[Samba] Multiple problems: installing SWAT, no longer access to a restored (after deletion) share, ACL inheritance - Samba

This is a discussion on [Samba] Multiple problems: installing SWAT, no longer access to a restored (after deletion) share, ACL inheritance - Samba ; I'm a job trainee, very new to Linux and Samba and was asked to set up a server based on OpenSUSE and Samba. The idea is not to make a production server but to investigate how and how well this ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: [Samba] Multiple problems: installing SWAT, no longer access to a restored (after deletion) share, ACL inheritance

  1. [Samba] Multiple problems: installing SWAT, no longer access to a restored (after deletion) share, ACL inheritance

    I'm a job trainee, very new to Linux and Samba and was asked to set up a server based on OpenSUSE and Samba. The idea is not to make a production server but to investigate how and how well this works (the company is Windows exclusive at the moment)

    I got as far as properly installing Linux and Samba 3 with the help of the guides on the OpenSUSE website. But there are a few things that still pose a problem. They're most likely due to my lack of knowledge and mistakes I made. But I would appreciate any pointers and help on the matter you can give me.

    1. My understanding of ACL inheritance is that if this is 'on' for a share, any folder or file made under this share directory by the user would 'inherit' the ACL settings from the share folder. Yet this does not work at all, instead the create masks are applied. Did I interprete the meaning of the function wrongly, or is something else broken?

    2. The Samba guide on OpenSUSE (at computerlanguages.org) says that to install SWAT, I need to enable among others smbfs and nfs in the System Services in YaST. When I try this I get the error '6: not configured'. Unfortunately the guide did not anticipate this. SWAT seems to work fine anyway. Is this the normal response? Both are listed as running: 'Yes*' in the basic view, but 'no' in the advanced view so I'm guessing they're not running at all. Can this cause problems, and how do I configure these so they will run?

    3. In SWAT I accidentally deleted a share. No problem I thought, I'll just recreate it. I used the exact same settings (as described in the aforementioned guide) and recreated the share. It shows up on Windows clients but when I try to access it, I get the message I don't have access rights. I double checked the password and username, but they're OK. I checked the user still exists and is present in the Samba password file, also OK. Even root can't access this share. What has happened here? Is this a know behaviour when deleting and recreating the same share?

    4. In another guide on the net I read that you can use SWAT on any PC in the network, taking care as traffic isn't encrypted. I tried from one of my Windows clients but all I get is a blank page. Do you need to especially activate this possibility somewhere? I checked the etc/services file as some guides say you have to enter swat 901/tcp there. This entry is listed but marked 'conflict' as there's already an entry for this port: smpnameres 901/tcp (and udp). Is this perhaps the cause? How do I go about to solve this conflict?

    Sorry to dump so many questions on you in one go, but I've tried asking in a ng for some time now and am not getting responses as problems keep piling up. Any hint or tip would be great, thanks!

    Neko


    ---------------------------------
    Jetzt Mails schnell in einem Vorschaufenster überfliegen. Dies und viel mehr bietet das neue Yahoo! Mail .
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  2. Re: [Samba] Multiple problems: installing SWAT, no longer access to a restored (after deletion) share, ACL inheritance

    Neko,

    What kind of authentication are you doing on the clients? (i.e. Active
    Directory, etc.)

    Can you sanitize and post your smb.conf configuration? This is often
    found in /etc/samba/smb.conf.

    It took me a while to get the hang of Samba and I'm still learning, so
    don't give up. The rewards are well worth it in my opinion. I can tell
    you that we have Samba on Ubuntu integrated into Active Directory using
    ACLs and it works almost 100% as you would expect a file server to
    behave. One caveat seems to be setting the archive bit when a file is
    changed. At least one program refuses to set it--Microsoft Word 2003. I
    haven't tested other versions of Word nor done exhaustive testing with
    other applications. In general, this isn't catastrophic but can cause
    headaches for backup software that utilize the archive bit flag. There
    is a workaround for that so that you can satisfy your backup software,
    but it's an ugly hack in my opinion.

    If you haven't already, I highly recommend you spend time reading the
    man pages on smb.conf and read through it entirely at least once even if
    you are simply skimming through it. I think you will find some
    interesting options in there.

