On 16/12/14 20:47, Carl Carpenter wrote:
On 16/12/14 17:35, Carl Carpenter wrote:
Forgot to mention that the permissions are also incorrect. They are
supposed to be 775 but come out as 744.
Carl Carpenter
Director, Information Services
Hill Country MHDD Centers
(830)258-5414 or ext. 2038
On 12/11/2014 4:13 PM, Carl Carpenter wrote:
Per your request
[global]
workgroup = HCCMHMRC
realm = HILLCOUNTRY.LOCAL
server string = Samba Server Version %v
security = ADS
log file = /var/log/samba/log.%m
max log size = 50
wins server = 192.168.0.7
default service = global
template homedir = /home/HCCMHMRC
template shell = /bin/bash
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
idmap config * : range = 16777216-33554431
idmap config * : backend = tdb
cups options = raw
[Intranet]
path = /home/Intranet
valid users = @intranet
read only = No
Not sure what you mean by ACL on the folder but here's this:
drwxrwxr-x 6 apache intranet 4096 Dec 10 14:34 Intranet
Carl Carpenter
Director, Information Services
Hill Country MHDD Centers
(830)258-5414 or ext. 2038
On 12/11/2014 3:50 PM, Marc Muehlfeld wrote:
Hello Carl,
Am 11.12.2014 um 22:18 schrieb Carl Carpenter:
Trying to get Samba configured correctly. Am using Active Directory for
authentication and that seems to be working correctly. When creating a
Share, Security and Access Control list the AD users and groups. If I take
my name out of the AD group, can't access the share. Put my name in the
group and I can access it. However, when I write a file to the folder,
while it shows my username, it shows domain users as the group instead of
the group name. I had this working on Centos 6.6 and am using the same
instructions this time. I'm sure I'm missing a setting somewhere but
don't
know what. Haven't been able to find anything on the web that addresses
it. Any assistance will be appreciated.
Can you please show us your smb.conf [global] and the share config? And
also please the ACLs on this folder.
Regards,
Marc
Hi, Are you using sssd as well ? otherwise there doesn't seem to be
anything to get the user & group ID numbers.
Also, to get the ACL's run this command:
getfacl /home/Intranet
Rowland
================================================No, I'm not using sssd. I
used authconfig to set up the initial
authentication configuration. Followed exactly the same steps I used for
Centos 6/Samba 3.x and it worked perfectly.
getfacl /home/Intranet
getfacl: Removing leading '/' from absolute path names
# file: home/Intranet
# owner: apache
# group: intranet
user::rwx
group::rwx
other::r-x
I think that you may be using sssd, but anyway, does 'getent <a domain
user>' show anything.
Rowland
============================================# getent apacheldap
Unknown database: apacheldap
Try `getent --help' or `getent --usage' for more information.
--
Carl Carpenter
Director, Information Services
Hill Country MHDD Centers
(830)258-5414 or ext. 2038
On 16/12/14 21:18, Carl Carpenter wrote:> On 16/12/14 20:47, Carl Carpenter wrote: > > On 16/12/14 17:35, Carl Carpenter wrote: > > Forgot to mention that the permissions are also incorrect. They are > supposed to be 775 but come out as 744. > > Carl Carpenter > Director, Information Services > Hill Country MHDD Centers > (830)258-5414 or ext. 2038 > > > On 12/11/2014 4:13 PM, Carl Carpenter wrote: > > Per your request > > [global] > workgroup = HCCMHMRC > realm = HILLCOUNTRY.LOCAL > server string = Samba Server Version %v > security = ADS > log file = /var/log/samba/log.%m > max log size = 50 > wins server = 192.168.0.7 > default service = global > template homedir = /home/HCCMHMRC > template shell = /bin/bash > winbind enum users = Yes > winbind enum groups = Yes > winbind use default domain = Yes > idmap config * : range = 16777216-33554431 > idmap config * : backend = tdb > cups options = raw > > [Intranet] > path = /home/Intranet > valid users = @intranet > read only = No > > Not sure what you mean by ACL on the folder but here's this: > > drwxrwxr-x 6 apache intranet 4096 Dec 10 14:34 Intranet > > Carl Carpenter > Director, Information Services > Hill Country MHDD Centers > (830)258-5414 or ext. 2038 > > > On 12/11/2014 3:50 PM, Marc Muehlfeld wrote: > > Hello Carl, > > Am 11.12.2014 um 22:18 schrieb Carl Carpenter: > > Trying to get Samba configured correctly. Am using Active Directory for > authentication and that seems to be working correctly. When creating a > Share, Security and Access Control list the AD users and groups. If I take > my