gmane.network.samba.general

Splitting up directories with Samba variables

Heather Choi — 2012-05-26T03:16:47

In my smb.conf file, I currently I have a user share definition as:


[userdir]
     path = /samba/%U
     writeable = yes

The problem is, the user pool is in the tens of thousands, so it is not 
practical to have that many directories within /samba.
I'd like to somehow dynamically configure the path with subdirectories, 
using the first, and second letter of the username as the first and 
second nested subdirectory.
So the share path for username  "JOHN" would point dynamically to  
/samba/J/O/JOHN.

Does anyone know how to accomplish this using the user session variable 
%U?  Is there any concept of using a sub-string for a Samba variable?

GPFS on Linux exported via Samba to Windows Clients,locking issue

Leonard Degollado — 2012-05-24T17:52:26

I have a 3-node GPFS on Linux Cluster (3.4.0-12) with Samba 3.6.5
The problem  is with file locking across the Cluster.
Windows Client-1 maps the GPFS directory-1 from GPFS node-1 and initiates a
Write of File-1
Windows Client-2 maps the GPFS directory-1 from GPFS node-2 and should only
have READ access but not Modify/Delete/Rename access to File-1.

However, Windows Client-2 is able to Modify, Delete and Rename File-1
instead of being prevented by the locks.

If both Windows Clients (1 and 2) both map to GPFS node-1, the locking
mechanism works as designed.  Client-2 can Read but cannot
Modify/Delete/Rename File-1.
What are all the required parameters that should be specified in the
smb.conf file to enable the locking to work across the GPFS Cluster when
various Clients map to different nodes?

I have defined and tested every smb locking parameter combination without
any success.



Leonard

errors during samba 3.6.5 compile

Derek Lewis — 2012-05-25T18:24:19

Hello,

I am trying to compile Samba 3.6.5 from the official tarball, I am
following the how-to from samba.org and run into several errors like the
following example when I try to run configure from the source3 directory:
configure: failed program was:
| /* confdefs.h */

I am running Ubuntu 10.04 LTS server edition.

I have compiled a previous version and ran into a similar problem, I
suspect I am missing some libraries.

Derek

Enabling winbind idmap_hash module

Marc Rechté — 2012-05-25T12:38:12

Hello,
I am using samba 3.5 (Red Hat Linux 6) which comes with idmap_hash plugin.

I have put the following in smb.conf:
    workgroup = WORKGROUP
    password server = *
    security = domain
    idmap backend = hash
    idmap uid = 500-33554431
    idmap gid = 500-33554431
    winbind nss info = hash
    winbind normalize names = yes
    idmap_hash:name_map = /etc/samba/name_map.cfg
    template shell = /bin/bash
    winbind use default domain = false
    winbind offline logon = no
    winbind enum users = true
    winbind enum groups = true
    log level = winbind:3

An abstract of /etc/samba/name_map.cfg is:
ntadmins=WORKGROUP\Domain Admins


I restarted winbind.

The problem is that the following command gives:
# getent group "WORKGROUP\Domain Admins"
WORKGROUP\domain_admins:*:16777224:

Instead of something like:
ntadmins:x:503:

The same problem with getent passwd.

I noticed that whatever value I put  for idmap backend (event a xrong 
value), it does not change anything nor produces any error message in log.

Any idea?
Thanks a lot

Problem joining to a Samba PDC (Probably caused by "unixcharset")

Ralf Aumueller — 2012-05-25T10:56:50

Hello,

trying to join a Windows 7 64-Bit PC to a Samba PDC (3.6.5) fails with message
"Domain not found or no connection possible". After some testing I found that
the problem was caused by the Samba-parameter "unix charset = ISO8859-1".
When I start the nmbd with same config-file just without the "unix charset" the
PC can join the domain (smbd runs with org. config-file. Samba runs on CentOS6
(en_US.UTF-8)).

Is this the expected behavior?

(At the moment I need ISO8859-1 because the files were saved with this charset).

