On 18/01/15 08:36, Dr. Harry Knitter wrote:> Rowland Penny <rowlandpenny at googlemail.com> schrieb am 17.01.2015: >> You could try answering Jeremy's question >> >> Rowland > did, however my answer was sent only as PM, sorry. > This entry is the default. However I set it explicitly. > Did not work > > HarryPlease don't send PM's, it breaks the thread, how was anybody other than Jeremy to know you sent it ?? OK, in which case, can you post your entire smb.conf Rowland
Rowland Penny <rowlandpenny at googlemail.com> schrieb am 18.01.2015:> > Please don't send PM's, it breaks the thread, how was anybody other than > Jeremy to know you sent it ??This happened, becaus I got Jeremies mail by PM, too and did not take care to send my answer to the list, too. Sorry again @ all my samba version is 3.6.6.6.-deb7 @ Marc Muehlfeld Not having a samba 4 version I tried https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_POSIX_ACLs> > OK, in which case, can you post your entire smb.conf ><smb.conf> workgroup = mydomain.lan server string = %h server interfaces = eth0 bind interfaces only = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 name resolve order = lmhosts host wins bcast add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u add group script = /usr/sbin/addgroup --force-badname %g add machine script = /usr/sbin/useradd -g machines -c "%u machine account" -d /var/lib/samba -s /bin/false %u logon drive = H: domain logons = Yes domain master = Yes wins support = no panic action = /usr/share/samba/panic-action %d admin users = @ntadmin, root os level = 64 log level = 3 smb:5 [homes] comment = Home Directories valid users = %S read only = No create mask = 0700 directory mask = 0700 browseable = No [printers] comment = All Printers path = /var/spool/samba create mask = 0700 printable = Yes print ok = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/printers [public] path = /home/ldap read only = no valid users = +users, root guest ok = no force group = users force user = harry create mask = 777 directory mask = 777 inherit permissions = yes Unix premissions are set to 2777 according to https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_POSIX_ACLs The status quo is from the view of the Windows clients: No full controll for neither owner group nor everyone in standard permissions. Only special permissions: On existing directories: owner has full control group has full control everyone has full control on existing files owner full control and delete not set group full control and delete not set everyone full control and delete not set directories created new owner has full control group has full control everyone has full control files crated new owner full control and delete not set group full control, search/execute, delete, change permissions, take ownership not set everyone same as group New created directories have unix permissions according to directory mask. New created files have 766 (create mask is 777). When connecting as othe user than owner, e.g. root/Administrator. the ownership of new directories and files is root (force user is not done). Trying to change permissions from Windows clients shows no effect. Hope this will help you to help me. Thanks. Harry -- no PMs please, I am reading the list
On 18/01/15 10:01, Dr. Harry Knitter wrote:> Rowland Penny <rowlandpenny at googlemail.com> schrieb am 18.01.2015: >> Please don't send PM's, it breaks the thread, how was anybody other than >> Jeremy to know you sent it ?? > This happened, becaus I got Jeremies mail by PM, too and did not take care to > send my answer to the list, too. Sorry again > @ all > my samba version is 3.6.6.6.-deb7 > > @ Marc Muehlfeld > Not having a samba 4 version I tried > https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_POSIX_ACLs > >> OK, in which case, can you post your entire smb.conf >> > <smb.conf> > workgroup = mydomain.lan > server string = %h server > interfaces = eth0 > bind interfaces only = Yes > passwd program = /usr/bin/passwd %u > passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* > %n\n *password\supdated\ssuccessfully* . > unix password sync = Yes > syslog = 0 > log file = /var/log/samba/log.%m > max log size = 1000 > name resolve order = lmhosts host wins bcast > add user script = /usr/sbin/adduser --quiet --disabled-password --gecos > "" %u > add group script = /usr/sbin/addgroup --force-badname %g > add machine script = /usr/sbin/useradd -g machines -c "%u machine > account" -d /var/lib/samba -s /bin/false %u > logon drive = H: > domain logons = Yes > domain master = Yes > wins support = no > panic action = /usr/share/samba/panic-action %d > admin users = @ntadmin, root > os level = 64 > log level = 3 smb:5 > [homes] > comment = Home Directories > valid users = %S > read only = No > create mask = 0700 > directory mask = 0700 > browseable = No > > [printers] > comment = All Printers > path = /var/spool/samba > create mask = 0700 > printable = Yes > print ok = Yes > browseable = No > > [print$] > comment = Printer Drivers > path = /var/lib/samba/printers > > [public] > path = /home/ldap > read only = no > valid users = +users, root > guest ok = no > force group = users > force user = harry > create mask = 777 > directory mask = 777 > inherit permissions = yes > > Unix premissions are set to 2777 according to > https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_POSIX_ACLs > > The status quo is from the view of the Windows clients: > > No full controll for neither owner group nor everyone in standard permissions. > > Only special permissions: > > On existing directories: > owner has full control > group has full control > everyone has full control > > on existing files > owner full control and delete not set > group full control and delete not set > everyone full control and delete not set > > directories created new > owner has full control > group has full control > everyone has full control > > files crated new > owner full control and delete not set > group full control, search/execute, delete, change permissions, take ownership > not set > everyone same as group > > New created directories have unix permissions according to directory mask. > New created files have 766 (create mask is 777). > > When connecting as othe user than owner, e.g. root/Administrator. > the ownership of new directories and files is root (force user is not done). > > Trying to change permissions from Windows clients shows no effect. > > Hope this will help you to help me. Thanks. > > Harry > > -- > no PMs please, I am reading the listLets deal with the obvious first, your workgroup name, you give it as 'mydomain.lan' , now is that the actual workgroup name ? If so, then it shouldn't have the dot '.' in it, but if it is a replacement for your domain, is your domain longer than 15 characters ? Sort this problem and see if it works, the other thing to check, have you done the registry changes ? see here: https://wiki.samba.org/index.php/Registry_changes_for_NT4-style_domains Rowland
Am 18.01.2015 um 11:01 schrieb Dr. Harry Knitter:> my samba version is 3.6.6.6.-deb7 > > @ Marc Muehlfeld > Not having a samba 4 version I tried > https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_POSIX_ACLsI saw I wrote in the introduction, about Samba 4, but we had the vfs object 'acl_xattr' before, too, if I remember right. So https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_Windows_ACLs should be possible to configure. Regards, Marc