name out of the AD group, can't access the share. Put my name in the > group and I can access it. However, when I write a file to the folder, > while it shows my username, it shows domain users as the group instead of > the group name. I had this working on Centos 6.6 and am using the same > instructions this time. I'm sure I'm missing a setting somewhere but don't > know what. Haven't been able to find anything on the web that addresses > it. Any assistance will be appreciated. > > Can you please show us your smb.conf [global] and the share config? And > also please the ACLs on this folder. > > > Regards, > Marc > > > > Hi, Are you using sssd as well ? otherwise there doesn't seem to be > anything to get the user & group ID numbers. > > Also, to get the ACL's run this command: > > getfacl /home/Intranet > > Rowland > > ================================================> No, I'm not using sssd. I used authconfig to set up the initial > authentication configuration. Followed exactly the same steps I used for > Centos 6/Samba 3.x and it worked perfectly. > > getfacl /home/Intranet > getfacl: Removing leading '/' from absolute path names > # file: home/Intranet > # owner: apache > # group: intranet > user::rwx > group::rwx > other::r-x > > > > I think that you may be using sssd, but anyway, does 'getent <a domain > user>' show anything. > > Rowland > > ============================================> # getent apacheldap > Unknown database: apacheldap > Try `getent --help' or `getent --usage' for more information. > > >oops :-[ 'getent passwd <a domain user>' Rowland
On Tue, Dec 16, 2014 at 3:18 PM, Carl Carpenter <ccarpenter at hillcountry.org> wrote:> > On 16/12/14 20:47, Carl Carpenter wrote: > > On 16/12/14 17:35, Carl Carpenter wrote: > > Forgot to mention that the permissions are also incorrect. They are > supposed to be 775 but come out as 744. > > Carl Carpenter > Director, Information Services > Hill Country MHDD Centers > (830)258-5414 or ext. 2038 > > > On 12/11/2014 4:13 PM, Carl Carpenter wrote: > > Per your request > > [global] > workgroup = HCCMHMRC > realm = HILLCOUNTRY.LOCAL > server string = Samba Server Version %v > security = ADS > log file = /var/log/samba/log.%m > max log size = 50 > wins server = 192.168.0.7 > default service = global > template homedir = /home/HCCMHMRC > template shell = /bin/bash > winbind enum users = Yes > winbind enum groups = Yes > winbind use default domain = Yes > idmap config * : range = 16777216-33554431 > idmap config * : backend = tdb > cups options = raw > > [Intranet] > path = /home/Intranet > valid users = @intranet > read only = No > > Not sure what you mean by ACL on the folder but here's this: > > drwxrwxr-x 6 apache intranet 4096 Dec 10 14:34 Intranet > > Carl Carpenter > Director, Information Services > Hill Country MHDD Centers > (830)258-5414 or ext. 2038 > > > On 12/11/2014 3:50 PM, Marc Muehlfeld wrote: > > Hello Carl, > > Am 11.12.2014 um 22:18 schrieb Carl Carpenter: > > Trying to get Samba configured correctly. Am using Active Directory for > authentication and that seems to be working correctly. When creating a > Share, Security and Access Control list the AD users and groups. If I > take > my name out of the AD group, can't access the share. Put my name in the > group and I can access it. However, when I write a file to the folder, > while it shows my username, it shows domain users as the group instead of > the group name. I had this working on Centos 6.6 and am using the same > instructions this time. I'm sure I'm missing a setting somewhere but > don't > know what. Haven't been able to find anything on the web that addresses > it. Any assistance will be appreciated. > > Can you please show us your smb.conf [global] and the share config? And > also please the ACLs on this folder. > > > Regards, > Marc > > > > Hi, Are you using sssd as well ? otherwise there doesn't seem to be > anything to get the user & group ID numbers. > > Also, to get the ACL's run this command: > > getfacl /home/Intranet > > Rowland > > ================================================> No, I'm not using sssd. I used authconfig to set up the initial > authentication configuration. Followed exactly the same steps I used for > Centos 6/Samba 3.x and it worked perfectly. > > getfacl /home/Intranet > getfacl: Removing leading '/' from absolute path names > # file: home/Intranet > # owner: apache > # group: intranet > user::rwx > group::rwx > other::r-x > > > > I think that you may be using sssd, but anyway, does 'getent <a domain > user>' show anything. > > Rowland > > ============================================> # getent apacheldap > Unknown database: apacheldap > Try `getent --help' or `getent --usage' for more information. > > oops > > 'getent passwd <a domain user>' > > Rowland > >getent passwd apacheldap apacheldap:*:16777671:16777216:Apacheldap:/home/HCCMHMRC:/bin/bash -- Carl Carpenter Director, Information Services Hill Country MHDD Centers (830)258-5414 or ext. 2038