Best regards,

Ralf

3.2.15 sys_get_vfs_quota -- failed for mntpath[ a device ] bdev [ a device ] qtype[4] id[513]: Invalid argument

lejeczek — 2012-05-25T07:54:25

or/and
... qtype[2] id[501]: Invalid argument

above version of samba does not seem to be able to recognize 
FS(ext4) quotas,
could you gents.ladies shed some light please? very much 
appreciated.
regards

exported LDAP DB > file > smbpasswd?

aurfalien — 2012-05-24T20:25:12

Hi all,

I am using OpenLDAP and over have ~800 users in its DB.

I would like to simply use Samba as a file server, no PDC.

I have been able to export my LDAP DB to a file containing hashes of users passwords.

Is there a way I can import this file to smbpasswd or other file that Samba understands so that my 800 some odd users won't have to re register there passwords?

I would really love to avoid having 800 annoyed users retyping there passwords for accessing shares.

I have them currently authenticating on Windows via an LDAP client (pGina).

- aurf

Lots of NT_STATUS_OBJECT_NAME_COLLISION errors, harmless?

Paul Elliott — 2012-05-24T16:16:43

Hello all,

I'm attempting to setup a small Windows network using Samba as the PDC 
(and the only server involved). Clients are running Windows 7 (x86_64) 
and the server is running Debian Squeeze with samba 3.5.6. For now I'm 
just using tdmsam as the passwd backend.

The problem I have is that I see lots of errors involving 
NT_STATUS_OBJECT_NAME_COLLISION, here's an example at login time for 
user pre500 with roaming profiles enabled:

[2012/05/24 15:36:15.038884,  3] smbd/dosmode.c:166(unix_mode)
   unix_mode(pre500.V2) returning 0700
[2012/05/24 15:36:15.038902,  2] smbd/open.c:2505(open_directory)
   open_directory: unable to create pre500.V2. Error was 
NT_STATUS_OBJECT_NAME_COLLISION
[2012/05/24 15:36:15.038925,  3] smbd/error.c:80(error_packet_set)
   error packet at smbd/error.c(153) cmd=162 (SMBntcreateX) 
NT_STATUS_OBJECT_NAME_COLLISION

And similar errors at logout for every directory within the profile:

[2012/05/24 15:36:15.975852,  3] smbd/dosmode.c:166(unix_mode)
   unix_mode(pre500.V2/AppData/Roaming/Microsoft/Windows/Start Menu) 
returning 0700
[2012/05/24 15:36:15.975870,  2] smbd/open.c:2505(open_directory)
   open_directory: unable to create 
pre500.V2/AppData/Roaming/Microsoft/Windows/Start Menu. Error was 
NT_STATUS_OBJECT_NAME_COLLISION
[2012/05/24 15:36:15.975888,  3] smbd/error.c:80(error_packet_set)
   error packet at smbd/error.c(153) cmd=162 (SMBntcreateX) 
NT_STATUS_OBJECT_NAME_COLLISION

The unix user can access, create and delete files/directories within the 
profiles directory without issue directly on the samba server itself and 
the directories quoted in the error messages already exist with the 
correct owner.

Here's my global and profile share config in case it shows any obvious 
errors:

[global]
     security = user
     workgroup = YNIC
     netbios name = SAMBA
     os level = 99
     preferred master = yes
     domain master = yes
     domain logons = Yes
     wins support = yes
     name resolve order = wins hosts bcast
     interfaces = 144.32.169.120
     bind interfaces only = true
     encrypt passwords = yes
     username map = /etc/samba/smbusers
     # management scripts pruned
     passdb backend = tdbsam
     logon path = \\%L\profiles\%U
     log level = 4
[profiles]
     path = /srv/samba/profiles
     comment = roaming profiles
     read only = no
     store dos attributes = yes
     create mask = 0600
     directory mask = 0700
     browseable = no
     guest ok = no
     printable = no
     profile acls = yes
     csc policy = disable

So far, even with these errors, I haven't observed any failures from the 
client although my testing so far has been severely limited. Would 
anyone be able to confirm if these errors are something I should be 
concerned about or if they are purely cosmetic and can be safely ignored?

