search for: inostor

...s are not an issue. ACLs can quickly become out of control and difficult to manage/backup. If you do have a definite requirements for ACLs then I would consider restricting their use to only those shares which require them. HTH Noel -----Original Message----- From: Tom Dickson [mailto:tdickson@inostor.com] Sent: Friday, April 25, 2003 9:46 PM To: samba mailing list Subject: RE: [Samba] ACLs and Windows 2000 look alike (inheritance of permissions) Now I'm confused. What exactly does the inherit ACLs parameter do? From simple tests, it seems to work the same with or with out it. Is there som...

...: SHA1 Is there a tentative release date for 3.0.1 yet? I'd like to go live with an official release as opposed to hand patching all the little fixes I've seen on the mailing list (i.e., sorry about that; here's a patch, will be in 3.0.1). Thank you for all your work! - -Tom Dickson InoStor, Inc. http://www.inostor.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-nr2 (Windows 2000) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/hYgO2dxAfYNwANIRAoU6AJ42+yCinDbicCYNYJMHVscKpzj0hQCeMQ0y XpTkme6CCzxaUKPrWWqDdKY= =lLx8 -----END PGP SIGNATURE-----

I've gotten samba working with ACLs over an XFS filesystem. Everything works pretty well with knowledge of the workarounds (cannot remove group everyone, etc.) The only major problem I have is that ACLs don't inherit correctly. The default in Windows 2000 is to have a sub folder inherit the permissions of the folder it is in on creation. By default, the Samba share's folders don't

...e it prompt Password: This is to make it easier to script wbinfo for nas appliances using expect to allow passwords with characters that bash doesn't like: '!*\,% etc. This also prevents the password from being seen by ps auwx which some may consider to be a security risk. - -Tom Dickson InoStor Corporation 13000 Gregg St Poway, CA 92064-7151 www.inostor.com 858-726-1846 <TEXT OF PATCH> - --- samba-3.0.0beta3/source/nsswitch/wbinfo.c Wed Jul 16 06:24:00 2003 +++ samba-nuevo/source/nsswitch/wbinfo.c Fri Aug 29 13:50:06 2003 @@ -756,8 +756,13 @@ ~ if (password) { ~ *pa...

Running the command: wbinfo -aDOMAINNAME+Administrator%password works, in fact, all of the wbinfo commands report data as they should. However, when I try to connect to a share on the SMB server, I get the following error message in the logs: [2003/04/21 08:28:59, 0] smbd/password.c:connect_to_domain_password_server(1328) connect_to_domain_password_server: machine DWP rejected the tconX on

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sorry about that: enigmail got over excited! - -------- Original Message -------- Subject: Re: [Samba] Macro expansion in valid users = line? Date: Thu, 04 Sep 2003 13:15:42 -0700 From: Tom Dickson <tdickson@inostor.com> To: Gerald (Jerry) Carter <jerry@samba.org> CC: samba mailing list <samba@lists.samba.org> References: <Pine.LNX.4.44.0309041512170.4688-100000@onterose> Bug 397 https://bugzilla.samba.org/show_bug.cgi?id=397 We're using write list instead; that works. I've got...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What is the standard procedure for making edits of smb.conf take hold? For example, what I'm seeing is a share that has given R/W access to a user named Tom, when I change Tom to read only, he is still able to write to that share until I stop Samba and restart it. The documentation seems to refer to a 1 minute reread of smb.conf, but I don't

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Would it not be possible to make the archive bit map to a Posix extended ACL instead of to the execute bit? - -Tom -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBWDuj2dxAfYNwANIRAvmnAJ4r1Q/2X7YyPKgGWbnnB3pv6WKDjwCgn+Vd 8USnnc35+uAa2GxUmejlDBc= =Bu48 -----END PGP