On 16/12/14 22:31, Carl Carpenter wrote:> On Tue, Dec 16, 2014 at 3:18 PM, Carl Carpenter <ccarpenter at hillcountry.org> > wrote: >> On 16/12/14 20:47, Carl Carpenter wrote: >> >> On 16/12/14 17:35, Carl Carpenter wrote: >> >> Forgot to mention that the permissions are also incorrect. They are >> supposed to be 775 but come out as 744. >> >> Carl Carpenter >> Director, Information Services >> Hill Country MHDD Centers >> (830)258-5414 or ext. 2038 >> >> >> On 12/11/2014 4:13 PM, Carl Carpenter wrote: >> >> Per your request >> >> [global] >> workgroup = HCCMHMRC >> realm = HILLCOUNTRY.LOCAL >> server string = Samba Server Version %v >> security = ADS >> log file = /var/log/samba/log.%m >> max log size = 50 >> wins server = 192.168.0.7 >> default service = global >> template homedir = /home/HCCMHMRC >> template shell = /bin/bash >> winbind enum users = Yes >> winbind enum groups = Yes >> winbind use default domain = Yes >> idmap config * : range = 16777216-33554431 >> idmap config * : backend = tdb >> cups options = raw >> >> [Intranet] >> path = /home/Intranet >> valid users = @intranet >> read only = No >> >> Not sure what you mean by ACL on the folder but here's this: >> >> drwxrwxr-x 6 apache intranet 4096 Dec 10 14:34 Intranet >> >> Carl Carpenter >> Director, Information Services >> Hill Country MHDD Centers >> (830)258-5414 or ext. 2038 >> >> >> On 12/11/2014 3:50 PM, Marc Muehlfeld wrote: >> >> Hello Carl, >> >> Am 11.12.2014 um 22:18 schrieb Carl Carpenter: >> >> Trying to get Samba configured correctly. Am using Active Directory for >> authentication and that seems to be working correctly. When creating a >> Share, Security and Access Control list the AD users and groups. If I >> take >> my name out of the AD group, can't access the share. Put my name in the >> group and I can access it. However, when I write a file to the folder, >> while it shows my username, it shows domain users as the group instead of >> the group name. I had this working on Centos 6.6 and am using the same >> instructions this time. I'm sure I'm missing a setting somewhere but >> don't >> know what. Haven't been able to find anything on the web that addresses >> it. Any assistance will be appreciated. >> >> Can you please show us your smb.conf [global] and the share config? And >> also please the ACLs on this folder. >> >> >> Regards, >> Marc >> >> >> >> Hi, Are you using sssd as well ? otherwise there doesn't seem to be >> anything to get the user & group ID numbers. >> >> Also, to get the ACL's run this command: >> >> getfacl /home/Intranet >> >> Rowland >> >> ================================================>> No, I'm not using sssd. I used authconfig to set up the initial >> authentication configuration. Followed exactly the same steps I used for >> Centos 6/Samba 3.x and it worked perfectly. >> >> getfacl /home/Intranet >> getfacl: Removing leading '/' from absolute path names >> # file: home/Intranet >> # owner: apache >> # group: intranet >> user::rwx >> group::rwx >> other::r-x >> >> >> >> I think that you may be using sssd, but anyway, does 'getent <a domain >> user>' show anything. >> >> Rowland >> >> ============================================>> # getent apacheldap >> Unknown database: apacheldap >> Try `getent --help' or `getent --usage' for more information. >> >> oops >> >> 'getent passwd <a domain user>' >> >> Rowland >> >> > getent passwd apacheldap > apacheldap:*:16777671:16777216:Apacheldap:/home/HCCMHMRC:/bin/bashOK, I am willing to bet, if you open /etc/nsswitch.conf in your favourite editor, you will find these two lines: passwd: files sss group: files sss I am also fairly sure that '16777216' is the ID number for 'Domain Users' To connect to the share, the user would have to be a member of the 'intranet' group, but once connected, anything that the users saves will be saved as <user>:<primarygroup>. I would suggest that you go and have a look here: https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_Windows_ACLs Use windows permissions on the share instead of Linux acl's. Rowland