Much appreciated, Paul.

Samba / LDAP : map uid to another field ?

Sylvain — 2012-05-24T13:39:50

Hi !

I have an OpenLDAP where users DN are in the form «
uid=P1234,ou=people,dc=example,dc=com » and where the login is in the «
eduPersonPrincipalName » attribute (ex : jdoe).
I have configured my system (Debian Squeeze) to authenticate against LDAP
(libpam-ldapd + libnss-ldapd with a mapping uid<->eduPersonPrincipalName),
if I do « ssh jdoe< at >server », it's works great.
Now I want to give Samba share to theses users so I configured Samba
(3.5.6) to connect to LDAP but I cannot authenticate with
eduPersonPrincipalName, if I use the « uid », it's works.
I have searched for a mapping option in samba but I didn't found...
Is it possible to map « uid » attribute to another attribute ? If yes, how ?

Here the smb.conf :

[global]
        server string = %h server
        obey pam restrictions = Yes
        passdb backend = ldapsam:"ldap://192.168.102.153"
        pam password change = Yes
        passwd program = /usr/bin/passwd %u
        passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
        unix password sync = Yes
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 1000
        domain logons = Yes
        domain master = Yes
        dns proxy = No
        ldap admin dn = cn=admin,dc=example,dc=fr
        ldap group suffix = ou=groups
        ldap passwd sync = yes
        ldap suffix = dc=example,dc=fr
        ldap ssl = no
        ldap user suffix = ou=people
        ldap debug level = 1
        ldap debug threshold = 1
        panic action = /usr/share/samba/panic-action %d

[netlogon]
        path = /srv/samba/netlogon
        write list = P1234
        browseable = No

[profiles]
        path = /srv/samba/export/profiles
        valid users = %U
        read only = No
        create mask = 0600
        directory mask = 0700
        profile acls = Yes
        browseable = No

[homes]
        comment = Home Directories
        valid users = %S
        create mask = 0700
        directory mask = 0700
        browseable = No

[printers]
        comment = All Printers
        path = /var/spool/samba
        create mask = 0700
        printable = Yes
        browseable = No

[print$]
        comment = Printer Drivers
        path = /var/lib/samba/printers

Here the slapd log which show the use of uid:

May 24 15:34:08 docs-test slapd[623]: conn=1149 fd=19 ACCEPT from IP=
192.168.102.153:55825 (IP=0.0.0.0:389)
May 24 15:34:08 docs-test slapd[623]: conn=1149 op=0 BIND
dn="cn=admin,dc=example,dc=fr" method=128
May 24 15:34:08 docs-test slapd[623]: conn=1149 op=0 BIND
dn="cn=admin,dc=example,dc=fr" mech=SIMPLE ssf=0
May 24 15:34:08 docs-test slapd[623]: conn=1149 op=0 RESULT tag=97 err=0
text=
May 24 15:34:08 docs-test slapd[623]: conn=1149 op=1 SRCH base="" scope=0
deref=0 filter="(objectClass=*)"
May 24 15:34:08 docs-test slapd[623]: conn=1149 op=1 SRCH
attr=supportedControl
May 24 15:34:08 docs-test slapd[623]: conn=1149 op=1 SEARCH RESULT tag=101
err=0 nentries=1 text=

May 24 15:34:08 docs-test slapd[623]: conn=1149 op=2 SRCH
base="dc=example,dc=fr" scope=2 deref=0
filter="(&(uid=sderosiaux)(objectClass=sambaSamAccount))"

May 24 15:34:08 docs-test slapd[623]: conn=1149 op=2 SRCH attr=uid
uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange
sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn sn
displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath
description sambaUserWorkstations sambaSID sambaPrimaryGroupSID
sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags
sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime
sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp
uidNumber gidNumber homeDirectory loginShell gecos
May 24 15:34:08 docs-test slapd[623]: conn=1149 op=2 SEARCH RESULT tag=101
err=0 nentries=0 text=
May 24 15:34:08 docs-test slapd[623]: conn=1149 fd=19 closed (connection
lost)

Thanks for advice,
Sylvain

cannot execute .exe files from a share

BeavieS — 2012-05-24T13:30:48

Hello, i've seen this error on the mailing list but no solutions.

