Server :: Ubuntu Workstations Connects To Samba Pdc But Gets No Group Permissions?
Dec 30, 2010
The current situation:there is a samba PDC with ~50 XP workstations, all working fine for the last two years.The goal:Cycle older hardware back into production by installing ubuntu on them. These workstations must authenticate against the domain, and must automatically mount a public, a user, and a department share that contains folders with various group permissions.The added challenge:Since the office where this lan is located is closed for the next week or so, the ubuntu workstation I am testing with is connecting via a site-to-site VPN. This is soon to be mandated as a requirement anyway, so if not done now it will have to be done later anyway. I mention this since it *may* be something that could be interfering with the success of my mission, however, given what does work, I do not think this is my culprit.
What does work:Thanks to winbind, I can log into the ubuntu workstation via gdm with my domain credentials, and thanks to pam_mount my shares do mount correctly. I take this to mean my pam conf files are correct, along with nsswitch.conf.wbinfo -p, -a, -t, and -u work on the workstation. getent passwd returns DOMusers.listwbinfo -p, -t, -Y, -S, -G, -n, -s, etc, all work on the PDC. getent passwd returns a list from /etc/passwd and getent group returns a list from /etc/group.A remotely controlled windows workstation on the lan works as expected.
It appears that winbind is not able to parse the group permissions at all, not for the user, nor for the folders.The hope:is that someone can say that this problem of group permissions not being recognized has a typical cause (though several hours/days of google searching has revealed no such thing). However, I can provide a great deal of supporting information, as I have gone through documentation and testing extensively (though not extensively enough, apparently). For my own sanity, I put most things I tried into a text document so I could review it and look for errors in judgment, that doc ended up being some 1500 lines long, and doesn't include conf files. Rather than flooding this post, if someone is up for reviewing it, I can definitely make it and further supporting info available...
View 3 Replies
ADVERTISEMENT
Sep 11, 2010
This is a interesting confusing problem.Ok I have group with 3 users.I have a folder in /home with owner as root, and group that has read/write permissions.However if a user opens up a file and saves it via samba, the owner changes to the user, and the group members only have read permissions on the file.
View 4 Replies
View Related
Nov 18, 2010
I am trying to set up a Samba share on one of my machines where I am the owner and a special group manages permissions for read-only access ( me:specialgroup ). If I log into the share as me, there is no problem (I have read/write privs as per usual). However, I am not able to log into the share using any of the group members (there is only one currently). That user is not able to access the share (failed to mount).
The folder (which is the share) is owned by me:specialgroup and the permissions have been forced down the folder. Samba is set to Share this folder with no guest or others write access.
View 9 Replies
View Related
Jan 14, 2009
I have a user community of about 2000 users and a samba server running on AIX that currently hosts a read-only share for the whole company.
[Released]
path = /mypath
guest ok = Yes
But now I have been requested to make this share available as read-only for some users and completely inaccessible to everyone else. The number of users who will have access is probably a few hundred and I expect users to be added/removed on a daily basis. Some of the users have unix logins, while others do not. Because of this, I hesitate to mess with user mapping because I would have to manage this every day, unless I do something with a script.
Can someone suggest a scheme I can use to deny everyone except for certain users without having to use user mapping?Someone here in my office suggested we use hosts allow or deny, since the users who will still have access are located on the same subnet. However, there is a distinct possibility that a small number of people on a few other subnets will need access. Is there a way I can specify hosts allow but still allow specific users from other subnets?Forgive me if this question has been asked before. I'm sure it must have been, but I am having trouble doing a search of the archives that will give me advice about this particular problem.
View 2 Replies
View Related
Feb 15, 2011
I have a couple of user accounts where each member belongs to a group i have created: Each user access the share using their own user account credentials.
How can I configure Samba in a way so that each modification done on the share gets the owner of the user and my group instead of the user and the users own group? I would also like the access rights to be 770 to each modification.
In other words, today each modification by "userA" get the owner "userA.userA" and I would like it to be "userA.MyGroup" with "rwxrwx---" permissions.
View 3 Replies
View Related
Jul 3, 2011
this is my first real problem that I can't solve my self.I've a test samba share called "Share" and I've created three users:
-mones
-fsu
-fsu2
[code]....
View 2 Replies
View Related
Jul 19, 2010
I want to have a Linux server "control" a number of Windows workstations. The workstations are a mixture of XP Pro, 7 Pro, and 7 Home Premium (the latter won't join a domain so can't have all the features I want mind). I want:
Centralised username and password database. Easy to add users. Roaming user profiles, so users can switch computers and take their settings with them. If possible, settings for selected programs shared between XP and 7. (They need separate profiles.) My Documents on a network file server. I'm interested in having transparent versioning on this - perhaps by using a copy-on-write filesystem, perhaps just by using a version control app on the server and having cron make a commit every night.