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ~ /usr/bin/net ads join -Udennisb dennisb password: [2004/11/02 17:31:56, 0] libads/ldap.c:ads_add_machine_acct(1006) ~ Host account for if-srv-hos1 already exists - modifying old account [2004/11/02 17:31:56, 0] libads/ldap.c:ads_join_realm(1342) ~ ads_add_machine_acct: No such object ads_join_realm: No such object Also: net user | wc -l reports

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Perhaps using a MS-DFS share would be more useful in this case? This would allow three real shares: \\server\accounting \\server\personal \\server\public which would appear as \\server\users\accounting \\server\users\personal \\server\users\public. See http://samba.org/~jht/HOWTO/Samba-HOWTO-Collection.pdf for more information on MS-DFS - -Tom

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 After upgrading from 3.0.2 to 3.0.3 in a Windows 2000 Native Domain environment, 9x clients can't connect and wbinfo -t doesn't work: bash-2.05a# wbinfo -t checking the trust secret via RPC calls failed error code was NT_STATUS_PIPE_NOT_AVAILABLE (0xc00000ac) Could not check secret Downgrading to 3.0.2 fixes this. I can get log files, but

According to Peter Freeman: >Samba 2.2.5 had a couple of interesting issues, particularly with Win2k >clients, try upgrading to the latest (2.2.8a) before doing attributing >any blame to Samba. I'd like to know the interesting issues. We haven't upgraded from 2.2.5 to 2.2.8a because we see a performance drop, instead; we back port the bug fixes - open source is great! We plan

I'm running Samba 2.2.5 on Redhat 7.3. The issue I'm seeing (besides Domain Local Groups not being seen by winbind) is that winbind is not getting new users from the Domain Controller (windows 2000 native mode). For example: wbinfo --sequence (gives 43) Add user on the DC (user is bob, so NATIVEDOMAIN+bob should now appear in getent passwd) getent passwd doesn't show bob,

I've read in previous messages that Samba 3.0 is supposed to work out of the box with Win2k3. Is that still planned, or will registry hacks have to be used? Also, will Samba 3.0 be able to use a win 2003 server as a Active Directory server? (I.E., join the domain?) Thank you, Tom

More questions! :) By setting create mask = 0700 directory mask = 0700 directory security mask = 0700 I get a sort-of-work around to the issue, but then I can't add the Everyone group back in! The Everyone group will turn into CREATOR OWNER the moment I hit "Apply." This creates the following output from getfacls: # file: tdickson # owner: tdickson # group: root user::rwx

I've got samba-3.0.0-beta3-rc1 running, and am trying to connect to a Windows 2000 domain using security = ADS After following the instructions in the Samba-HOWTO-Collection, I've got kinit working, and am able to browse the Windows 2000 machines shares with smbclient //win2kmixed/c\$ -k without a password. However, if I try to connect to the machine, either through network neighborhood

With Samba 3.0 in PDC mode, I see no groups in the "Add..." windows under windows 2000 security dialog. The users are present, but no groups are listed. Samba 2.2.8 would display Unix groups (in fact it would display them all.) I can't find any information as to whether or not the smbgroups is what I need to use. Am I missing something simple? My smb.conf: [global]

By logging into a smbd server with the username "HAENGINEERS\KMR", we are able to cause a smbd panic every time. Other usernames ("HAENGINEERS\_TestME") work. The stack trace is below, full logs and smb.conf are available on request (don't want to saturate the list.) I can't post to bugzilla as I can't register a new account as my incoming mail is crippled by

Hello, Is it possible to put %U or %S in the valid users line? I'm trying: valid users = %D+%U for a certain homedir setup (automagically creates if non-existent), but the level 10 logs show that it always tries: checking |MIXEDDOMAIN+dl| against |%D+%U|, and does not expand the macro. This is with Samba-3.0.0rc2 (happens with beta3 also.) Same thing happens with %U or %S. It worked in

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Is there anything special that has to be done to migrate this config? Right now we're using Samba 3.0 with the old NT4 authentication through winbind, the same method that samba 2.2.8 used. If we want to recompile samba and upgrade to the new ADS support, will winbind correctly continue to use the same Windows Username to Linux UID mapping so