Problem: No user can execute an .exe file from a group share under any
windows version (wXP til Windows 7).

Permisions: Every user can read, write, delete, etc in that share.
I've chmoded 777 the file but for nothing. The user can copy the .exe
file to another location like desktop and then can execute it (is a
portable aplication) with no problems.

Strange behaviour: The most strange is that if an user copies the .exe
file to their 'home' (his private share on the samba server) then they
CAN run it!.

Another clue: the admin users of the share CAN execute the .exe file

CONFIGUTARION
It's an standalone server joined on a Windows 2003 domain

[global]
        workgroup = HCG
        realm = SOME.ACTIVEDIRECTORY.DOMAIN
        server string = Servidor de Datos
        security = ADS
        map to guest = Bad User
        obey pam restrictions = Yes
        syslog = 0
        log file = /var/log/samba/log.%m
        max log size = 1000
        load printers = No
        printcap name = /dev/null
        disable spoolss = Yes
        domain master = No
        dns proxy = No
        panic action = /usr/share/samba/panic-action %d
        template shell = /bin/bash
        winbind separator = /
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind use default domain = Yes
        idmap config * : range = 10000-20000
        idmap config * : backend = tdb
        printing = bsd

[homes]
        comment = Directorio personal
        path = /home/%S
        valid users = %S
        force group = users
        read only = No
        create mask = 0600
        directory mask = 0700
        browseable = No

[administracio]
        path = /home/administracio
        valid users = < at >administracio
        admin users = ds
        read only = No
        create mask = 0660
        directory mask = 0770
        inherit acls = Yes
        inherit owner = Yes
        vfs objects = acl_xattr, full_audit
        full_audit:priority = notice
        full_audit:facility = local7
        full_audit:failure = connect
        full_audit:success = rmdir rename unlink
        full_audit:prefix = Administracio|%u|%m

So an user of < at >administracio group can execute .exe files in its home
share but NOT the same .exe file in [administracio] share. Except user
'ds' that it is an admin user of the share.

ls -l /home/administracio/program.exe
-rwxrwxrwx 1 administrador administracio 582656 may 23 13:26
/home/administracio/program.exe

ls -l /home
drwxrws--- 56 administrador administracio  4096 may 24 15:01 administracio

(althought chmodig 777 /home/administracio don't work).

Samba version 3.6.3

Thank you!

Could not find node to take over public address

Christoph Martin — 2012-05-24T13:23:42

Hi,

we run ctdb with samba on SLES11. It was running for some month ok but
after an update of the system and ctdb it fails to run.

I tried to setup a new ctdb setup on two other nodes and it still fails
with the same error.

After startup the status is:


I could not find out why the nodes are both disabled. So then I issue

# ctdb enable

on each node. After that ctdb will not be able to assign the public ip
addresses. On the first node I get repeatedly:


On the other node:


Do you have any idea what it could be?

Config and logs are attached.

CTDB version: 1.2.29-40.1

Any other information you need?

Christoph

Linux to Windows Interoperability

Knecht, Matthew J (AS — 2012-05-23T14:13:06

Hello,

Currently using a freely available MS Windows file system driver, Ext2Fsd, to communicate (read/write) with external media formatted EXT3 (Linux volume) from within MS Windows.

Curious to know if Samba is able to support communication (read/write) with external media formatted EXT3 (Linux volume) from within the MS Windows environment?

Looking forward to your reply.

Thanks.

Best,

Matthew Knecht
516-346-7264

Samba 4 Re-provisioning

Mike Howard — 2012-05-24T10:30:37

What's best practice when it comes to changing a samba4 provision, 
without screwing current domain objects (users, computers, policy etc)? 
If, for example, I wanted to change the DNS from internal to external 
bind9, is it just a case of re-running 'provision' with the different 
command line option or will that mangle the domain sid etc?

Cheers,
Mike.

