headers
Daniel Müller | 1 Jun 2011 09:31
Picon

Re: Join W2008 R2 64bit to samba 3.5.8

Sorry,

but I did,

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LMCompatibilityLevel
from a 3 to a 1.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\param
eters\requiresecuritysignature
to a "0" (disabled)

HKLM\System\CCS\Services\LanmanWorkstation\Parameters
DWORD DomainCompatibilityMode = 1
DWORD DNSNameResolutionRequired = 0

And restarted several times and still the same when trying to join my W2008
to domain:

The following error occurred when DNS was queried for the service location
(SRV) resource record used to locate a domain controller for domain
"DNS name does not exist." ...................

Strange!!!
My Windows 7 clients just join without errors with the same registry
settings.
Did someone solve this???

Daniel

-----------------------------------------------
EDV Daniel Müller
(Continue reading)

Permalink | Reply | 8 comments |
headers
TLoD,Snake | 1 Jun 2011 12:02
Picon

Re: Samba serving sshfs shares: can't delete files

On 05/31/2011 10:26 PM, Jeremy Allison wrote:
> On Tue, May 31, 2011 at 07:43:16PM +0400, TLoD,Snake wrote:
>> Hello!
>>
>> I have samba share on my sshfs-mounted folder. All works just fine
>> except I can't delete files from sshfs unless they are in 0777 chmodded
>> directory. Even if that files were putted trough smbclient. I can read
>> files, write files (regardless their directory permissions) but not
>> delete them.
>>
>> Here is my share config:
>>
>> [myshare]
>> comment = shre over sshfs
>> path = /home/kli/work/remotes/dev
>> valid users = kli
>> public = no
>> writable = yes
>> printable = no
>> delete readonly = yes
>> read only = no
>> force group = kli
>> force user = kli
> 
> Post a debug level 10 log snippet of smbclient attempting
> to delete files.

[2011/06/01 13:57:16,  3] param/loadparm.c:9039(lp_load_ex)
  lp_load_ex: refreshing parameters
[2011/06/01 13:57:16,  3] param/loadparm.c:4848(init_globals)
(Continue reading)

Permalink | Reply | 0 comments |
headers
Dermot | 1 Jun 2011 12:31

Re: Fwd: A default profile

Cheers Louis, It works fine.
Dp.

On 29 May 2011 15:18, L.P.H. van Belle <belle <at> bazuin.nl> wrote:
> When using PDC, put the default User in the netlogon folder
> like this: \\Pdc\netlogon\Default User
>
> now the user wil be copied from that folder.
>
> Best regards,
>
> Louis
>
>>-----Oorspronkelijk bericht-----
>>Van: paikkos <at> googlemail.com
>>[mailto:samba-bounces <at> lists.samba.org] Namens Dermot
>>Verzonden: 2011-05-28 22:53
>>Aan: samba <at> lists.samba.org
>>Onderwerp: [Samba] Fwd: A default profile
>>
>>Hi,
>>
>>I am not using roaming profiles, but there is a feature in NT 4 where
>>you store a 'Default User' profile under the
>>C:\winnt\system32\repel\import\scripts\. When a user logins into the
>>Doman for the first time, they get a copy of that profile. I have
>>tried having a copy of the same profile to both the netlogon share and
>>the profiles share on my Samba PDC but the profile does not get
>>downloaded.
>>
(Continue reading)

Permalink | Reply | 0 comments |
headers
Felix Brack (Mailinglist | 1 Jun 2011 12:31
Picon

Access rights from ACLs not honored when setting file attributes?

This is somewhat a reincarnation of a problem I am facing since 
upgrading to samba 3.5.6 (3.5.8 is identical).

I use samba on an ext3 ACL enabled file system. Typically a users access 
rights are determined by his or her membership in different groups. The 
access right is therefore defined and granted by/to the group, not the 
user. These groups then appear in the ACL of directories and files 
whereby the access is granted.

