Ubuntu Servers :: Configuring Samba Permissions To Emulate Netware?
Apr 22, 2010
I'm replacing an ancient Netware server with a new Ubuntu 8.04 box running samba and LDAP. I want to see if there's a way to get Samba to emulate the way permissions propagate through Netware. Namely, if I see a directory structure like this:
[User Cant See]
--- [User Cant See]
------- User Can Edit.txt
------- User CANT Edit.txt
With Netware I can give permission to User to edit "User Can Edit.txt" and the permissions will propagate in reverse to allow User to see the two [User Cant See] directories and edit the text file. "User CANT Edit.txt" will still be invisible to User. This is very convenient as I can simply give user access to one file, they can navigate to it through the directory structure, and all files not explicitly given access to will still be invisible.
With Samba the only way I've been seeing to get this would be to explicitly give User access to both [User Cant See] directories, give him access to the "User Can Edit.txt" and remove any access to "User CANT Edit.txt" and every other file in the latter two nested directories.
installed ubuntu 8.10 64bit on left over parts for file serving with windows 7, tried the sample config file that installed with it with no luck, then tried new config file, looking at the samba.org website and other peoples configurations i came up with this
[global] netbios name = NETBIOS_NAME workgroup = workgroup security = user
I'm trying to set up my samba server so that all the shares are visible to everybody but that some shares can only be accessed by certain users. I have a folder Video that everybody can access without a username or password. I now want to create a share that only I can access called webserver.
This is my samba.conf Code: [global] dns proxy = No netbios name = DATABOX guest account = nobody restrict anonymous = no browseable = yes server string = server workgroup = WORKGROUP public = yes security = share
[Video] Writeable = yes Path = /media/data/Video Public = yes
[webserver] Writeable = yes Public = no User = malteser Path = /media/data/Webserver
Windows does not let me enter a username or password. I'm pretty sure this used to work.
I'm having a hard time figuring out how to set permissions on my samba server and on mounting the share. I would appreciate help figuring things out. What I need to achieve is have a server share mounted on a computer and give read write access to the users of that client computer. Also permissions should be respected is a user limits access to a directory or file he creates.
What I did was replicate the users on both server and client computers and create an extra user on the server that has full access to the share both in linux and in samba, and I'm mounting the share on the client computer using that extra user from fstab. (Is this the best way to set things up or is there a better way?)
Now the issues I'm having; Whenever a user A creates a directory or file it's listed as created by user B. It turns out that the UID does not match on both computers. How do I fix that short or deleting and recreating the users in the proper order.
- Backup scripts running as root get lot permission denied errors writing to the share especially when using chown and chgroup. Could someone explain, or point me to an explanation of the logic behind permissions and mounting?
i have setup a samba server and created samba shares on it, i have configured the samba server to authenticates users from a windows server 2003 DC,
i have 2 shares call IT and MYSHARE, I want to give read and write permissions to sevaral users to those two shares and read only permisson to all the other users.
i tried editing the smb.conf file with the following settings , but no one can write or modify the files in the shares including the users specified in the write list = cweerasinghe,njayarathna.
[IT] writeable = Yes browseable = yes public = no comment = IT share
[Code]....
how can i give access to the write list = cweerasinghe,njayarathna users to read, write and modify the files in the shares ??
I am the IT Manager at a research facility. We have a fairly unique network configuration in order to support all of the different projects we have going on. We have Red Hat, Ubuntu, Windows XP/Vista/7, Windows Servers 2003, Ubuntu servers, Red Hat servers, and even a few Netgear ReadyNAS and Buffalo Terastations. Over the last few years, I have been migrating all of my users and accounts to a single ACL list, which I chose to be a Windows AD 2003 server. 95% of my users work on Windows platforms and just use ssh tunnels to develop on our linux boxes.