    Aaron Kincer

    Any None wrote:
    > I'm a job trainee, very new to Linux and Samba and was asked to set up a server based on OpenSUSE and Samba. The idea is not to make a production server but to investigate how and how well this works (the company is Windows exclusive at the moment)
    >
    > I got as far as properly installing Linux and Samba 3 with the help of the guides on the OpenSUSE website. But there are a few things that still pose a problem. They're most likely due to my lack of knowledge and mistakes I made. But I would appreciate any pointers and help on the matter you can give me.
    >
    > 1. My understanding of ACL inheritance is that if this is 'on' for a share, any folder or file made under this share directory by the user would 'inherit' the ACL settings from the share folder. Yet this does not work at all, instead the create masks are applied. Did I interprete the meaning of the function wrongly, or is something else broken?
    >
    > 2. The Samba guide on OpenSUSE (at computerlanguages.org) says that to install SWAT, I need to enable among others smbfs and nfs in the System Services in YaST. When I try this I get the error '6: not configured'. Unfortunately the guide did not anticipate this. SWAT seems to work fine anyway. Is this the normal response? Both are listed as running: 'Yes*' in the basic view, but 'no' in the advanced view so I'm guessing they're not running at all. Can this cause problems, and how do I configure these so they will run?
    >
    > 3. In SWAT I accidentally deleted a share. No problem I thought, I'll just recreate it. I used the exact same settings (as described in the aforementioned guide) and recreated the share. It shows up on Windows clients but when I try to access it, I get the message I don't have access rights. I double checked the password and username, but they're OK. I checked the user still exists and is present in the Samba password file, also OK. Even root can't access this share. What has happened here? Is this a know behaviour when deleting and recreating the same share?
    >
    > 4. In another guide on the net I read that you can use SWAT on any PC in the network, taking care as traffic isn't encrypted. I tried from one of my Windows clients but all I get is a blank page. Do you need to especially activate this possibility somewhere? I checked the etc/services file as some guides say you have to enter swat 901/tcp there. This entry is listed but marked 'conflict' as there's already an entry for this port: smpnameres 901/tcp (and udp). Is this perhaps the cause? How do I go about to solve this conflict?
    >
    > Sorry to dump so many questions on you in one go, but I've tried asking in a ng for some time now and am not getting responses as problems keep piling up. Any hint or tip would be great, thanks!
    >
    > Neko
    >
    >
    > ---------------------------------
    > Jetzt Mails schnell in einem Vorschaufenster überfliegen. Dies und viel mehr bietet das neue Yahoo! Mail .
    >


    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  3. Re: [Samba] Multiple problems: installing SWAT, no longer access to a restored (after deletion) share, ACL inheritance

    Hello Aaron,

    >What kind of authentication are you doing on the clients? (i.e. Active
    >Directory, etc.)


    Authentication is done by Linux/Samba, and Samba is PDC. I just added a few users to the Linux box and then added them to Samba.

    >Can you sanitize and post your smb.conf configuration? This is often
    >found in /etc/samba/smb.conf.


    OK, I'll attach it at the end. Not much to sanitize, this is purely a test server.

    I think I forgot to mention: I have also a public share and another user share. These 2 still work, but the once deleted one no longer accepts any users.
    I can tell
    you that we have Samba on Ubuntu integrated into Active Directory using
    ACLs and it works almost 100% as you would expect a file server to
    behave. One caveat seems to be setting the archive bit when a file is
    Does Samba need to run in an Active Directory integrated mode to get ACLs to work?

    Here's the cleaned up smbconf:

    # Samba config file created using SWAT
    # from 127.0.0.1 (127.0.0.1)
    # Date: 2007/06/12 12:01:55

    [global]
    workgroup = LINUXNET
    realm = removed for privacy reasons
    netbios name = LINUXSERVER
    map to guest = Bad User
    printcap name = cups
    add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$
    logon path = \\%L\profiles\.msprofile
    logon drive = P:
    logon home = \\%L\%U\.9xprofile
    domain logons = Yes
    os level = 65
    preferred master = Yes
    domain master = Yes
    ldap ssl = no
    idmap uid = 10000-20000
    idmap gid = 10000-20000
    template shell = /bin/bash
    winbind refresh tickets = Yes
    cups options = raw
    include = /etc/samba/dhcp.conf

    [netlogon]
    comment = Network Logon Service
    path = /var/lib/samba/netlogon
    write list = root

    [ivy]
    comment = Ivy's Share
    path = /home/ivy/sharedfolder
    read only = No
    inherit acls = Yes

    [public]
    comment = Public Folder
    path = /home/GlobalShare
    read only = No
    inherit permissions = Yes
    inherit acls = Yes
    guest only = Yes
    guest ok = Yes
    max connections = 100
    case sensitive = No
    dos filemode = Yes

    [test]
    comment = Share test
    path = /home/test/netwerkshare
    valid users = test, john
    read only = No
    inherit acls = Yes
    max connections = 10
    case sensitive = No
    store dos attributes = Yes
    dos filetime resolution = Yes


    Aaron Kincer schrieb: Neko,

    What kind of authentication are you doing on the clients? (i.e. Active
    Directory, etc.)

