Zugriff auf Samba freigaben

[floe-de]

Hallo,

ich habe einen Gentoo Server mit verschiedenen Freigaben über Samba.
Beim Client Zugriff von Windows gibt es auch keine Probleme nur beim Zugriff
von Linux habe ich Schwierigkeiten, da mein Benutzer keine Schreibrechte hat und
nicht einmal in die Verzeichnisse schauen darf.

Es gibt auf dem Server einen User mit meinem Namen, dann meinen Benutzeraccount und
auch einen Sambauser mit dem selben Namen.

Die Freigaben sind im nach folgendem Beispiel in der Fstab beim Start gemountet
//Server/home /mnt/server/home smbfs user,credentials=/etc/s/etc/samba/private/login,iocharset=iso8859-15 0 0


Wie schaffe ich es, dass mein Linux User Schreibzugriff auf die Samba freigaben hat ?

[SvenFischer]

Ich als Anfänger traue mich kaum eine Empfehlung wie diese auszusprechen:

Nimm webmin und plötzlich hat es bei mir ohne Wissen dazu funktioniert!

app-admin/webmin
Latest version available: 1.160
Latest version installed: 1.160
Size of downloaded files: 8,301 kB
Homepage: http://www.webmin.com/
Description: Webmin, a web-based system administration interface
License: BSD
_________________
Core2Duo, 4GB RAM, AMD/ATI 4850 and nice person in front!

[floe-de]

Also, danke SvenFischer ich werde zwar noch versuchen das Problem ohne ein extra Tool
zu beheben, aber danke für den Tipp.

[m.b.j.]

Poste mal deine smb.conf!
_________________
root@mbj # echo "sys-pizza/calzone -tunfish" >> /etc/paludis/use.conf
root@mbj # paludis -i calzone --dl-blocks discard

[dakjo]

[floe-de]

Ja es war ein Tippfehler die Zeile sieht so aus wie du sie verbessert hast ! Danke.

Ich habe mal user,fmask=0777,dmask=0777 in die Zeile eingebaut aber ohne Erfolg
nun sehe ich in Gnome außer dem roten Kreuz auch noch das gelbe Schloß.

Somit poste ich hier mal meine ewig lange smb.conf (in den Anfängen von Kommenaten befreit)


[global]
workgroup = WORKGROUP
; netbios name = <name_of_this_server>
server string = Samba Server %v on VIPER
; message command = /usr/bin/linpopup "%f" "%m" %s; rm %s

# 2. Printing Options:
printcap name = cups
load printers = yes
printing = cups
printer admin = @adm
; printer admin = @"Domain Admins"

# 3. Logging Options:
log file = /var/log/samba3/log.%m
max log size = 50
; log level = 3

# 4. Security and Domain Membership Options:
; hosts allow = 192.168.1. 192.168.2. 127.
; guest account = pcguest
map to guest = bad user
security = user
; password server = <NT-Server-Name>
; password server = *
; password level = 8
; username level = 8
encrypt passwords = yes
smb passwd file = /etc/samba/private/smbpasswd
; unix password sync = Yes
; pam password change = yes
; passwd program = /usr/bin/passwd %u
; passwd chat = *New*UNIX*password* %n\n *Re*ype*new*UNIX*password* %n\n \
;*passwd:*all*authentication*tokens*updated*successfully*
; username map = /etc/samba/smbusers
; include = /etc/samba/smb.conf.%m

; winbind use default domain = yes
; template homedir = /home/%D/%U
; obey pam restrictions = yes
; template shell = /bin/bash

# 5. Browser Control and Networking Options:
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
; interfaces = 192.168.12.2/24 192.168.13.2/24
; remote browse sync = 192.168.3.25 192.168.5.255
; remote announce = 192.168.1.255 192.168.2.44
; local master = no
; os level = 33
; domain master = yes
; preferred master = yes

# 6. Domain Control Options:
; domain logons = yes
; logon script = %m.bat
; logon script = %U.bat
; logon path = \\%L\Profiles\%U
; logon home = \\%L\%U\.profile
; add user script = /usr/sbin/useradd -s /bin/false '%u'
; delete user script = /usr/sbin/userdel '%s'
; add user to group script = /usr/bin/gpasswd -a '%u' '%g'
; delete user from group script = /usr/bin/gpasswd -d '%u' '%g'
; set primary group script = /usr/sbin/usermod -g '%g' '%u'
; add group script = /usr/sbin/groupadd %g && getent group '%g'|awk -F: '{print $3}'
; delete group script = /usr/sbin/groupdel '%g'