However, i ran in to a problem with our Linux boxes not being able to symbolic link on my Windows 2003 file shares. Of course, this is a problem with Windows not supporting symbolic links. I know 2008 does support this feature, but given the economy and the budget restraints, we cannot afford to purchase the updates we would need, so now I am moving all of my shares to a Ubuntu 10.04 server using Samba. I have joined the server to my AD domain successfully, i can login using my AD credentials, and even assign ownership and group permissions using AD users/groups.
Here is my question.
I would like to keep the AD permission schemes intact. I have several shares that contain folders that have individual permission settings. For example, I have a /shared directory that contains about 50 different folders. Some of these folders I allow my users to write data to, some just read, and others I deny access to complete groups and just allow key groups to access (for example, personnel data should only be accessed by the Administrative staff).
Is there a way to make this work?
I can assign uid and gid manually per folder in Samba, but i would like to have the possibility to add multiple users and groups with permissions to folders, which I do not believe can be done with the standard chown commands. Currently, I can see the folder permissions from my Windows box, but when I try to edit the permission settings, it defaults back to full access. So my AD permissions are not being saved.
I have a couple of user accounts where each member belongs to a group i have created: Each user access the share using their own user account credentials. How can I configure Samba in a way so that each modification done on the share gets the owner of the user and my group instead of the user and the users own group? I would also like the access rights to be 770 to each modification.
In other words, today each modification by "userA" get the owner "userA.userA" and I would like it to be "userA.MyGroup" with "rwxrwx---" permissions.
How can I set permissions for users within the share? Example: I have a share called Programming and some user can create folders within it most others can not, can read the documents. How do I set permissions?
My samba-shares are mounted in fstab. Everything works fine except for one small issue: when copying files from the local PC to the share the files are copied but the timestamps and permissions of the files are not. Instead a message "operation not permitted" appears. 'root' on the client can copy files WITH timestamp etc, a normal user cannot.
Below the line in fstab on the client and smb.conf on the server.
I've got my Samba shares up and running. I can stream files from the server, I can create files on the server, and I can copy files from the server.
Running a Windows program (from a Windows box) directly from the Samba server, however, is turning into a nightmare. I'm getting Access is Denied errors from the Windows box, yet I can copy/create/etc from the entire directory with no problems.
Are there any special permissions I need to run EXE files from a Windows box, located on a Samba share? I've already chmod'd everything to 777, and I show full access when ls -Z is used.
We have a bunch of directories created for apps on server that were configured to a local group account (for ex: oracle). We have enabled AD using winbind after 6 months after these servers have been in use. So how can we tie the local oracle group account with the one in our AD tree.the test useris configured in the oracle group in AD and the test users primary group is oracle
i have to different routers in my home. One is at&t dsl modem other is dlink wireless n router.
I have my ubuntu server connected to my att modem as this is the only way I can get it to work. As I can only connect to my server from the outside of my home.
Problem is my desktop and laptops use the dlink because its faster and giver me more bandwidth so everything in my home is wirelessly connected to it.
I use ubuntu as web server, proxy server, and dns server. I have all my computers useing the proxy server my just inputting my proxy address as 192.168.1.0 which is my ubuntu address. But my computers use 192.168.0.0 as this is how dlink is setup.
So anyone know how I can get all my pc's on the network 192.168.0.0 to connected to my samba server which is on 192.168.1.0? Can I setup my dlink dir-615 as a access point? So that it shows up in the 192.168.1.0 network. Or can i configure my pc's to look into the 192.168.1.0 network to see the samba server?
I'm trying to configure Samba with a GUI. I also can't find smbcontool, which I used on my previous 9.10 installation. Is the same thing available for 10.04? I can't seem to find it, no matter how many repos I enable.
