SAMBA

Nobody's Hero · ‎08-25-2003

Hi All,
I am running SAMBA on a Redhat9 system using Samba ver 2.2.7a. Everything is working properly. I configured it through SWAT and my linux system talks to Win2k just fine. Here is my problem. The NT side of the house wants to administer the shares from the NT end, not SWAT on the linux box. When I go to Control Panel,Admin Tools,Computer Management and connect to another computer(Linux SAMBA) I can see the shares. If I try to modify the permissions I get an access denied. Can someone clue me in on what to try to fix this.
Attached is my config file.

UNIX IS GOOD

Steven E. Protter · ‎08-25-2003

Greetings Robert,

swat is nice, but working the configuration files yourself is better.

On the Linux Box:

modify the smb.conf file resetart samba

service samba restart

On the NT box: Make your changes, and reboot the box after the change. Getting NT changes to take and be properly available to non-windows client is an annoying design flaw in Windows itself.

I think swat looks nice but stopped using it for day to day changes months ago.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Paulo A G Fessel · ‎08-25-2003

I haven't worked much with Samba lately, but my old knowledge says that in order to do what you want, you must join your Samba server to the Windows domain. See

http://de.samba.org/samba/docs/man/Samba-HOWTO-Collection.html#AEN401

for more details. As I've seen from your configuration file, you had done this ok - at least on Samba configuration file (have you issued the "smbpasswd -j" command?).

Also, as this links points out, there's the way of using WinBind for you don't have to create UNIX/Linux and NT accounts back and forth:

http://de.samba.org/samba/docs/man/winbind.html

HTH,
Paulo Fessel

L'employÃ© propose, le boss dispose.

Nobody's Hero · ‎08-25-2003

Steven, Thanks,

Not sure about your answer. I am confused. I understand about configuring a share through swat or config file. What I am trying to do is administer the shares from the NT side. Am I confusing you?

UNIX IS GOOD

Steven E. Protter · ‎08-25-2003

It is quite easy to confuse me today.

First day in the office in two weeks.

In order to administer the shares from the NT side the following needs to be set up:

A user created on the Linux side with rights and a password to administer all the shared folders. It should not be root. It should not be the samba user in /etc/passwd

Next for full access, the command smbpasswd -a needs to be executed on the Linux server.

Then the NT user browses onto the shares, and at first attempt should be prompted for a user name and password.

Do I sound less confused this time?

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Nobody's Hero · ‎08-25-2003

Thanks Steven,
Yes I am just back from vac also, a little foggy. I'll try your suggestion, and re-post tomorrow. I'll assign points then too. I am a little tired right now, I think I'll go home.

UNIX IS GOOD

Nobody's Hero · ‎08-25-2003

Yes Steven, I tried your suggestion. Still no luck. Thanks anyway. Any suggestion appreciated.

UNIX IS GOOD

Steven E. Protter · ‎08-25-2003

I am not defeated.....

on the Linux box.

cd /share

chown admin:adgrp *

chown admin:adgrp /share

admin is the user created in the prior step to administer the shares. The adgroup is the same thing.

Now access should not be denied.

The users accessing and modifying this data should be in a common group.

I know you're probably home, but give it a shot and let me know what happens. I get home late today, but will try and play with a Red Hat 9 box when I get there.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Nobody's Hero · ‎08-26-2003

Steven,
I really appreciate your help on this. We don't have a contract for RH9 support yet and people are beating me up on this. I created an "admin" user and a "adgrp" group. I changed permissions on the share to amin:adgrp. Still no luck. Do I need to run a "smbpasswd -t 'domain-name' to add Samba to the NT domain?
Any help is appreciated, greatly.

RPM

UNIX IS GOOD

Paulo A G Fessel · ‎08-26-2003

I'm positive now: to accomplish this you'll need to join your machine to your NT Domain. You'll have to:

* create a machine account on your PDC. In Windows 2000, you'll have to go to your AD server, create a "New Computer" object. You'll have to check the box "Allow pre-Windows 2000 computers to use this account". Make sure the user that can join the computer to the domain is correct.

