- 3 user group 4096 Jan 29 17:24 ./ drwxr-xr-x 28 root root 4096 Jan 29 17:20 ../ -r 1 user group 10246 Jan 29 17:24 Testdoc.docx drwxrwx--- 2 user group 4096 Jan 29 17:21 testdir/ -rwxrwx--- 1 user group 0 Jan 29 17:21 testtxt.txt -rwxrwx--- 1 user group 162 Jan 29 17:24 ~$estdoc.docx Note 2 things: the swapfile has the correct permissions, the .docx doesn't. If I chmod 770 the Testdoc.docx, then re-open and re-save it, the same happens as above. HOWEVER! If I chmod 777 Testdoc.docx, and then re-open and re-save I get these permissions. machine:/export/home/here/test# ls -alp total 28 drwxrwx--- 3 user group 4096 Jan 29 17:28 ./ drwxr-xr-x 28 root root 4096 Jan 29 17:20 ../ -rwxrwxrwx 1 user group 10278 Jan 29 17:28 Testdoc.docx drwxrwx--- 2 user group 4096 Jan 29 17:21 testdir/ -rwxrwx--- 1 user group 0 Jan 29 17:21 testtxt.txt -rwxrwx--- 1 user group 162 Jan 29 17:27 ~$estdoc.docx Not so strange, except create mask = 0770. What really wierds me out is when I chmod 775 Testdoc.docx and re-edit and save it: machine:/export/home/here/test# ls -alp total 28 drwxrwx--- 3 user group 4096 Jan 29 17:31 ./ drwxr-xr-x 28 root root 4096 Jan 29 17:20 ../ -r-xr-xr-x 1 user group 10322 Jan 29 17:31 Testdoc.docx drwxrwx--- 2 user group 4096 Jan 29 17:21 testdir/ -rwxrwx--- 1 user group 0 Jan 29 17:21 testtxt.txt -rwxrwx--- 1 user group 162 Jan 29 17:31 ~$estdoc.docx Can anyone please explain this behaviour?! This is a forwarded message From: Robin Edgar - Tripany [EMAIL PROTECTED] To: samba@lists.samba.org Date: Friday, January 26, 2007, 4:53:40 PM Subject: [Samba] Office 2007 saves files as read only on samba shares? ===8==Original message text=== I've been running the same configuration for a couple of years now, and since I've upgraded to Office 2007, MS Word and MS Excel files save to my samba shares as -r even when they are opened as being chmod 777. Files I create/edit using other editors or windows explorer are put onto the share with the correct permissions. My conf looks like this: [global] workgroup = WG server string = WG machine netbios name = WG obey pam restrictions = Yes password server = passdb backend = smbpasswd encrypt passwords = true guest account = nobody passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . smb passwd file = /etc/samba/smbpasswd log level = 2 log file = /var/log/samba/log.%m max log size = 1000 time server = Yes server signing = auto socket options = IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT add machine script = /usr/sbin/adduser --ingroup machine --system --home /dev/null --no-create-home --force-badname %u logon path = logon home = logon script = %Gnetlogon.bat domain logons = Yes preferred master = Yes domain master = Yes wins proxy = Yes wins support = Yes ldap ssl = no panic action = /usr/share/samba/panic-action %d hosts allow = 192.168.0. profile acls = Yes dos filetimes = Yes [here] comment = here path = /export/home/here valid users = user1, user2 valid users = @group force group = group read list = @group write list = @group read only = No force create mode = 0770 create mask = 0770 directory mask = 0770 guest ok = No browseable = No In this I've never had 'force create mode' before, but adding it hasn't helped. [dump] comment = dump path = /export/home/dump valid users = @group1, @group2 force group = group1 read only = No create mask = 0770 Both shares will create new Office documents as being read only for the user as well as saving over documents that were chmod 777 as 400, but ONLY using MS Office 2007! In the file logs for the connecting machine I get: [2007/01/26 16:36:55, 2] smbd/open.c:open_file(245) user opened file here/filename.xls read=Yes write=No (numopen=2) where write /should/ be 'Yes'. Upping loglevel to 3 gives me a huge amount of data. I'm using samba 3.0.14a-3sarge2 (debian) Any ideas?! Best regards, Robin Edgar Tripany tel
[Samba] Unavailable Domain
Hi, I have a samba 3.0.20 as domain master browser of a Windows network. Sometimes, the Windows workstations are getting a error: Windows cannot connect to the domain, either because the domain controller is down or otherwise unavailable, or because your computer account was not found. I was trying to change the RequireSignOrSeal register value of the windows workstations, but this didn't work. Looking for a error on the logs of windows workstation with this problem, I can see a worstation trying to connect in other workstation, and it not on server. The server is ok, the os level is 100. I can't find log messages of this workstation trying to be the domain master. How can I fix this problem? This error occur with some users, and this is a problem for me. Edgar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Administrators and Users Rights for Windows workstations
