Mister Olli
2008-Mar-05 17:30 UTC
[Samba] Samba as standalone server & problems with saving documents
Hi...
I wanna use samba 3.0.28 (on FreeBSD 7.0) machine just to serve some
shares with different content.
We have several users, and access to a share should be managed by the
unix group a user is in. so if the user is a member of the group
'business' he has access to a share called business. Every users has his
primary group set to 'users'. I implemented that for several groups:
- software
- internal
- business
- acquise
everything works fine, except for the 'business' share. when a user
opens a word/powerpoint file, the file is opened as 'read-only' and you
can't save it under another name. This issue is only seen under
WindowsXP, and I wasn't able to reproduce it within VMware, so it have
to rely on the client maschine & users that actually have the problem.
My config (testparm -v) is attached to this mail...
any suggestions how to fix that? my clients are currently pissed ;-))
regards,
olli
-------------- next part --------------
[global]
dos charset = CP850
unix charset = UTF-8
display charset = LOCALE
workgroup = WORKGROUP
netbios name = FILER
netbios aliases =
netbios scope =
server string = File Server (filer)
interfaces = 127.0.0.1/32, 192.168.95.225
bind interfaces only = Yes
security = USER
auth methods =
encrypt passwords = Yes
update encrypted = No
client schannel = Auto
server schannel = Auto
allow trusted domains = Yes
map to guest = Never
null passwords = No
obey pam restrictions = No
password server = *
smb passwd file = /usr/local/etc/samba/smbpasswd
private dir = /usr/local/etc/samba
passdb backend = smbpasswd
algorithmic rid base = 1000
root directory =
guest account = nobody
enable privileges = Yes
pam password change = No
passwd program =
passwd chat = *new*password* %n\n *new*password* %n\n *changed*
passwd chat debug = No
passwd chat timeout = 2
check password script =
username map =
password level = 0
username level = 0
unix password sync = No
restrict anonymous = 0
lanman auth = Yes
ntlm auth = Yes
client NTLMv2 auth = No
client lanman auth = Yes
client plaintext auth = Yes
preload modules =
use kerberos keytab = No
log level = 5
syslog = 1
syslog only = No
log file = /var/log/samba/samba.log
max log size = 5000
debug timestamp = Yes
debug prefix timestamp = No
debug hires timestamp = No
debug pid = No
debug uid = No
enable core files = Yes
smb ports = 445
large readwrite = Yes
max protocol = NT1
min protocol = CORE
read bmpx = No
read raw = Yes
write raw = Yes
disable netbios = No
reset on zero vc = No
acl compatibility = auto
defer sharing violations = Yes
nt pipe support = Yes
nt status support = Yes
announce version = 4.9
announce as = NT
max mux = 50
max xmit = 16644
name resolve order = lmhosts wins host bcast
max ttl = 259200
max wins ttl = 518400
min wins ttl = 21600
time server = No
unix extensions = Yes
use spnego = Yes
client signing = auto
server signing = No
client use spnego = Yes
enable asu support = No
svcctl list =
deadtime = 0
getwd cache = Yes
keepalive = 300
lpq cache time = 30
max smbd processes = 0
paranoid server security = Yes
max disk size = 0
max open files = 10000
open files database hash size = 10007
socket options = TCP_NODELAY
use mmap = Yes
hostname lookups = No
name cache timeout = 660
load printers = No
printcap cache time = 750
printcap name = /dev/null
cups server =
iprint server =
disable spoolss = Yes
addport command =
enumports command =
addprinter command =
deleteprinter command =
show add printer wizard = Yes
os2 driver map =
mangling method = hash2
mangle prefix = 1
max stat cache size = 1024
stat cache = Yes
machine password timeout = 604800
add user script =
rename user script =
delete user script =
add group script =
delete group script =
add user to group script =
delete user from group script =
set primary group script =
add machine script =
shutdown script =
abort shutdown script =
username map script =
logon script =
logon path = \\%N\%U\profile
logon drive =
logon home = \\%N\%U
domain logons = No
os level = 20
lm announce = Auto
lm interval = 60
preferred master = Auto
local master = Yes
domain master = Auto
browse list = Yes
enhanced browsing = Yes
dns proxy = No
wins proxy = No
wins server =
wins support = No
wins hook =
kernel oplocks = Yes
lock spin time = 200
oplock break wait time = 0
ldap admin dn =
ldap delete dn = No
ldap group suffix =
ldap idmap suffix =
ldap machine suffix =
ldap passwd sync = no
ldap replication sleep = 1000
ldap suffix =
ldap ssl =
ldap timeout = 15
ldap page size = 1024
ldap user suffix =
add share command =
change share command =
delete share command =
eventlog list =
config file =
preload =
lock directory = /var/db/samba
pid directory = /var/run
default service =
message command =
get quota command =
set quota command =
remote announce =
remote browse sync =
socket address = 192.168.95.225 #172.31.2.10
homedir map =
afs username map =
afs token lifetime = 604800
log nt token command =
time offset = 0
NIS homedir = No
usershare allow guests = No
usershare max shares = 0
usershare owner only = Yes
usershare path = /var/db/samba/usershares
usershare prefix allow list =
usershare prefix deny list =
usershare template share =
panic action =
host msdfs = Yes
passdb expand explicit = No
idmap domains =
idmap backend =
idmap alloc backend =
idmap cache time = 900
idmap negative cache time = 120
idmap uid =
idmap gid =
template homedir = /home/%D/%U
template shell = /bin/false
winbind separator = \
winbind cache time = 300
winbind enum users = No
winbind enum groups = No
winbind use default domain = No
winbind trusted domains only = No
winbind nested groups = Yes
winbind nss info = template
winbind refresh tickets = No
winbind offline logon = No
winbind normalize names = No
comment =
path =
username =
invalid users = root, toor, daemon, operator, bin, tty, kmem, games,
news, man, sshd, smmsp, mailnull, bind, proxy, _pflogd, _dhcp, uucp, pop, www
valid users =
admin users =
read list =
write list =
printer admin =
force user =
force group =
read only = Yes
acl check permissions = Yes
acl group control = No
acl map full control = Yes
create mask = 0744
force create mode = 00
security mask = 00
force security mode = 00
directory mask = 0755
force directory mode = 00
directory security mask = 00
force directory security mode = 00
force unknown acl user = No
inherit permissions = No
inherit acls = No
inherit owner = No
guest only = No
guest ok = No
only user = No
hosts allow = 192.168.128., 192.168.90., 192.168.200., 192.168.95.,
172.20.1., 192.168.96., 192.168.0., 192.168.67., 192.168.1., 172.30.1.,
192.168.94., 192.168.99., 192.168.68., 172.31.3.