We need to implement ntlm for apache[URL]... Apparently this requires joining our linux host to our domain. however we have two active directory servers in seperate domains, one ads is for users only, the other is for computers only. Testing kerb and joining your linux host to the domain requires you enter in a user that has permissions to join the domain on ADS. But how do I join a computer to a domain where my account does not exist, the ADS that only contains computers is the one I need to join.
how to make a new Ubuntu 9.10 box use our LDAP/Samba server for user authentication. Our Red Hat and Windows machines all use it just fine. I've been trying to use the auth-client-config and libnss-ldap packages for this purpose, but I must be missing something. I'm pretty green with LDAP, so this is my first time diving in... Is there a good How-To or step-by-step read on this? All of my searches lead me to setting up Ubuntu as the server, and that isn't what I want. I've also tried the steps listed in [URL] for the LDAP Authentication section.
First off I would like to install a GUI for samba. After that I want to set up my network so that router stays as the server for the network I have four windows computers already hanging off of the router. This machine which has Slackware on it is hardwired, directly connected, to the router via cat-5 cables. I have samba installed already and I just need to configure it correctly.
I was able to connect to internet using PPPoE until I configured Samba network and set the machine as its server; does this two related? Is it possible there's a conflicting configuration, say DNS server config for example?
I've been busy with configuring Samba with the 389-Directory Server (former Fedora Directory Server) for the past weeks and I almost have everything working. The last thing (I hope) that I haven working are the smbldap-tools which I'd like to use for adding computers and users to the domain. The part where I'm stuck is with the security certificates. I don know how to get the client certificates out of my installation.
My smbldap.conf file contains this: Code: # $Source: $ # $Id: smbldap.conf,v 1.18 2005/05/27 14:28:47 jtournier Exp $ # # smbldap-tools.conf : Q & D configuration file for smbldap-tools # Purpose : # . be the configuration file for all smbldap-tools scripts .....
I used the setupssl2.sh script to setup ssl for my 389-ds, which seemed to have worked fine. I however simply have no clou how to get client certificates out of this.
Im currently using an english book to setup my samba server, and im having problems understanding it.
I dont want to use root to join clients to the domain; i prefer creating a plain user.
Ok, so, the steps i follow are:
net groupmap add unixgroup=srvadmins ntgroup="Server Admins" net groupmap add ntgroup="Domain Admins" unixgroup=dmnadmins rid=512 type=d net rpc rights grant 'ORAServer Admins' seMachineAccountPrivilege
This way, i have a group called srvadmins with permissions to join clients, a group called dmnadmins with permissions to manage users and other permissions, and root.
Now, users: "root", "dmnadmin"(from dmnadmins group) and "srvadmin" (from srvadmins group) can add machines to domain. Root because is root, srvadmin because i granted permissions, and dmnadmin because is admin
So i wonder, why srvadmins group is needed to be granted privileges?
I tryed to lower dmnadmins privileges by revoking semachineaccountprivilege privilege, but didnt worked
net rpc rights revoke 'ORADomain Admins' seMachineAccountPrivilege
looks like its privileges comes from another group and it user managed to add a machine to the domain correctly.
Ok, so, is this really usefull? why do i need 3 kind of users to be able to join to the domain?
I have a problem with file permissions over samba. I am running a web server, and this web server needs to be able to delete a file. The php code is correct, because it works on other sites. The php code is failing when it deletes a file because it is being ran as the www-data user. And the permissions on the files that are created on the share are as follows:
ns$ ls -l -rwxr-xr-x 1 root root 129628 Feb 6 08:16 20110206071748532.pdf This directory is mounted on: /var/www/files/23982dbb7a454425ce17a22bedc00776/scanned/AEC_Scans This is done with the /etc/fstab file: //192.168.58.2/Scans /var/www/files/23982dbb7a454425ce17a22bedc00776/scanned smbfs username=administrator,password=somepass
i have an old desktop that i have decided to use as a central point for localhost/website files. I have 2 laptops, a ubuntu and vista, and i want them both to be able to see the public_html folder on my desktop, and be able to create/update folders and files.
I have set up the samba sharing and that's working fine, but when i create folders using my laptop, they are not writeable to the desktop or other laptop because my laptop is the creator. Is there a way that I can set it so that whenever folders/files are created from either laptop, they have full permissions?