Samba as member of multi domain AD (nss/pam)

Marcel Ritter — 2012-05-24T08:06:10

Hi list,

I'm looking for someone out there, using samba as a member
server in a multi-domain Active Directory forest (maybe even
with nss_/pam_winbind for unix users/groups).

It took quite a long time to get things working at all here, and we're
still not really comfortable with our current solution (especially
the unix nss/pam part).

I'd be glad if someone out there was interested in exchanging
information on that topic.
So please don't hesitate to contact me, if you are :)

Bye,
   Marcel

Samba4 : Problem setting folder and file permissions from windows box

micmac — 2012-05-24T08:14:16

Hi, this is my first message here. I need help, the reason is in the title.
The version running is SAMBA_4.0.0ALPHA18_DEVELOPERBUILD

It was running just fine until I had (for some reason) had to transfer all
the system (ubuntu 11.10 server)
to another clean hard drive. I used  "rsync -rltgoHDv /olddriveroot
/newdriveroot" to copy the files,
and installed grub on the new disk.

Now the problem is that  samba4 works, domain users can log on and access
files, but the permissions
have been reset to some basic values (different from all the ones I had set
before), and I can not
change them at all from a windows7 box as I could before. When I apply the
changes, it takes a while
to process the files, then the "basic" permissions are set again (my changes
lost).

Here is my /usr/local/samba/etc/smb.conf :


[global]
        interfaces = 127.0.0.1/8 192.168.1.0/24
        server role = domain controller
        workgroup = ACEIUBUNTU
        realm = ACEI2
        netbios name = ubuntuserveur
        passdb backend = samba4
        security = ADS
        domain master = yes
        local master = yes
        wins support = yes
        browseable = yes
        log file = /var/log/samba/smbd.log
        socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
SO_RCVBUF=4096 SO_SNDBUF=4096

[netlogon]
        path = /usr/local/samba/var/locks/sysvol/acei2/scripts
        read only = no

[sysvol]
        path = /usr/local/samba/var/locks/sysvol
        read only = no

[profiles]
        path = /usr/local/samba/var/profiles
        read only = no

[homes]
        path = /home/windows
        read only = no

-------------------------------------------------------------------------

The AD database is readable, since I can edit users and computers with the
administration toolkit
from windows7 box.

/usr/local/samba/bin/testparm gives the following result :

Load smb config files from /usr/local/samba/etc/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[netlogon]"
Processing section "[sysvol]"
Processing section "[profiles]"
Processing section "[homes]"
Loaded services file OK.
Server role: ROLE_DOMAIN_BDC
Press enter to see a dump of your service definitions

[global]
        workgroup = ACEIUBUNTU
        realm = ACEI2
        interfaces = 127.0.0.1/8, 192.168.1.0/24
        server role = domain controller
        security = ADS
        passdb backend = samba4
        log file = /var/log/samba/smbd.log
        socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
SO_RCVBUF=4096 SO_SNDBUF=4096
        domain master = Yes
        wins support = Yes
        idmap config * : backend = tdb

[netlogon]
        path = /usr/local/samba/var/locks/sysvol/acei2/scripts
        read only = No

[sysvol]
        path = /usr/local/samba/var/locks/sysvol
        read only = No

[profiles]
        path = /usr/local/samba/var/profiles
        read only = No

[homes]
        path = /home/windows
        read only = No
------------------------------------------------------------------------------------

Also, user_xattr and acl are enabled on the ext4 file system, and the home
folder on which I can
not set permission has root:users ownership with rwx rights (which was
working before).

Since it is a recopy from a working system, maybe there is a problem with
some file permission
on the linux system, but I have searched a lot without finding any solution.
Any help would be
greatly appreciated.

Regards,
micmac




--
View this message in context: http://samba.2283325.n4.nabble.com/Samba4-Problem-setting-folder-and-file-permissions-from-windows-box-tp4632038.html
Sent from the Samba - General mailing list archive at Nabble.com.

