Hi everyone,
I am currently trying to set-up a samba server in my network in order to
replace the existing windows samba server. It's been now two weeks that I am
struggling with a vicious problem, and I cannot see any issue right now.
Before I loose all my hairs, I am sharing with you this problem : hopefully,
someone will have a tip for me.
The software involved :
Server Linux CentOS 5.6
Windows 2003 Serveur R2 with working AD and another DNS server working just
fine.
# rpm -qa | grep samba
samba-3.0.33-3.29.el5_6.2
samba-common-3.0.33-3.29.el5_6.2
samba-client-3.0.33-3.29.el5_6.2
# rpm -qa | grep krb
pam_krb5-2.2.14-18.el5
pam_krb5-2.2.14-18.el5
krb5-libs-1.6.1-55.el5_6.1
krb5-devel-1.6.1-55.el5_6.1
krb5-workstation-1.6.1-55.el5_6.1
krb5-libs-1.6.1-55.el5_6.1
The smb.conf
http://pastebin.com/9iCd1meR
The krb5.conf
http://pastebin.com/nJ2DuBFi
In the nsswich.conf
passwd: files ldap winbind
shadow: files ldap
group: files ldap winbind
The problem (Everything seems to work just fine ):
# kinit -V thibaut
Password for thibaut at WORK-NETWORK.COM:
Authenticated to Kerberos v5
# net join -S pwdsrv -U Thibaut
Thibaut's password:
Using short domain name -- WORK
DNS update failed!
Joined 'smbsrv' to realm 'WORK-NETWORK.COM'
wbinfo -u
wbinfo -g
getent passwd
getent group
=> All of them returns all I want (users and groups, with locals for the
last two commands)
# smbclient -L localhost -U Thibaut
Password:
Domain=[WORK] OS=[Unix] Server=[Samba 3.0.33-3.29.el5_6.2]
Sharename Type Comment
--------- ---- -------
IPC$ IPC IPC Service (Server blabla)
thibaut Disk Home Directories
Domain=[WORK] OS=[Unix] Server=[Samba 3.0.33-3.29.el5_6.2]
Server Comment
--------- -------
SMBSRV Serveur blabla
Workgroup Master
--------- -------
WORK
. and that's all. The windows clients can connect and see some shares (I
guess thank's to passthru), for instance I can see my home folder and the
printers folders, but not the others as with smbclient. Furthermore, Even if
I can see the roots folders, I cannot parse them : I am prompted a
login+password form when I try to enter the "Thibaut" folder, for
instance.
I think I am connected as a guest user, but I am not sure of that.
And when I try to access the folder Thibaut, I got some logs :
[2011/07/20 09:50:38, 2] lib/access.c:check_access(323)
Allowed connection from (a.b.c.d)
[2011/07/20 09:50:38, 2] smbd/service.c:make_connection_snum(617)
user 'WORK\thibaut' (from session setup) not permitted to access this
share (thibaut)
So where am I going wrong ? L
Thibaut.
On Wed, 2011-07-20 at 10:44 +0200, Thibaut POUZET wrote:> The software involved : > > Server Linux CentOS 5.6 > > Windows 2003 Serveur R2 with working AD and another DNS server working just > fine. > > # rpm -qa | grep samba > > samba-3.0.33-3.29.el5_6.2 > > samba-common-3.0.33-3.29.el5_6.2 > > samba-client-3.0.33-3.29.el5_6.2 >Stop right there remove the samba packages and install the samba3x packages. Then take a look at my previous post made yesterday. [SNIP]> So where am I going wrong ? L >You are persisting on using a woefully out of date version of Samba when your distribution comes with a much more recent prepackaged version. Why anyone would want to use the plain samba packages in RHEL/CentOS when trying to intergrate to the AD is utterly beyond me. JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/20/2011 04:44 AM, Thibaut POUZET wrote:> Hi everyone, > > > > I am currently trying to set-up a samba server in my network in order to > replace the existing windows samba server. It's been now two weeks that I am > struggling with a vicious problem, and I cannot see any issue right now. > Before I loose all my hairs, I am sharing with you this problem : hopefully, > someone will have a tip for me. > > > > The software involved : > > Server Linux CentOS 5.6 > > Windows 2003 Serveur R2 with working AD and another DNS server working just > fine. > > # rpm -qa | grep samba > > samba-3.0.33-3.29.el5_6.2 > > samba-common-3.0.33-3.29.el5_6.2 > > samba-client-3.0.33-3.29.el5_6.2 > > # rpm -qa | grep krb > > pam_krb5-2.2.14-18.el5 > > pam_krb5-2.2.14-18.el5 > > krb5-libs-1.6.1-55.el5_6.1 > > krb5-devel-1.6.1-55.el5_6.1 > > krb5-workstation-1.6.1-55.el5_6.1 > > krb5-libs-1.6.1-55.el5_6.1 > > > > The smb.conf > > http://pastebin.com/9iCd1meR > > > > The krb5.conf > > http://pastebin.com/nJ2DuBFi > > > > In the nsswich.conf > > passwd: files ldap winbind > > shadow: files ldap > > group: files ldap winbind > > > > The problem (Everything seems to work just fine ): > > # kinit -V thibaut > > Password for thibaut at WORK-NETWORK.COM: > > Authenticated to Kerberos v5 > > > > # net join -S pwdsrv -U Thibaut > > Thibaut's password: > > Using short domain name -- WORK > > DNS update failed! > > Joined 'smbsrv' to realm 'WORK-NETWORK.COM' > > > > wbinfo -u > > wbinfo -g > > getent passwd > > getent group > > => All of them returns all I want (users and groups, with locals for the > last two commands) > > > > # smbclient -L localhost -U Thibaut > > Password: > > Domain=[WORK] OS=[Unix] Server=[Samba 3.0.33-3.29.el5_6.2] > > > > Sharename Type Comment > > --------- ---- ------- > > IPC$ IPC IPC Service (Server blabla) > > thibaut Disk Home Directories > > Domain=[WORK] OS=[Unix] Server=[Samba 3.0.33-3.29.el5_6.2] > > > > Server Comment > > --------- ------- > > SMBSRV Serveur blabla > > > > Workgroup Master > > --------- ------- > > WORK > > > > . and that's all. The windows clients can connect and see some shares (I > guess thank's to passthru), for instance I can see my home folder and the > printers folders, but not the others as with smbclient. Furthermore, Even if > I can see the roots folders, I cannot parse them : I am prompted a > login+password form when I try to enter the "Thibaut" folder, for instance. > I think I am connected as a guest user, but I am not sure of that. > > And when I try to access the folder Thibaut, I got some logs : > > > > [2011/07/20 09:50:38, 2] lib/access.c:check_access(323) > > Allowed connection from (a.b.c.d) > > [2011/07/20 09:50:38, 2] smbd/service.c:make_connection_snum(617) > > user 'WORK\thibaut' (from session setup) not permitted to access this > share (thibaut) > > > > So where am I going wrong ? L > > > > Thibaut. >I would first migrate from the no longer supported 3.0.x codebase to something supported by the samba team: http://wiki.samba.org/index.php/Samba3_Release_Planning I wrote up a quicky migration how-to so that people can move from the samba packages to RHEL's introduced samba3x packages. Perhaps that can help you move over: https://uisapp2.iu.edu/iukc-prd/pages/viewpage.action?pageId=137093 Robert - -- ________ Robert Freeman-Day https://launchpad.net/~presgas GPG Public Key: http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xBA9DF9ED3E4C7D36 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk4m2m4ACgkQup357T5MfTY6QQCfQMi/ZzNbOIGu7VnAzkbEPWO9 bpIAoJ2bEMrax0GftjvG618//WNCc23W =1eYc -----END PGP SIGNATURE-----
From: "Thibaut POUZET" <thibaut.pouzet at lyra-network.com> Date: Wed, 20 Jul 2011 10:44:34 +0200 (snip)> # smbclient -L localhost -U Thibaut > > Password: > > Domain=[WORK] OS=[Unix] Server=[Samba 3.0.33-3.29.el5_6.2] > > > > Sharename Type Comment > > --------- ---- ------- > > IPC$ IPC IPC Service (Server blabla) > > thibaut Disk Home Directories > > . and that's all. The windows clients can connect and see some shares (I > guess thank's to passthru), for instance I can see my home folder and the > printers folders, but not the others as with smbclient.Because in your smb.conf "browseable = no" is specified as: --- [Foo] comment = foo path=/srv/smb/Foo ; valid users = %S writeable = yes read only = no create mask = 0660 directory mask = 0770 browseable = no guest ok = no ---> Furthermore, Even if > I can see the roots folders, I cannot parse them : I am prompted a > login+password form when I try to enter the "Thibaut" folder, for instance. > I think I am connected as a guest user, but I am not sure of that.Can you access without "valid users" line? If you enabled "valid users = %S" in "Foo" share, of course you (except user "Foo") can not access the share. --- TAKAHASHI Motonobu <monyo at samba.gr.jp>
TAKAHASHI Motonobu
2011-Aug-09 14:27 UTC
[Samba] absolute path for recycle:repository (Re: Integrating samba with existing AD)
Please set proper subject... From: "Thibaut POUZET" <thibaut.pouzet at lyra-network.com> Date: Mon, 8 Aug 2011 10:44:19 +0200> I wonder if I have a bug with the VFS object recycle, or if I did not > understood everything. I cannot achieve to use the option > 'recycle:repository', I show you what I did : > > [foobar] > path = /srv/smb/data/foobar(snip)> vfs objects = recycle > > When I delete something in foobar, the file just disappears. I searched for > it : 'sudo updated ; locate foo.bar' returns nothing, and the folder > /srv/smb/recycle/ is empty. > BUT, if I set recycle:repository = .recycle/%U/ , then the file is as > expected in the folder .recycle/%U/.As I mentioned at http://lists.samba.org/archive/samba/2011-July/163498.html , absolute path is basically not allowed at "recycle:repository". --- TAKAHASHI Motonobu <monyo at samba.gr.jp>