This system works perfect when creating, modifying and delete files or 
directories - no issues at all.

However using the windows function 'SetFileAttributes' fails in case the 
user who is connected to the samba server and executes the function is 
not either the owner of the file/directory or member of the owning group 
of the file/directory. Therefore it looks like samba is ignoring any ACL 
entry when using the windows function 'SetFileAttributes'. No matter if 
there is an ACE granting the proper access right, samba fails.

Is there a principle difference in how samba interprets access rights 
depending on whom (user, primary group membership or ACL) grants them?
Why do file/directory operations such as create/modify/delete work, no 
matter how the access right was granted (including from ACL)?

regards Felix
--

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
(Continue reading)

Permalink | Reply | 2 comments |
headers
Dermot | 1 Jun 2011 13:03

Single sign on nivana

Hi,

I have Samba 3.5.6 that is running as a PDC for testing purposes. In
my production environment I still use a NT4 domain and all the samba
member server use domain security. One of the irritations I have with
the Samba members set-up is that I have to add the users to the local
server so that files created by a domain user are owned by them and
not the guest account. Ideally I would like to add the users to the
PDC alone and then if a domain user creates a file on a member server,
when I viewed those file, either from a windows machine or from a
shell on the member server, I could see who they belong to. I'm sure
that there is a means of doing this, but I get gleam it from the docs.
Can anyone advise me on the configuration I would need?

Thank you,
Dermot.
--

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Permalink | Reply | 5 comments |
headers
=?windows-1252?Q?L.P.H._van_Belle?= | 1 Jun 2011 13:37

Re: Single sign on nivana

Wel setup ldap with replication. 
I have this setup and i use syncrepl for ldap replication.
This is working for 5 years now. 
I manage my users and groups with the NT4 user manager. 

Look here.
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html
I use this setup : PDC -> LDAP master server, BDC -> LDAP slave server. 
My ldap slave is readonly.

I use debian OS. 
look here for a nice example
http://www.server-world.info/en/note?os=Debian_6.0&p=samba&f=6 
and look hier
http://fr33co.wordpress.com/2009/02/19/replicacion-ldap-con-syncrepl-en-debian-lenny/ 
if you need other language put it in a translator ;-) 

Good luck. 

Louis

>-----Oorspronkelijk bericht-----
>Van: paikkos <at> googlemail.com 
>[mailto:samba-bounces <at> lists.samba.org] Namens Dermot
>Verzonden: 2011-06-01 13:04
>Aan: samba <at> lists.samba.org
>Onderwerp: [Samba] Single sign on nivana
>
>Hi,
>
(Continue reading)

Permalink | Reply | 4 comments |
headers
Gaiseric Vandal | 1 Jun 2011 17:07
Picon

Re: Join W2008 R2 64bit to samba 3.5.8

Windows Active Directory users SRV DNS records to locate Active 
Directory servers (.e.g _ldap.mydomain.com -> mypdc.domain.com)  Since a 
Samba domain controller is (sort of) an NT4 server these won't be 
relevant for Windows clients.

Are you using a WINS server?  Are your samba server and Windows clients 
all using the same WINS server? That should help Windows clients find an 
"NT4" type domain.

FYI

For Win 7 and samba 3.4 (or later) the 3rd and 4th registry changes were 
required.  The 1st two don't look familiar.

On 06/01/2011 03:31 AM, Daniel Müller wrote:
> Sorry,
>
> but I did,
>
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LMCompatibilityLevel
> from a 3 to a 1.
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\param
> eters\requiresecuritysignature
> to a "0" (disabled)
>
> HKLM\System\CCS\Services\LanmanWorkstation\Parameters
> DWORD DomainCompatibilityMode = 1
> DWORD DNSNameResolutionRequired = 0
>
> And restarted several times and still the same when trying to join my W2008
(Continue reading)

Permalink | Reply | 2 comments |
headers
Dermot | 1 Jun 2011 17:21

Re: Single sign on nivana

Thanks but I am not sure that I have made myself clear.