Able to manage software installation and removal centrally. (This I already do, using WPKG). Able to manage configuration centrally. Basically pretty much anything the user could change, I want to be able to force a setting of. I'm thinking desktop wallpaper locking, forcing use of a web proxy, setting printers, restricting use of USB drives, etc. Printer accounting.
Give the clients resolvable names (probably DNS, maybe WINS). This is mainly to help if I need to remote into a client desktop. I don't know to what extent this can be done with Samba. I know it doesn't have all the features of Windows servers, but I know next to nothing about Windows servers. So, can what I want be done? How I'm prepared to read docs for and test things out, but I don't want to be looking for tutorials on something not possible!
View 2 Replies
View Related
May 30, 2010
I am running into a Brick wall with this. And thought that the knowledge and expertise here would be a good place to seek help.I have CentOS 5.4 server running Samba on a WinBloZ network. I have the groups all setup and that aspect works fine. But here lies the issues.In a shared directory with group permissions set if someone on the group with permission to this directory creates a file they are the only person that can edit / modify that file. That file need to be editable by the entire group. But the only way thus far I can achieve this is to manually chmod the files in the directory. I know there is a way to fix this, but I have not found it. Can someone please explain how to make this work for me.
View 1 Replies
View Related
Jul 8, 2010
On our fileserver, we primary use samba to share files to our users, but a few users have to use ssh/sftp to access the file server. In samba we have the shares setup so that permissions are forced to be the correct group owner and group read/write. The problem is those few who access via ssh/sftp. There files do not have the correct permissions. These people are not the most computer savvy, I'm dealing with biologist here. Is there some way to fix this or will I just have to setup a cron job to go through and set permissions periodically?
View 1 Replies
View Related
Oct 19, 2009
i want secondary users can able to change the files permissions of primary group?user MAC is having www as a primary and httpd as secondary group. But he want to change the file permissions (chmod) httpd group files. Is it possible or not? I think its not possible. If it`s possible then let me know how?
View 3 Replies
View Related
Feb 9, 2011
this is really a brainstorming thread seeking advise on how to setup some samba shares within a small office network. For the quick judgers:
-no I'm not an IT expect and I'm not even the IT at the office, I just fill in this gap too.
-I have looked into several samba 'by example' tutorials - none seems to fit my needs or answer some of my Qs.
So I seek advise from your experience: What do I know:
-the functionality of the setgid to have subfolders inherit the group owner of the parent folder
-the fact that I don't want samba in 'share' level in order to register the owners of files
-the functionality of acls that enables inheritance of rwx permissions to subfoldrs of a parent folder.
- the groupmod -o option but that doesn't help apparently.
So this is a 25ppl civil engineer consulting office. The physical groups of ppl working here are: engineers, drafters (those who generate the drawings , i'm not sure if thats the correct term), and secretaries. The job usually is done in the following way, once a project commences a project folder gets generated and everything is done in there. incoming mail arrives there (secretaries put it there), engineers do they calculations on speadsheets, write reports and do draft drawings and, finally, drafters take the draft drawings and finalize them. So pretty much everyone of these 3 groups needs write access to the main project folder.
How do I accomplish that? as which group should I create the project folders? It came to mind the notion of group of groups. Now that the actual owner of the file is not so important anymore (several engineers will need to have write access to the folder) and group becomes important, it would be nice to have the ability to add... groups (instead of users) to groups! so that the permissions to a group are inherited by its children groups... Does such functionality exist of can it be implemented somehow?
How do I go about giving access to everyone and at the same time, NOT giving up on the 'user' secutiry level of samba (and NOT just giving rwx permission to 'others'? Is it possible? or Should I instead forget about individuals and match the 'physical groups' to 'linux users' and 'groups of groups' to 'linux groups'? ( This means I should give on ownership of files by individuals )? Since its a small office some work is mixed - engineers might pickup incoming email, a secretary might do abit of drafting work etcetc.
View 4 Replies
View Related
May 20, 2010
I'm attempting to set up a Samba share on my lab's small server (Ubuntu Server Edition, 10.04). It looked easy enough, but the share that I set up didn't allow anyone to actually put anything on it: no uploading stuff, etc. (You can still upload files via the command line, so I implemented the unix extensions = no fix). The share is writeable and visible, and anyone can access it (according to the Samba GUI). According to the smb.conf:
[Share]
path = /home/something/Share
writeable = yes
;browseable = yes
guest ok = yes
The other Windows machines in the lab see the new server and its share automatically, although they can't make changes to it, like create a new folder in the share. Most of my lab uses Snow Leopard (OS X 10.6), and a few others use Windows. I can connect to the server using my MacBook either through the terminal or Finder -> Go -> Connect to server -> smb://blah.someplace.edu without problems.