    Can you sanitize and post your smb.conf configuration? This is often
    found in /etc/samba/smb.conf.

    It took me a while to get the hang of Samba and I'm still learning, so
    don't give up. The rewards are well worth it in my opinion. I can tell
    you that we have Samba on Ubuntu integrated into Active Directory using
    ACLs and it works almost 100% as you would expect a file server to
    behave. One caveat seems to be setting the archive bit when a file is
    changed. At least one program refuses to set it--Microsoft Word 2003. I
    haven't tested other versions of Word nor done exhaustive testing with
    other applications. In general, this isn't catastrophic but can cause
    headaches for backup software that utilize the archive bit flag. There
    is a workaround for that so that you can satisfy your backup software,
    but it's an ugly hack in my opinion.

    If you haven't already, I highly recommend you spend time reading the
    man pages on smb.conf and read through it entirely at least once even if
    you are simply skimming through it. I think you will find some
    interesting options in there.

    Aaron Kincer

    Any None wrote:
    > I'm a job trainee, very new to Linux and Samba and was asked to set up a server based on OpenSUSE and Samba. The idea is not to make a production server but to investigate how and how well this works (the company is Windows exclusive at the moment)
    >
    > I got as far as properly installing Linux and Samba 3 with the help of the guides on the OpenSUSE website. But there are a few things that still pose a problem. They're most likely due to my lack of knowledge and mistakes I made. But I would appreciate any pointers and help on the matter you can give me.
    >
    > 1. My understanding of ACL inheritance is that if this is 'on' for a share, any folder or file made under this share directory by the user would 'inherit' the ACL settings from the share folder. Yet this does not work at all, instead the create masks are applied. Did I interprete the meaning of the function wrongly, or is something else broken?
    >
    > 2. The Samba guide on OpenSUSE (at computerlanguages.org) says that to install SWAT, I need to enable among others smbfs and nfs in the System Services in YaST. When I try this I get the error '6: not configured'. Unfortunately the guide did not anticipate this. SWAT seems to work fine anyway. Is this the normal response? Both are listed as running: 'Yes*' in the basic view, but 'no' in the advanced view so I'm guessing they're not running at all. Can this cause problems, and how do I configure these so they will run?
    >
    > 3. In SWAT I accidentally deleted a share. No problem I thought, I'll just recreate it. I used the exact same settings (as described in the aforementioned guide) and recreated the share. It shows up on Windows clients but when I try to access it, I get the message I don't have access rights. I double checked the password and username, but they're OK. I checked the user still exists and is present in the Samba password file, also OK. Even root can't access this share. What has happened here? Is this a know behaviour when deleting and recreating the same share?
    >
    > 4. In another guide on the net I read that you can use SWAT on any PC in the network, taking care as traffic isn't encrypted. I tried from one of my Windows clients but all I get is a blank page. Do you need to especially activate this possibility somewhere? I checked the etc/services file as some guides say you have to enter swat 901/tcp there. This entry is listed but marked 'conflict' as there's already an entry for this port: smpnameres 901/tcp (and udp). Is this perhaps the cause? How do I go about to solve this conflict?
    >
    > Sorry to dump so many questions on you in one go, but I've tried asking in a ng for some time now and am not getting responses as problems keep piling up. Any hint or tip would be great, thanks!
    >
    > Neko
    >
    >
    > ---------------------------------
    > Jetzt Mails schnell in einem Vorschaufenster überfliegen. Dies und viel mehr bietet das neue Yahoo! Mail .
    >




    __________________________________________________
    Do You Yahoo!?
    Sie sind Spam leid? Yahoo! Mail verfügt über einen herausragenden Schutz gegen Massenmails.
    http://mail.yahoo.com
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

+ Reply to Thread