Hi, From: Louis van Belle [EMAIL PROTECTED] To: samba@lists.samba.org Date: Thu, 1 Sep 2005 16:40:17 +0200 Subject: RE: [Samba] Administrators and Users Rights for Windows workstations just disable the administrative shares. but why give users Administrator rights thats stupid. I know that it's not good idea. I'm getting the network control now, and we need of the few impact because the users. but use poledit and policy templates to disabled the c$ You can find the nessesary templates in the samba list. there's a link 2 a packages with howto examples policy templates etc. Louis Sorry, I don't know where this files are. Are there exists any site where the list files are saved? Edgar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Hide Cmd Logon Script
Hi, Can I run the logon script in Windows (2000 and XP) in background? I want run logon as service or hide the black login script command. Edgar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Administrators and Users Rights for Windows workstations
Hello, I having a problem with rights in Windows workstations. I want that all users can be administrators of yours stations when they are logged in your stations, but I don't want that they can see the share C$ of other stations. They can see this because they are administrators of the domain. They have primary group Domain Admins. If I try put the users on Administrators group, they can't logon. If I try put them on Domain Users group, they aren't administrators. If I put them in Administrators (primary group) and Domain Users, they aren't administrators. The only possibility for the users log as administrators is that they are inserted in Domain Admins group. The problem is the C$. We thinking about use a script to remove this share from Windows, but I'm not sure about if this solution is the best. Does someone know about any solution for this problem? I'm using samba 3.0.14 + LDAP Thanks Edgar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Administrators and Users Rights for Windows workstations
Hi, When the users are in Administrators group, they can map the C$ of all domain, even if they doesn't in Domain Admins group. Is it correct? If it's correct, I can't do this, because they can map. But your idea can be used on Power Users (I think). Because I don't want that the users be administrators, I want that they can do administratives works (example: install programs). I hadn't explain right, sorry. I was talking about it with other frinds, I think that other solution is put the users on Domain Users group and run a .reg , built with poledit, for push this file and give permission of install and others (many others) to users. Edgar 2005/9/1, [EMAIL PROTECTED] [EMAIL PROTECTED] : Hi, it's simple: 1.) put all users in YOURDOMAIN\Domain Users or YOURDOMAIN\Workstation Admins or what you would like 2.) put this group (YOURDOMAIN\Domain Users, YOURDOMAIN\Workstation Admins) into the local group Administrators of each Workstation (you may use vbscript to automate this...) Mit freundlichem Gruß, Dirk Laurenz Systems Engineer PSO - Professional Service Organisation Fujitsu Siemens Computers Hildesheimer Strasse 25 30880 Laatzen Germany Telephone: +49 (511) 84 89 - 18 08 Telefax: +49 (511) 84 89 - 25 18 08 Mobile: +49 (170) 22 10 781 Email: mailto:[EMAIL PROTECTED][EMAIL PROTECTED] Internet: http://www.fujitsu-siemens.comhttp://https/0/webmail.abg.fsc.net/exchweb/bin/redir.asp?URL=http://www.fujitsu-siemens.com http://www.fujitsu-siemens.de/rl/servicesupport/itdienstleistungen/competencecenter.htmlhttp://https/0/webmail.abg.fsc.net/exchweb/bin/redir.asp?URL=http://www.fujitsu-siemens.de/rl/servicesupport/itdienstleistungen/competencecenter.html *** -- *Von:* [EMAIL PROTECTED] im Auftrag von Edgar Fonseca *Gesendet:* Do 01.09.2005 16:23 *An:* samba@lists.samba.org *Betreff:* [Samba] Administrators and Users Rights for Windows