hosts deny =
allocation roundup size = 1048576
aio read size = 0
aio write size = 0
aio write behind =
ea support = No
nt acl support = Yes
profile acls = No
map acl inherit = No
afs share = No
block size = 1024
change notify = Yes
directory name cache size = 100
kernel change notify = Yes
max connections = 0
min print space = 0
strict allocate = No
strict sync = No
sync always = No
use sendfile = No
write cache size = 0
max reported print jobs = 0
max print jobs = 1000
printable = No
printing = bsd
cups options =
print command = lpr -r -P'%p' %s
lpq command = lpq -P'%p'
lprm command = lprm -P'%p' %j
lppause command =
lpresume command =
queuepause command =
queueresume command =
printer name =
use client driver = No
default devmode = Yes
force printername = No
printjob username = %U
default case = lower
case sensitive = Auto
preserve case = Yes
short preserve case = Yes
mangling char = ~
hide dot files = No
hide special files = No
hide unreadable = No
hide unwriteable files = No
delete veto files = No
veto files =
hide files =
: veto oplock files =
map archive = Yes
map hidden = No
map system = No
map readonly = yes
mangled names = Yes
mangled map =
store dos attributes = No
dmapi support = No
browseable = Yes
blocking locks = Yes
csc policy = manual
fake oplocks = No
locking = Yes
oplocks = Yes
level2 oplocks = Yes
oplock contention limit = 2
posix locking = Yes
strict locking = Auto
share modes = Yes
dfree cache time = 0
dfree command =
copy =
include =
preexec =
preexec close = No
postexec =
root preexec =
root preexec close = No
root postexec =
available = Yes
volume =
fstype = NTFS
set directory = No
wide links = No
follow symlinks = No
dont descend =
/bin,/boot,/cdrom,/compat,/dev,/dist,/etc,/lib,/libexec,/media,/mnt,/proc,/rescue,/root,/sbin,/sys,/tmp,/usr,/var
magic script =
magic output =
delete readonly = No
dos filemode = No
dos filetimes = Yes
dos filetime resolution = No
fake directory create times = No
vfs objects =
msdfs root = No
msdfs proxy =
[homes]
comment = Home Directories
read only = No
force create mode = 0600
directory mask = 0700
browseable = No
[intern]
comment = Admin Stuff
path = /daten/intern
valid users = +intern
force group = intern
read only = No
force create mode = 0660
directory mask = 0770
[business]
comment = business stuff
path = /daten/business
valid users = +business
force group = business
read only = No
force create mode = 0660
directory mask = 0770
[software]
comment = software stuff
path = /daten/software
valid users = +software
force group = software
read only = No
force create mode = 0660
directory mask = 0770
[acquise]
comment = acquise stuff
path = /daten/acquise
valid users = +acquise
force group = acquise
read only = No
force create mode = 0660
directory mask = 0770
Tamas Csabina
2008-Mar-07 10:23 UTC
[Samba] Samba as standalone server & problems with saving documents
Hi, I had the same issue. In may case the `force group` option had the problem. If I removed it, there was no `read-only` problems. I saw that your other shares have the same option, so it is a bit strange... You can also try to upgrade to version 3.2, as this `force group` problem is solved in that version. Regards, Tamas Csabina On Wed, 2008-03-05 at 18:22 +0100, Mister Olli wrote:> Hi... > > I wanna use samba 3.0.28 (on FreeBSD 7.0) machine just to serve some > shares with different content. > > We have several users, and access to a share should be managed by the > unix group a user is in. so if the user is a member of the group > 'business' he has access to a share called business. Every users has his > primary group set to 'users'. I implemented that for several groups: > - software > - internal > - business > - acquise > > everything works fine, except for the 'business' share. when a user > opens a word/powerpoint file, the file is opened as 'read-only' and you > can't save it under another name. This issue is only seen under > WindowsXP, and I wasn't able to reproduce it within VMware, so it have > to rely on the client maschine & users that actually have the problem. > > My config (testparm -v) is attached to this mail... > > > any suggestions how to fix that? my clients are currently pissed ;-)) > > regards, > olli