* join the Samba server to the domain by using smbpasswd -r PDC_NAME -j DOMAIN_NAME, where PDC_NAME is the name of the AD server; DOMAIN_NAME should be self-explicative. ;-)

Also, make sure that your Samba configuration has these lines:

encrypt passwords = Yes
security = domain
workgroup = "name of NT domain"
password server = *

As per Samba documentation, when you use "password server = *" smbd will find a password server for you.

HTH
Paulo Fessel

L'employÃ© propose, le boss dispose.

Nobody's Hero · ‎08-26-2003

OK I am part of the domain now. This worked fine. Thanks. However, I still get access denied when trying to change permission on a share from the NT side.

UNIX IS GOOD

Paulo A G Fessel · ‎08-26-2003

Try to increase the log level of samba with

smbcontrol -d 4 smbd debug

and take a look to see if you find something disturbing when you're trying to change share permissions. Post the results in the forum if you can.

[]'s
Paulo Fessel

Paulo A G Fessel · ‎08-26-2003

Alas, it's "smbcontrol smb debug 4".

"smbcontrol -d" will only affect the debug level of smbcontrol itself.

HTH
Paulo Fessel

Steven E. Protter · ‎08-26-2003

The files are owned by the admin user on the Linux and the group.

Now, whats the permissions on them.

cd /directory # I forget the name.

ll

The owner of the files should be displayed, and for the admin user to make changes to the files, there needs to be write permissions.

You probably need to make sure the owner has w write rights.

Same as the directory.

ll /directory

The owner should be the user you created and after the d the first three characters should include a w.

example.

ll /directory
drwx------

Those last six dashes aren't important because the owner is administering them. To administer this share, you are going to need w(write) permissions to at least the owner.

As far as the overall goal, NT connected as the admin user should be able to make changes, but to actually connect to it and change the share characteristics, I'm not so sure that level of compatability is there. I fuzzily remember an instructor at HP World 2002 saying this was possible.

Perhaps one of the options in your smb.conf file.

Very good call and getting integrated into the domain.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Paulo A G Fessel · ‎08-28-2003

Hello, Robert. Did the logs show something?

Let us know.

[]'s
Paulo Fessel

Nobody's Hero · ‎08-29-2003

OK, The logs show nothing that will help me. I turned debug up, still no help. I did learn something. If I go through the NT side,(computer management), select a share. I can change 'share permissions' successfully, if I add a group to the share. If I add individual users, the permissions look like they take, but they dont. Not a problem, I just created user groups on the NT side and now I can add and manipulate the 'share permissions'. Now I still can't change 'security permissins'. I use computer management, select a share, select the security tab, try to change permissions and I get 'access denied' still. Sooo, I can change 'share permissions' from the NT side, but still can not change 'security permissions' from the NT side. I am stumped. I am leaning toward looking into acl's, but I really dont have a clue. Any help is appreciated. I really need to get this to work.

10x
RPM

UNIX IS GOOD

Paulo A G Fessel · ‎08-29-2003

Perhaps this is the piece that is missing.

For each share you want to manage from windows, add the line "admin users = admin".

From the smbd.conf man page:

"admin users (S)

"This is a list of users who will be granted administrative privileges on the share. This means that they will do all file operations as the super-user (root).

"You should use this option very carefully, as any user in this list will be able to do anything they like on the share, irrespective of file permissions.

"Default: no admin users

"Example: admin users = jason"

See also the directive "username map".

HTH
Paulo Fessel

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

SAMBA

SAMBA

Re: SAMBA

Re: SAMBA

Re: SAMBA

Re: SAMBA

Re: SAMBA

Re: SAMBA

Re: SAMBA

Re: SAMBA

Re: SAMBA

Re: SAMBA

Re: SAMBA

Re: SAMBA

Re: SAMBA

Re: SAMBA

Re: SAMBA

Re: SAMBA