workstations Hello, I having a problem with rights in Windows workstations. I want that all users can be administrators of yours stations when they are logged in your stations, but I don't want that they can see the share C$ of other stations. They can see this because they are administrators of the domain. They have primary group Domain Admins. If I try put the users on Administrators group, they can't logon. If I try put them on Domain Users group, they aren't administrators. If I put them in Administrators (primary group) and Domain Users, they aren't administrators. The only possibility for the users log as administrators is that they are inserted in Domain Admins group. The problem is the C$. We thinking about use a script to remove this share from Windows, but I'm not sure about if this solution is the best. Does someone know about any solution for this problem? I'm using samba 3.0.14 + LDAP Thanks Edgar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba https://pdbvpn1.fujitsu-siemens.com/https/0/lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Administrators and Users Rights for Windows workstations
Hi, The error when the user of Administrators group was log in was caused for other things, sorry for my precipitation. It was the nscd daemon, sometimes he causes strange results. I'm thinking about the strange comportament of logged users. If the user is in Administrators group (created on LDAP) the user can log in but he doesn't Administrator. He has limited privileges. I'm not sure yet, but I thing that he is Power User. I'm really not sure. Edgar 2005/9/1, Paul Gienger [EMAIL PROTECTED]: I having a problem with rights in Windows workstations. I want that all users can be administrators of yours stations when they are logged in your stations, but I don't want that they can see the share C$ of other stations. They can see this because they are administrators of the domain. They have primary group Domain Admins. If I try put the users on Administrators group, they can't logon. Since this is the more 'proper' way to do it, lets find out why they can't log in under this condition. What kind of errors do you get here? If I try put them on Domain Users group, they aren't administrators. If I put them in Administrators (primary group) and Domain Users, they aren't administrators. How are you making this their primary group?? Administrators should be a local group and you shouldn't be able to make a network users's primary group a local group unless you're doing something horribly wrong (by convention). The only possibility for the users log as administrators is that they are inserted in Domain Admins group. The problem is the C$. We thinking about use a script to remove this share from Windows, but I'm not sure about if this solution is the best. Does someone know about any solution for this problem? I'm using samba 3.0.14 + LDAP Thanks Edgar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] fstab mounting
Sorry, did not know how to reply to the mailing list... samba in fstab //server/share /mountpoint smbfs userid=foo,passwd=bar,rw 0 0 -- Paul Edgar Verification Engineer Linux Technology Center / IBM External 512.838.1493 / TieLine 678-1493 [EMAIL PROTECTED] No trees were destroyed in the sending of this message, however, a significant number of electrons were terribly inconvenienced. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] questions
Hi, I have a samba server running on Linux (RedHat 9.0), with the security set to user and 3 valid user IDs. The clients are 3 PCs running on Windows XP (HomeEdition) and connected through a router. From the PCs running Windows I can see the localhost (Sambas Server), but for some reason one PC can only connect to the share directory on the Samba Server. The questions are as follows. 1. Should every user log in with a different user ID to access the shared directory on the Samba Server? or can I use the same user ID to log in on different PCs to access the shared directory? 2. Could there be another reason why only one PC can connect to the shared directory? Note that I ran the utility ping on the Window PCs and the Linux machine and got good replies so I do not think there is a connection problem. Any help will be appreciated! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba PDC + XP: still not solved?