Is it possible to use quorum for CTDB to prevent split-brain and removing lockfile in the cluster file system

XW Huang — 2012-05-24T05:41:22

Hello list,

We know that CTDB uses lockfile in the cluster file system to prevent
split-brain.
It is a really good design when all nodes in the cluster can mount the
cluster file system (e.g. GPFS/GFS/GlusterFS) and CTDB can work happily in
this assumption.
However, when split-brain happens, the disconnected private network
violates this assumption usually.
For example, we have four nodes (A, B, C, D) in the cluster and GlusterFS
is the beckend.
GlusterFS and CTDB on all nodes communicate to each other via private
network and CTDB manages the public network.
If node A is disconnected in the private network, there will be group (A)
and group (B,C,D) in our cluster.
The election of recovery master will be triggered after the disconnected
determination of CTDB, i.e. the CTDB elects a new recovery master for each
group after 26 (KeepaliveInterval*KeepaliveLimits+1 by default) seconds.
Then node A will be the recovery master of group (A) and some node (e.g. B)
will be the recovery master of group (B,C,D).
Now, A and B will try to lock the lockfile but GlusterFS also communicates
to each other via private network.
A big problem arises since the lockfile can be locked or not depends on the
lock implementation and disconnected determination of GlusterFS (or other
cluster file system). In my knowledge, GlusterFS will determine some node
is disconnected after 42 seconds and release its lock. In this
configuration, node A and B will ban themselves and the newly elected
recovery master will ban itslef. It's a really bad thing and we can not
treat the cluster file system as a blackbox using the lockfile design.

Hence, I have an idea about the opportunity to build CTDB with split-brain
prevention without lockfile.
Using quorum concepts to ban a node might be an option and I do a little
modification of the CTDB source code.
The modification checks whether there are more than (nodemap->num)/2
connected nodes in main_loop of server/ctdb_recoverd.c.
If not, ban the node itslef and logs an error "Node %u in the group without
quorum".

In server/ctdb_recoverd.c:
static void main_loop(struct ctdb_context *ctdb, struct ctdb_recoverd *rec,
TALLOC_CTX *mem_ctx)
...
        /* count how many active nodes there are */
        rec->num_active    = 0;
        rec->num_connected = 0;
        for (i=0; i<nodemap->num; i++) {
                if (!(nodemap->nodes[i].flags & NODE_FLAGS_INACTIVE)) {
                        rec->num_active++;
                }
                if (!(nodemap->nodes[i].flags & NODE_FLAGS_DISCONNECTED)) {
                        rec->num_connected++;
                }
        }

+       if (rec->num_connected < ((nodemap->num)/2+1)){
+               DEBUG(DEBUG_ERR, ("Node %u in the group without quorum\n",
pnn));
+               ctdb_ban_node(rec, pnn, ctdb->tunable.recovery_ban_period);
+       }

This modification seems to provide a split-brain prevention without
lockfile in my tests(more than 3 nodes).
Does this modification cause any side-effect or is that a stupid design?
Please kindly answer me and I appreciate to receive new inputs from smart
people like you guys.

Thanks,
Az

share access issue smbd/service.c:988

Muhammad Yousuf Khan — 2012-05-23T15:03:54

OK, my samba server was working fine i have 2TB RAID1 drive as a
storage and had 300gb sata drive for boot the Debian OS 6.0.4.
unfortunately my sata boot drive faild and i had to reinstall the OS
in new drive. now when i plug the old Raid drives the data was still
there. but permissions were a bit messed, it was showing numbers like
100015 or 100016 instead of owning user name or groups.
so i did  "chown root:root * -R" i thought that i will reassign the FS
rights to every individual folder again. so i did. but now the shares
in smb.conf that were working previously now they are throwing error
in log files and the same share was working perfectly before.


here is the error

smbd/service.c:988(make_connection_snum)
  canonicalize_connect_path failed for service Filesharing, path
/nas/backup/Filesharing

now i created a new folder on new driver which is the new OS drive. i
created a "test" folder at root
my users and i can access either we can create folders and delete

here is the folder at "/test" (we can access it with full rights)
drwxrwxrwx   4 admin admin-grp  4096 May 23 19:30 test

this folder is on "/nas/backup/Filesharing" (this is the problem part
and many other share like this are not working)
drwxrwxrwx  3 admin admin-grp  4096 May 23 19:34 Filesharing