I can do pretty much anything via the command line, but not through the Finder! If I want to create a new folder, it gives me an old-school error message (stupid blue face): "The operation can't be competed because you don't have the necessary permission." If I want to drag-and-drop a file from my desktop to the Share folder, I get a pop-up window (lock + blue face): "Type your password to allow Finder to make changes." If I do, then I get another pop-up: "One or more items can't be copied to "Share" because you don't have permission to read them. Do you want to copy the items you are allowed to read?"
View 3 Replies
View Related
Dec 30, 2010
I have a Samba server running on a box where I login to admin as user:
FRED
The Samba users are
SUE
JOE - Read only for specified paths (media playback access only user)
SUE can read/write to any directory under the share: Media
So all that is working fine. As long as I do file operations remotely as SUE everything works remotely. How can I make it to where everything SUE does over Samba FRED automatically has permissions to edit when logged in locally (or SSH)? Also, remember, Joe needs to be able to read where specified.
View 3 Replies
View Related
Nov 17, 2010
I have a file server setup with samba integrated with swat management. The server isn't a domain controller. The file server is working well with the shares all working correctly except for one problem. I would like the users be able to manage the folder permissions from a windows PC. This can be done from a login as the root user if need be but, the key is that the system be manageable from the windows PC.
I have followed the instructions of multiple how to's but still get and error that access is denied when trying to apply permissions. I am able to search the server for users to add and the names resolve. What are the configurations that I should be looking at where the NT permissions in samba are configured. nt acl support is set to yes and any other acl settings used produce the same result.
View 2 Replies
View Related
Mar 15, 2010
So I am trying to setup a Samba server to share out our SAN environment to our windows clients. This is my first time playing with samba, so running into quite a few obsticals along the way.
Environment:
SLES 10.3
Samba 3.0x (Original RPMs in distro)
My end goal is to allow anyone in our Active Directory environment to access the shared folders from Samba and map the File permissions to 755 and Directory to 777.First I tried just using Kerberos client and winbind and added it to the AD domain. This worked, but mapped the wrong UIDs (the standard 10000 series). Also the permissions were mapped all wrong.Then I had the great idea to use the Server for NIS on windows 2008, it makes the PDC run a NIS domain that is conjoined to AD. This really didnt work at all. I loaded the AD schema with the correct UIDs and all that good stuff, but didnt seem to take.
So how would any of you approach this?Should I keep trying the NIS config, or use Kerb and winbind? Can a box be part of a NIS domain and AD at the same time?
View 7 Replies
View Related
Mar 19, 2011
I have set up a computer to use as a file server using Samba. I attached a 1TB hard disk to it and had the system to mount it automatically. I have 4 user accounts which will be able to access this network share. An administrator account is called "server". I'll call them user1, user2 user4. This is the folder structure:
+-/mnt/FILES
+-BACKUP
backup files (accessible only to "server" user)
+-MUSIC
music1.mp3 (read only files for all users)
music2.mp3
[Code]...
I don't know which groups I should create. I'm having a hard time setting file/folder permissions. And I wanted to know how to set Samba so that it won't ask for a password when accessing public/group files, but asks for it when accessing private user files.
View 1 Replies
View Related
Apr 20, 2010
A bit of an oddity that I've recently run into with my storage folder in my system; it's a newly installed drive that I've set to mount at /storage. When I first tried to use it, programs that I used that attempted to write to it tossed Access Denied errors at me in their own way. Checking the permissions (at the Terminal, ls -l / | grep storage) showed that /storage was set to 'rwxrwxr--'--Owner and Group were given full read/write/execute, but Others could only read. However, my logon to my system is a member of group root. Why, then, with the above bits set, would I not be able to write to it? Changing Others permissions to rwx (and presumably rw would have worked out for me since I don't leave anything executable there) allowed me to write to it, but I don't understand why that would have been necessary. So far as I'm aware, the prior drive that was in my system--mounted at the same location--did not need this treatment.
View 7 Replies
View Related
Jan 12, 2011
In my work I want to build up a Linux based network, where windows and linux clients are going to share a Thecus network drive.Each client will have specific permissions for accessing the samba shares. I have installed Ubuntu SRV 10.4 with gui and webmin.
View 1 Replies
View Related
Feb 10, 2010
After what feels like weeks have tinkering around trying to get a Samba file server set up, I've finally given up! I have 4 drives and 2 groups:
1) Dev - Available to all users in both groups (normal and admin)
2) Misc - Available to users in admin group only
3) Admin - Available to users in admin group only
4) Accounts - Available to users in admin group only
Drives 1 and 2 are working fine, with the correct access rights. Drives 3 and 4 can be browsed by admins only, but no changes can be made at all - files & directories can't be renamed/moved/deleted. What is most confusing is that Drive 2 is set up exactly the same as Drives 3 and 4. The process I went through to get them working:
[Code]...