Hi all, I've been reading and there's a lot to read but no solution! I'm using samba 2.2.3a-12.3 for Debian and I seem to have set everything I can: changed the signsecurechannel, sealsecurechannel in the registry to 0 (and back to 1), Changed the policies for autoenrollent and the password encryption (put that off in samba and in windows and then back on again) But ALWAYS do I get the following problem - when I change the settings in the computer properties samba makes the accounts fine (in passwd, shadow and smbpasswd), and I get the welcome to domain screen. When I reboot and try to log in, it can't find the PDC or it won't accept my logon. When I have a look in the logfile all it shows is: [2003/11/21 18:03:37, 2] smbd/server.c:exit_server(458) Closing connections [2003/11/21 18:03:50, 2] lib/access.c:check_access(321) Allowed connection from (192.168.0.28) [2003/11/21 18:04:01, 2] smbd/server.c:exit_server(458) Closing connections [2003/11/21 18:07:11, 1] smbd/reply.c:reply_sesssetup_and_X(1052) Username guest is invalid on this system (last message after I log into the XP machine instead of the domain). I've seen this message a few times, but nowhere is there any real solution! SOMEONE must have fixed this by now! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
NMBD crashing in 2.2.7a (and 2.2.6, 2.2.5)
Hi all, I've been having a problem with nmbd crashing multiple times per day. I suspect that the problem is caused by a shell script that tries to lookup the name for ws to ws4000 to build a DNS reverse table. It look something like this: #!/bin/ksh typeset -Z4 i=0 while (( $i 4000 )); do host=ws$i nmblookup $host | awk -v host=$host ' /^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/ { printf(%s IN A %s\n, host, $1) } ' (( i = i + 1 )) done I have a level 10 debug log which I could send if it would be useful. Let me know if there is any more information I can provide. Bob [EMAIL PROTECTED]:16]- uname -a SunOS salt 5.7 Generic_106541-19 sun4u sparc SUNW,Ultra-60 [EMAIL PROTECTED]:02]- gdb /usr/local/samba/bin/nmbd 5051 GNU gdb 5.0 Copyright 2000 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type show copying to see the conditions. There is absolutely no warranty for GDB. Type show warranty for details. This GDB was configured as sparc-sun-solaris2.7...(no debugging symbols found)... /usr/proc/bin/5051: No such file or directory. Attaching to program `/usr/local/samba/bin/nmbd', process 5051 Reading symbols from /usr/lib/libsec.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libsec.so.1 Reading symbols from /usr/lib/libgen.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libgen.so.1 Reading symbols from /usr/lib/libsocket.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libsocket.so.1 Reading symbols from /usr/lib/libnsl.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libnsl.so.1 Reading symbols from /usr/lib/libdl.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libdl.so.1 Reading symbols from /usr/dt/lib/libpam.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/dt/lib/libpam.so.1 Reading symbols from /usr/lib/libc.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libc.so.1 Reading symbols from /usr/lib/libmp.so.2...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libmp.so.2 Reading symbols from /usr/platform/SUNW,Ultra-60/lib/libc_psr.