When I create a new folder on my ubuntu machine and share it with my windows 7 machine using 'net usershare add <dir> <path>', I can't get write perms in Win 7. It keeps giving me a "You need permission to perform this action'. I've chmod the folder to 777 but still no luck.
The funny thing is, it was all working fine until I tried to add a new usershare yesterday (Can't think what I've changed). I use this sharing method to share all of my development /var/www/ folders so I can work on them from my win machine.
I have had a few problems with my samba smb.conf, and it nuked and rebuilt yesterday. I'm fairly new to the Linux game, and this permissions problem has me baffled.
I am trying to set up a Samba share on one of my machines where I am the owner and a special group manages permissions for read-only access ( me:specialgroup ). If I log into the share as me, there is no problem (I have read/write privs as per usual). However, I am not able to log into the share using any of the group members (there is only one currently). That user is not able to access the share (failed to mount).
The folder (which is the share) is owned by me:specialgroup and the permissions have been forced down the folder. Samba is set to Share this folder with no guest or others write access.
I'm attempting to set up a Samba share on my lab's small server (Ubuntu Server Edition, 10.04). It looked easy enough, but the share that I set up didn't allow anyone to actually put anything on it: no uploading stuff, etc. (You can still upload files via the command line, so I implemented the unix extensions = no fix). The share is writeable and visible, and anyone can access it (according to the Samba GUI). According to the smb.conf:
The other Windows machines in the lab see the new server and its share automatically, although they can't make changes to it, like create a new folder in the share. Most of my lab uses Snow Leopard (OS X 10.6), and a few others use Windows. I can connect to the server using my MacBook either through the terminal or Finder -> Go -> Connect to server -> smb://blah.someplace.edu without problems.
I can do pretty much anything via the command line, but not through the Finder! If I want to create a new folder, it gives me an old-school error message (stupid blue face): "The operation can't be competed because you don't have the necessary permission." If I want to drag-and-drop a file from my desktop to the Share folder, I get a pop-up window (lock + blue face): "Type your password to allow Finder to make changes." If I do, then I get another pop-up: "One or more items can't be copied to "Share" because you don't have permission to read them. Do you want to copy the items you are allowed to read?"
I wish to prevent the samba messages (mainly nmbd and winbindd) from appearing in the system log (/var/log/messages). I want to allow samba logging to the standard samba logfiles, but prevent the syslog getting clogged up by samba. I added syslog = 0 to smb.conf and reloaded the config but the messages were still appearing. I also tried the following (and restarted the syslog via /sbin/service syslog restart) # Suppress messages from samba.
For interests sake the messages I'm getting are below (I'm not concerned about the messages themselves, I can chase them up at my leisure via the samba logs) Mar 18 09:58:29 SERVER nmbd[3808]: query_name_response: Multiple (2) responses received for a query on subnet xx.yy.z.zz for name DOMAIN<1d>. Mar 18 09:58:29 SERVER nmbd[3808]: This response was from IP xx.yy.z.zz, reporting an IP address of xx.yy.z.zz.
I can not manage file/folder permissions for created shares. I need get access from Win system to Linux shares. Actually I have access to its, but only to read folders and files. I tried to change permissions in create mask = 0765 and set it to 0777, but no success.
1.Added user # adduser samba # smbpasswd -a samba #set his password # smbpasswd -e samba #activating it 2. Installing SAMBA service
[Code].....
Folder /media/DATA/VIDEO not browseable and cant't enter it on Win system. It located on USB External HARD Drive, and attached to Linux system.
From a Win 7 client, I can copy/create/delete any files on any share on the Ubuntu Samba server so long that is part of my nix file system which is all ext4.This box also has and NTFS partition on it primarily for storage. I can copy/create/delete anything on this partition form the same Win 7 client with the exception of Quickbook save files.I have scoured the web looking for anything close to this but have yet to find anything that looks similar. Not lloking for a direct answer but if there is anyone else that has issues copying specific types of files to a Samba NTFS partition.