View 2 Replies
View Related
Nov 24, 2010
i'm setting up a common public folder on a file server, but I seem to be getting some permission differently to what I expected. The folder is /temp which is a separate drive. The fstab entry is:
[Code]....
View 5 Replies
View Related
Apr 14, 2011
My main account 'dave' runs as admin etc This was the output of 'groups dave': dave adm dialout cdrom plugdev lpadmin sambashare admin I was trying to add dave to the user group 'media-www' and i ran this command: 'usermod -G media-www dave' Then after another 'groups dave':
dave : dave media-www It seems to have removed all the other groups! How do I restore this?
View 4 Replies
View Related
Jul 30, 2011
How can I give an application group permissions?There is a bug in the latest version of Ubuntu's Dovecot, where it is not apart of mail group, so it does not have write permission to the /var/mail directory by default. So I have to give it mail group permissions.
View 1 Replies
View Related
Jun 28, 2010
I do not have any shares setup on my home network so this has never been a big deal to me. My mother finally took enough interest in my operating system to allow me to dual boot 3 of her computers. Everything was up and running like a charm and then she asked "What about connecting to the file server?"
I click on "network" under nautilus and start clicking around - no where in here is the file server that every Windows system on the network can see (5 or so other systems with xp/vista/7 on them - so I know the share works). A small bit of time and some command life foo later I had hunted down and manually mounted the share and added and fstab entry for the drive so my mother would never have to go through that on her own.
That being said - did I do things the hardway here? Can someone please tell me there is an easy method that successfully detects and connects to samba shares without having to resort to CLI? Personally I do not mind doing this, but it is an issue when I am installing Linux for a beginner.
View 2 Replies
View Related
Feb 27, 2010
i am trying to finish up a lab in that i have i have some accounts created under groups called "mgmt" and "pl". I am trying to figure out how i can get the guys in "mgmt" to be able to modify files in a directory called "mgmt-final" but the guys in the group "pl" will only be allowed to read those files.
View 5 Replies
View Related
May 12, 2009
Originally Posted by slackuser67 In my case it was a permission thing. Logging in as root, sound worked, logging in as user didn't. I followed the adding myself to the audio group and that didn't do it either. But, adding myself to the video group did the trick. You wouldn't think that would work with getting video but no sound, but it did in my case. I'm having all the same problems, but I'm using DSL-N, and I can't figure out how to check or change the group permissions.
View 2 Replies
View Related
Jun 19, 2011
I need to assign permissions for ftp users. For that I need to create groups with different permissions like upload, download, rename, delete, rename and delete. And the users added to the group need to have that group permissions by default.
View 5 Replies
View Related
Jul 10, 2010
I am doing rhce course but i am very confused to answer these user and group permissions.the questions are like this...the owner of the /data must be user tom.primary group of /data must be the group sysadmins.the members of the group test must be able to write and create files in the /data.the members of the group web have no access to these directory.the user jack not belong to any of these gropus must have to edit files created in /data.the user tim can only list the contents.
the questions are always like these..i am okay with sgid and sticky bit.but i dnt know where to set default acl and other permissions.
View 3 Replies
View Related
May 20, 2010
I'm beginning to deal with more than one user on my system (it's a VPS serving some sites) and I need to make sure I understand how group permissions work. I have an account named "admin" .. it's basically the primary account that is used for serving most of the sites that I control myself. Now, I added a second account named "Ville" as one of my users wants to be able to administer that site. So, I can do this the easy way and just chown their domains folder under the ville user, they have permission to do whatever they need be and so forth. However, let's say I want to also give the admin user access to the files (modifying and all) .. how can I put both users into the same group and give them both permission?
I've tried doing:
sudo usermod -a -G admin ville
To add the ville into the admin group, but ville still cannot edit files by admin. Permissions for the primary directory for the ville user are read/write for both owner and group, and the current group for the files is admin:admin ..
But ville still can't write into the directory. So, what should I be doing here to get this right and secure at the same time?
View 1 Replies
View Related
Jan 4, 2010
I have a Fedora 7 PC acting as the NFS server. I have two users as follows on other Ubuntu (various flavors) based client PCs:
Code:
id ks
uid=1000(ks) gid=1000(ks)
[Code]....
View 4 Replies
View Related
Sep 9, 2010
i created a directory in my webserver as well as a group "webdevs" which I want to give write permissions to, and include my user so that i can edit.i used [addgroup webdevs] then [adduser MYUSER webdevs].then [sudo chown root:webdevs MYDIR]then [sudo chmod 774 MYDIR]when I try to cd to MYDIR under MYUSER, I get permission denied.
View 3 Replies
View Related