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/platform/SUNW,Ultra-60/lib/libc_psr.so.1 Retry #1: Retry #2: Retry #3: Retry #4: [New LWP 1] Symbols already loaded for /usr/lib/libsec.so.1 Symbols already loaded for /usr/lib/libgen.so.1 Symbols already loaded for /usr/lib/libsocket.so.1 Symbols already loaded for /usr/lib/libnsl.so.1 Symbols already loaded for /usr/lib/libdl.so.1 Symbols already loaded for /usr/dt/lib/libpam.so.1 Symbols already loaded for /usr/lib/libc.so.1 Symbols already loaded for /usr/lib/libmp.so.2 Symbols already loaded for /usr/platform/SUNW,Ultra-60/lib/libc_psr.so.1 0xff21a374 in _waitid () from /usr/lib/libc.so.1 (gdb) bt #0 0xff21a374 in _waitid () from /usr/lib/libc.so.1 #1 0xff1d8374 in _waitpid () from /usr/lib/libc.so.1 #2 0xff20ffd0 in system () from /usr/lib/libc.so.1 #3 0x7d1d0 in smb_panic () #4 0x641ac in fault_report () #5 signal handler called #6 0xff1506bc in memcpy () from /usr/platform/SUNW,Ultra-60/lib/libc_psr.so.1 #7 0x2bc10 in query_name_response () #8 0x30ac0 in process_nmb_response () #9 0x30b44 in run_packet_queue () #10 0x21b0c in process () #11 0x22c10 in main () (gdb) [EMAIL PROTECTED]:55]- ./pstack 5051 5051: /usr/local/sbin/nmbd -d 10 -D ff21a374 waitid (0, 268, ffbeebc8, 103) ff1d836c _waitpid (268, ffbeecb0, 100, 0, c, 0) + 54 ff20ffc8 system (112690, da000, 70d98, 7, d3db0, d3dc4) + 230 0007d1c8 smb_panic (d3e0c, d3db0, d3dc4, 29, 0, ee800) + 28 000641a4 fault_report (b, 0, ffbeefa8, 0, 0, 0) + 164 ff219650 sigacthandler (b, 0, ffbeefa8, 68, 0, ffbef2dc) + 28 --- called from signal handler with signal 11 (SIGSEGV) --- ff1506bc memcpy (1122f0, 33f8d8, 33d618, 89, 0, ee800) + 1c 00030ab8 process_nmb_response (33d618, 33d618, 9fc00, 0, ffbef320, ffbef328) + d0 00030b3c run_packet_queue (0, 0, 0, 7, ff235e10, 69e24) + 74 00021b04 process (1, f, bb8dc, 370, 9fc00, ee800) + 54 00022c08 main (4, d8c00, 9fc00, a6800, 0, 0) + 8e8 00020920 _start (0, 0, 0, 0, 0, 0) + 108 [EMAIL PROTECTED]:56]- ./pmap 5051 5051: /usr/local/sbin/nmbd -d 10 -D 0001512K read/exec /usr/local/samba/bin/nmbd 0009E000240K read/write/exec /usr/local/samba/bin/nmbd 000DA000 2528K read/write/exec [ heap ] FF14 8K read/write/shared dev:85,2 ino:115369 FF15 16K read/exec /usr/platform/sun4u/lib/libc_psr.so.1 FF16 16K read/exec /usr/lib/libmp.so.2 FF172000 8K read/write/exec /usr/lib/libmp.so.2 FF18664K read/exec /usr/lib/libc.so.1 FF234000 40K read/write/exec /usr/lib/libc.so.1 FF25 24K
RE: NMBD crashing in 2.2.7a (and 2.2.6, 2.2.5)
Sorry, I forgot to include smb.conf. I am building the 2.2.8 release now and will install it in the next couple of hours (assuming all builds cleanly) so any testing can be done against that release. The current (2.2.7a) release we built with the following: CC=/opt/SUNWspro/bin/cc ../../configure \ --with-automount \ --with-msdfs \ --with-nisplus-home \ --with-readline \ --with-pam \ --with-syslog \ --with-utmp \ --with-tdbsam \ --with-libsmbclient \ --with-configdir=/etc/samba \ --with-privatedir=/etc/samba/private \ --with-codepagedir='${prefix}/codepages' \ --with-lockdir=/var/samba/locks \ --localstatedir=/var/samba \ --mandir=/usr/local/share/man # # Global parameters # [global] comment = %h.fra.ib.commerzbank.com server string = Spicenet administrative server max log size = 51200 debug timestamp = Yes debug uid = Yes debuglevel = 1 panic action = /bin/sleep 9 # When nmbd dies you will find a sleep process left on the machine. # Using ps, find the parent of this process (it will be an nmbd process), # then attach to it using gdb. # Type 'bt' to get a backtrace of the problem and mail it to the list # [EMAIL PROTECTED] workgroup = FRAIB security = DOMAIN encrypt passwords = Yes # # password server= * works but broke when the network melted down. # password server = pdcfraib dfsfraib sms1fraib name resolve order = host, wins load printers = No printcap name = /etc/printcap character set = ISO8859-1 wins proxy = Yes wins server = pdcfraib.fra.ib.commerzbank.com valid chars = 159 176 177 178 179 180 185 186 187 188 191 192 193 194 \ 195 196 197 200 201 202 203 204 205 206 217 218 219 220 223 242 254 remote announce = pdclonib