I want to remove Windows NT from my production environment. I would
like to use Samba as the PDC with ldap backend and some replication.
So far in tests this all works EG, Window7 and WinXP can authenticate.

I have one more thing I would like to achieve. I want files on the
Samba member server to be owned by the domain user without having to
add each domain user locally to the member server's /etc/passwd file.

I don't think the articles you have suggested address how to do that.
Dp.

On 1 June 2011 12:37, L.P.H. van Belle <belle <at> bazuin.nl> wrote:
> Wel setup ldap with replication.
> I have this setup and i use syncrepl for ldap replication.
> This is working for 5 years now.
> I manage my users and groups with the NT4 user manager.
>
>
> Look here.
> http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html
> I use this setup : PDC -> LDAP master server, BDC -> LDAP slave server.
> My ldap slave is readonly.
>
> I use debian OS.
> look here for a nice example
> http://www.server-world.info/en/note?os=Debian_6.0&p=samba&f=6
> and look hier
> http://fr33co.wordpress.com/2009/02/19/replicacion-ldap-con-syncrepl-en-debian-lenny/
(Continue reading)

Permalink | Reply | 3 comments |
headers
TAKAHASHI Motonobu | 1 Jun 2011 17:37

Re: Access rights from ACLs not honored when setting file attributes?

From: "Felix Brack (Mailinglist)" <fb <at> ltec.ch>
Date: Wed, 01 Jun 2011 12:31:34 +0200

> This is somewhat a reincarnation of a problem I am facing since 
> upgrading to samba 3.5.6 (3.5.8 is identical).

(snip)

> However using the windows function 'SetFileAttributes' fails in case the 
> user who is connected to the samba server and executes the function is 
> not either the owner of the file/directory or member of the owning group 
> of the file/directory. Therefore it looks like samba is ignoring any ACL 
> entry when using the windows function 'SetFileAttributes'. No matter if 
> there is an ACE granting the proper access right, samba fails.

Can you set file attributes with GUI and Is "store dos attributes"
set?

As far as I examined at Samba 3.5.6, I can manually set attributes.

I accessed with user monyo to test2.doc whose ACL is set as below:

-----
# getfacl test2.doc
# file: test2.doc
# owner: tako
# group: root
user::rw-
group::rw-
group:aclshare3ro:r-x
(Continue reading)

Permalink | Reply | 1 comment |
headers
Felix Brack (Mailinglist | 1 Jun 2011 18:40
Picon

Re: Access rights from ACLs not honored when setting file attributes?

Finally! Many thanks, that did it.

The option 'store dos attributes' was not enabled. After I did enable it 
everything works as expected.

I did just a little research on 3 servers here and this is the result: 
on samba 3.2.5 the problem dose not show up if 'store dos attributes' is 
disabled. However on samba 3.5.6 and 3.5.8 this option is definitely 
required for my setup. I must have missed somewhere between samba 
version 3.2.5 and 3.5.6 that this option became mandatory for my kind of 
setup, shame on me.

You saved my weekend which starts right now!

Felix

On 01.06.2011 17:37, TAKAHASHI Motonobu wrote:
> From: "Felix Brack (Mailinglist)"<fb <at> ltec.ch>
> Date: Wed, 01 Jun 2011 12:31:34 +0200
>
>> This is somewhat a reincarnation of a problem I am facing since
>> upgrading to samba 3.5.6 (3.5.8 is identical).
>
> (snip)
>
>> However using the windows function 'SetFileAttributes' fails in case the
>> user who is connected to the samba server and executes the function is
>> not either the owner of the file/directory or member of the owning group
>> of the file/directory. Therefore it looks like samba is ignoring any ACL
>> entry when using the windows function 'SetFileAttributes'. No matter if
(Continue reading)

Permalink | Reply | 0 comments |

Gmane