On Tue, Dec 16, 2014 at 4:31 PM, Carl Carpenter <ccarpenter at hillcountry.org> wrote:> > > > On Tue, Dec 16, 2014 at 3:18 PM, Carl Carpenter < > ccarpenter at hillcountry.org> wrote: > >> On 16/12/14 20:47, Carl Carpenter wrote: >> >> On 16/12/14 17:35, Carl Carpenter wrote: >> >> Forgot to mention that the permissions are also incorrect. They are >> supposed to be 775 but come out as 744. >> >> Carl Carpenter >> Director, Information Services >> Hill Country MHDD Centers >> (830)258-5414 or ext. 2038 >> >> >> On 12/11/2014 4:13 PM, Carl Carpenter wrote: >> >> Per your request >> >> [global] >> workgroup = HCCMHMRC >> realm = HILLCOUNTRY.LOCAL >> server string = Samba Server Version %v >> security = ADS >> log file = /var/log/samba/log.%m >> max log size = 50 >> wins server = 192.168.0.7 >> default service = global >> template homedir = /home/HCCMHMRC >> template shell = /bin/bash >> winbind enum users = Yes >> winbind enum groups = Yes >> winbind use default domain = Yes >> idmap config * : range = 16777216-33554431 >> idmap config * : backend = tdb >> cups options = raw >> >> [Intranet] >> path = /home/Intranet >> valid users = @intranet >> read only = No >> >> Not sure what you mean by ACL on the folder but here's this: >> >> drwxrwxr-x 6 apache intranet 4096 Dec 10 14:34 Intranet >> >> Carl Carpenter >> Director, Information Services >> Hill Country MHDD Centers >> (830)258-5414 or ext. 2038 >> >> >> On 12/11/2014 3:50 PM, Marc Muehlfeld wrote: >> >> Hello Carl, >> >> Am 11.12.2014 um 22:18 schrieb Carl Carpenter: >> >> Trying to get Samba configured correctly. Am using Active Directory for >> authentication and that seems to be working correctly. When creating a >> Share, Security and Access Control list the AD users and groups. If I >> take >> my name out of the AD group, can't access the share. Put my name in the >> group and I can access it. However, when I write a file to the folder, >> while it shows my username, it shows domain users as the group instead of >> the group name. I had this working on Centos 6.6 and am using the same >> instructions this time. I'm sure I'm missing a setting somewhere but >> don't >> know what. Haven't been able to find anything on the web that addresses >> it. Any assistance will be appreciated. >> >> Can you please show us your smb.conf [global] and the share config? And >> also please the ACLs on this folder. >> >> >> Regards, >> Marc >> >> >> >> Hi, Are you using sssd as well ? otherwise there doesn't seem to be >> anything to get the user & group ID numbers. >> >> Also, to get the ACL's run this command: >> >> getfacl /home/Intranet >> >> Rowland >> >> ================================================>> No, I'm not using sssd. I used authconfig to set up the initial >> authentication configuration. Followed exactly the same steps I used for >> Centos 6/Samba 3.x and it worked perfectly. >> >> getfacl /home/Intranet >> getfacl: Removing leading '/' from absolute path names >> # file: home/Intranet >> # owner: apache >> # group: intranet >> user::rwx >> group::rwx >> other::r-x >> >> >> >> I think that you may be using sssd, but anyway, does 'getent <a domain >> user>' show anything. >> >> Rowland >> >> ============================================>> # getent apacheldap >> Unknown database: apacheldap >> Try `getent --help' or `getent --usage' for more information. >> >> oops >> >> 'getent passwd <a domain user>' >> >> Rowland >> >> > getent passwd apacheldap > apacheldap:*:16777671:16777216:Apacheldap:/home/HCCMHMRC:/bin/bash > -- > > OK, I am willing to bet, if you open /etc/nsswitch.conf in your > favourite editor, you will find these two lines: > > passwd: files sss > group: files sss > > I am also fairly sure that '16777216' is the ID number for 'Domain Users' > > To connect to the share, the user would have to be a member of the > 'intranet' group, but once connected, anything that the users saves will > be saved as <user>:<primarygroup>. > > I would suggest that you go and have a look here: https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_Windows_ACLs > > Use windows permissions on the share instead of Linux acl's. > > Rowland > > You are partially correct. Actually, nsswitch haspasswd: files sss winbind group: files sss winbind I will check out the referenced article. Thanks. -- Carl Carpenter Director, Information Services Hill Country MHDD Centers (830)258-5414 or ext. 2038