[test]
        comment = test for All
        path = /test
        read only = No
        create mask = 0770
        directory mask = 0770

[Filesharing]

        comment = Filesharing for All
        path = /nas/backup/Filesharing
        read only = No
        create mask = 0770
        directory mask = 0770

you can see both shares have same FS rights and same share rights but
my users can access /test but not /nas/backup/filesharing
and generating this error.

smbd/service.c:988(make_connection_snum)
  canonicalize_connect_path failed for service Filesharing, path
/nas/backup/Filesharing

however i as admin user can access things in "filesharing" so i
thought that admin is the owner of this folder so i change the
ownership of Filesharing folder to a another user and i tested it with
that user but still no luck. even thought it doesnt make any sense as
777 is already given to the folder.

now i am handicap and nowhere to go. i look for the said error on
google on so many places. which shows that it is a File system rights
related issue. and according to my knowledge there is nothing to do
with FS  rights it is some thing different as 777 is already given to
both of the folders.

Thanks,
MYK

multi home dir locations

Collen — 2012-05-23T13:56:43

Hi all,

i've got samba 3.6 joined to a ad domain (s4 in this case)
running winbind
all looks ok, but i ran into a problem (for us that is)

i've got 2 groups (students and employes)
who have there home dirs in 2 different places.

/home/students/<user>
/home/employ/<user>

so far so good, but i can't make the [homes] work for both of them (just 
1 group)

in winbind template, i can only use %g, and that gives me an GID of 
domain users (since that's the default with samba 4)
no secondary groups ect.

putting "path = ..." in the [homes] section gives me the same problem.

how can i get the homedir to work, if the location is different per user ??

even a ambiguous attempt with: path = /homes/`id -g %u`/%u
did not work...

cheers, Collen

AD / new auxiliary class / vb script

Hervé Hénoch — 2012-05-23T13:48:56

Hello

I've modified AD schema by adding a new auxiliary class (iscA) with an 
auxilairy attribute (iscA1).

I've followed this explanation /_*entirely*_/ : 
http://semifershome.free.fr/semifer/index.php?2008/02/12/42-etendre-le-schema-active-directory-classes-attributs-et-display-specifiers

I've named the menu item with the same name (AllowedService). By 
right-clicking on a AD user then on the menu AllowedService, the 
following script is executed and it is intended to modify iscA1 
attribute. The script is :

/set args = WScript.arguments
Set user = GetObject(args(0))

temp = InputBox("iscA1 value", "Set iscA1", user.iscA1)
user.put "iscA1", temp
user.setInfo/

My first problem : when I right-click I've the message : "this object 
does not support this property or method".
Precision : i've linked my new auxiliary class with user class.

So i've created the following script which add iscA class and iscA1 
attribute to a specific user :
/
Set user = GetObject("LDAP://cn=toto,cn=users,<my domain>")
user.GetInfo

user.PutEx 3, "objectClass", Array("iscA")
user.Put "isc1", "toto"
user.SetInfo/

After the execution of this script the right-click above run and I can 
modify the value of iscA1 attribute for user toto.
But I can't see the last value (given by /user.iscA1/) : always empty 
while in the LDAP database I can see the value is correctly set.

Two questions :

1) Why the first script fail ? Why must I execute the second script first ?

2) Why can't i see the last value of iscA1 when I run the first script ?

Thanks

NNTP server for Samba newsgroup

Avinash Gupta — 2012-05-23T00:21:57

I am trying to configure Newsgroup account in “Windows Live Mail”.
I will appreciate if someone could inform us the NNTP server for below Samba lists
1. samba-technical
2. samba

Does Samba4 support Cross forest trusts

Avinash Gupta — 2012-05-22T21:52:14

We have two Samba4 forest domains. We would like to establish trust between them (either at forest level or at domain level).
We are wondering if Samba4 supports this scenario.