samba - Sep 2004 - Samba Share Help Needed

Hi,

I have the following directory shared for the user "pcbadmin". He/she 
can mount and read/write without any difficulty:

[pcbdata]
    comment = PCB Design Files
    path = /home/pcbadmin/pcbdata
    valid users = pcbadmin
    public = no
    writable = yes

Question: How can I make the same directory only readable by the rest of 
the users ?

TIA, Ben

Il 21/09/2004, alle ore 16:08, Ben ha scritto:
> Question: How can I make the same directory only readable by the rest of 
> the users ?
[pcbdata]
    comment = PCB Design Files
    path = /home/pcbadmin/pcbdata
    writable = no
    write list = pcbadmin

-- 
Ciao,
  Marco.

..."Dancing", Mike Keneally & Beer for Dolphins 2000

Hi All,

I?m working hard on understing how to make trust relationship work between
to samba servers with ldap backend.

In my lab I have two Debian Sarge boxes running samba 3.0.7 with openldap
2.1.30. I joined each other domain with both machines. In the first one
(DOM1) I created the machine account with the command smbldap-useradd -a -i
DOM2 and set it?s password. Did the same on the second box with
smbldap-useradd -a -i DOM3. The strange thing is that these trust domain
account doesn?t have the $ simbol in front of it.

Next I?ve tried to add the trusting in DOM1 using the command "net rpc
trustdom add DOM2 123" and retyped the passsword. And did with DOM2
"net rpc
trustdom add DOM1 654" and retyped the password.

And then I tried to establish the trust relationship in DOM1 doing "net rpc
trustdom establish DOM2" typed the password 654 and got the following
error:

[2004/09/21 10:53:19, 0] utils/net_rpc.c:rpc_trustdom_establish(3075)
  Couldn't verify trusting domain account. Error was NT_STATUS_OK

Did the same on DOM2 and got the same error.

Does anybody have a clue of what I?m doing wrong?

Thank?s you all.

Gustavo

On Tuesday 21 September 2004 13:09, Gustavo Lima wrote:
>     John,
>
> I cleanned all the entries from my ldap. Created the OUs again.
>
> Joined the local and the remote domain.
>
> dom1:/etc# net rpc join -S dom1 -U Administrator%passwd
> dom1:/etc# net rpc join -S dom2 -U Administrator%passwd
No. Each machine needs to join its own domain.

- John T.
>
> Created the machine user:
>
> dom1:/etc/smbldap-tools# smbldap-useradd -a -i dom2
> New password : 123456
> Retype new password : 123456
> dom1:/etc/smbldap-tools# net rpc trustdom add dom2 123456
> Password: 123456
>
> Then I listed the trusts:
>
> teste1:/etc/smbldap-tools# net rpc trustdom list
> Password: (here, everything I type works)
> Trusted domains list:
>
> none
>
> Trusting domains list:
>
> none
>
> Other tip?
>
> Gustavo
-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
OpenLDAP by Example, ISBN: 0131488732
Other books in production.

John,

Just berfore I explain how it worked a last question. In NT networks we need
to replicate WINS between PDCs. Is this needed in samba? How does it work?
Or I have to use the same WINS server to all PDC over WAN? Not clear for me.

I did this way.

Joined the local domain.

Created a machine account with smbldap-useradd -w dom2 on domain 1 machine.

Then changed it?s password and at last changed the sambaAcctFlags in ldap db
to [I].

At this time the trusting was showed on list command.

Then I did the same on the domain 2 machine.

Ending the story I established the trust on dom1 with the command

net rpc trustdom establish dom2

and put the dom2 machine account password.

At last I repeated the process on machine dom2.

Logged on WinXP and everything was working fine.

Thank?s by the tips. Were very usefull.

Gustavo

On Tuesday 21 September 2004 14:13, Gustavo Lima wrote:
> John,
>
> Just berfore I explain how it worked a last question. In NT networks we
> need to replicate WINS between PDCs. Is this needed in samba? How does it
> work? Or I have to use the same WINS server to all PDC over WAN? Not clear
> for me.
You need to use one single WINS server. WINS replication is not yet fully 
implemented and is therefore not functional.

- John T.
>
> I did this way.
>
> Joined the local domain.
>
> Created a machine account with smbldap-useradd -w dom2 on domain 1 machine.
>
> Then changed it?s password and at last changed the sambaAcctFlags in ldap
> db to [I].
>
> At this time the trusting was showed on list command.
>
> Then I did the same on the domain 2 machine.
>
> Ending the story I established the trust on dom1 with the command
>
> net rpc trustdom establish dom2
>
> and put the dom2 machine account password.
>
> At last I repeated the process on machine dom2.
>
> Logged on WinXP and everything was working fine.
>
> Thank?s by the tips. Were very usefull.
>
> Gustavo
-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
OpenLDAP by Example, ISBN: 0131488732
Other books in production.

John,

Let?s start with another issue.

My other domains have quite unstable connections. So it?s hard to work just
using the main WINS server in all offices. I need to maintain on each office
some kind of secondary WINS to respond just for the local network if the
primary fails.

Can I use simultaneously the wins support = yes and wins server = 10.0.0.2
(for example) entrys in a samba configuration and point a secondary WINS
server in the clients?

Gustavo

On Wednesday 22 September 2004 07:15, Gustavo Lima
wrote:
>         John,
>
> Let?s start with another issue.
>
> My other domains have quite unstable connections. So it?s hard to work just
> using the main WINS server in all offices. I need to maintain on each
> office some kind of secondary WINS to respond just for the local network if
> the primary fails.
>
> Can I use simultaneously the wins support = yes and wins server = 10.0.0.2
> (for example) entrys in a samba configuration and point a secondary WINS
> server in the clients?
No. That does not work.

- John T.
-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
OpenLDAP by Example, ISBN: 0131488732
Other books in production.