NIS homedir = Yes print command = /usr/bin/lp -c -s -d %p -o nobanner %s; rm %s lpq command = /usr/bin/lpstat -o %p lprm command = /usr/bin/cancel %p-%j lppause command = /usr/bin/lp -H hold %p-%j lpresume command = /usr/bin/lp -H resume %p-%j oplocks = No kernel oplocks = No level2 oplocks = No case sensitive = No preserve case = Yes username map = /etc/samba/username.map [homes] admin users = edgarb comment = Home Directory path = %H writeable = Yes create mask = 0755 browseable = No [Clearcase] comment = Clearcase software path = /export/share/clearcase/v4.1 force user = root force group = root writeable = Yes create mask = 0755 directory mask = 0755 [Clearcase42] comment = Clearcase software path = /export/share/clearcase/v4.2 force user = root force group = root writeable = Yes create mask = 0755 directory mask = 0755 [CCData] comment = Clearcase Data Store path = /export/var/clearcase write list = @ccaccess create mask = 0775 directory mask = 0775 read only = yes -Original Message- From: Edgar, Bob [mailto:[EMAIL PROTECTED] Sent: Freitag, 28. März 2003 14:20 To: '[EMAIL PROTECTED]' Subject: NMBD crashing in 2.2.7a (and 2.2.6, 2.2.5) Hi all, I've been having a problem with nmbd crashing multiple times per day. I suspect that the problem is caused by a shell script that tries to lookup the name for ws to ws4000 to build a DNS reverse table. It look something like this: #!/bin/ksh typeset -Z4 i=0 while (( $i 4000 )); do host=ws$i nmblookup $host | awk -v host=$host ' /^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/ { printf(%s IN A %s\n, host, $1) } ' (( i = i + 1 )) done I have a level 10 debug log which I could send if it would be useful. Let me know if there is any more information I can provide. Bob [EMAIL PROTECTED]:16]- uname -a SunOS salt 5.7 Generic_106541-19 sun4u sparc SUNW,Ultra-60 [EMAIL PROTECTED]:02]- gdb /usr/local/samba/bin/nmbd 5051 GNU gdb 5.0 Copyright 2000 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type show copying to see the conditions. There is absolutely no warranty for GDB. Type show warranty for details. This GDB was configured as sparc-sun-solaris2.7...(no debugging symbols found)... /usr/proc/bin/5051: No such file or directory. Attaching to program `/usr/local/samba/bin/nmbd', process 5051 Reading symbols from /usr/lib/libsec.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libsec.so.1 Reading symbols from /usr/lib/libgen.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libgen.so.1 Reading symbols from /usr/lib/libsocket.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libsocket.so.1 Reading symbols from /usr/lib/libnsl.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib/libnsl.so.1
RE: NMBD crashing in 2.2.7a (and 2.2.6, 2.2.5)
Thanks, I've built and installed the 2.2.8 version. I'll give feedback on Monday. bob -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Freitag, 28. März 2003 18:25 To: Edgar, Bob Cc: '[EMAIL PROTECTED]' Subject: Re: NMBD crashing in 2.2.7a (and 2.2.6, 2.2.5) On Fri, Mar 28, 2003 at 02:19:48PM +0100, Edgar, Bob wrote: Hi all, I've been having a problem with nmbd crashing multiple times per day. I suspect that the problem is caused by a shell script that tries to lookup the name for ws to ws4000 to build a DNS reverse table. It look something like this: #!/bin/ksh typeset -Z4 i=0 while (( $i 4000 )); do host=ws$i nmblookup $host | awk -v host=$host ' /^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/ { printf(%s IN A %s\n, host, $1) } ' (( i = i + 1 )) done I have a level 10 debug log which I could send if it would be useful. Let me know if there is any more information I can provide. I think this is a bug we fixed for 2.2.8. Can you please try with the updated version. Thanks, Jeremy.