; add user script = /usr/share/samba/scripts/smbldap-useradd.pl '%u'
; delete user script = /usr/share/samba/scripts/smbldap-userdel.pl '%u'
; add user to group script = /usr/share/samba/scripts/smbldap-groupmod.pl -m '%u' '%g'
; delete user from group script = /usr/share/samba/scripts/smbldap-groupmod.pl -x '%u' '%g'
; set primary group script = /usr/share/samba/scripts/smbldap-usermod.pl -g '%g' '%u'
; add group script = /usr/share/samba/scripts/smbldap-groupadd.pl '%g' && /usr/share/samba/scripts/smbldap-groupshow.pl %g|awk '/^gidNumber:/ {print $2}'
; delete group script = /usr/share/samba/scripts/smbldap-userdel.pl '%g'

; add machine script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Account' -s /bin/false -M '%u'

; add machine script = /usr/share/samba/scripts/smbldap-useradd.pl -w -d /dev/null -g machines -c 'Machine Account' -s /bin/false '%u'

;passdb backend = smbpasswd guest
passdb backend = tdbsam smbpasswd guest
; passdb backend = ldapsam:ldaps://ldap.mydomain.com smbpasswd guest
; passdb backend = ldapsam_compat:ldaps://ldap.mydomain.com smbpasswd guest

; idmap uid = 10000-20000
; idmap gid = 10000-20000

; ldap admin dn = cn=root,dc=mydomain,dc=com
; ldap ssl = start_tls
; ldap port = 389
; ldap suffix = dc=mydomain,dc=com
; ldap server = ldap.mydomain.com
; ldap machine suffix = ou=Hosts
; ldap user suffix = ou=People
; ldap group suffix = ou=Group
; ldap idmap suffix = ou=Idmap
; ldap machine suffix = cn=Computers
; ldap user suffix = cn=Users
; ldap group suffix = cn=Groups
; ldap idmap suffix = cn=Idmap


# 7. Name Resolution Options:
; name resolve order = wins lmhosts bcast

# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
; wins support = yes

# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
; wins server = w.x.y.z

# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one WINS Server on the network. The default is NO.
; wins proxy = yes

# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The built-in default for versions 1.9.17 is yes,
# this has been changed in version 1.9.18 to no.
dns proxy = no

# 8. File Naming Options:
# Case Preservation can be handy - system default is _no_
# NOTE: These can be set on a per share basis
; preserve case = no
; short preserve case = no
# Default case is normally upper case for all DOS files
; default case = lower
# Be very careful with case sensitivity - it can break things!
; case sensitive = no

# Enabling internationalization:
# you can match a Windows code page with a UNIX character set.
# Windows: 437 (US), 737 (GREEK), 850 (Latin1 - Western European),
# 852 (Czech), 861 (???), 932 (Japanese),
# 936 (Simplified Chin.), 949 (Korean Hangul),
# 950 (Trad. Chin.).
# More detail about code page is in
# "http://www.microsoft.com/globaldev/reference/oslocversion.mspx"
# UNIX: ISO8859-1 (Western European), ISO8859-2 (Eastern Eu.),
# ISO8859-5 (Russian Cyrillic), KOI8-R (Alt-Russ. Cyril.)
# This is an example for french users:
; dos charset = 850
; unix charset = ISO8859-1


#============================ Share Definitions ==============================
[homes]
comment = Home Directories
browseable = no
writable = yes
# You can enable VFS recycle bin on a per share basis:
# Uncomment the next 2 lines (make sure you create a
# .recycle folder in the base of the share and ensure
# all users will have write access to it. See
# examples/VFS/recycle/REAME in the samba docs for details
; vfs object = /usr/lib/samba/vfs/recycle.so

# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
; comment = Network Logon Service
; path = /var/lib/samba/netlogon
; guest ok = yes
; writable = no

# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;[Profiles]
; path = /var/lib/samba/profiles
; browseable = no
; guest ok = yes
# This script can be enabled to create profile directories on the fly
# You may want to turn off guest acces if you enable this, as it
# hasn't been thoroughly tested.
;root preexec = PROFILE=/var/lib/samba/profiles/%u; if [ ! -e $PROFILE ]; \
; then mkdir -pm700 $PROFILE; chown %u:%g $PROFILE;fi

# NOTE: If you have a CUPS print system there is no need to
# specifically define each individual printer.
# You must configure the samba printers with the appropriate Windows
# drivers on your Windows clients. On the Samba server no filtering is
# done. If you wish that the server provides the driver and the clients
# send PostScript ("Generic PostScript Printer" under Windows), you have
# to swap the 'print command' line below with the commented one.
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
# to allow user 'guest account' to print.
guest ok = yes
writable = no
printable = yes
create mode = 0700
# =====================================
# print command: see above for details.
# =====================================
print command = lpr-cups -P %p -o raw %s -r # using client side printer drivers.
; print command = lpr-cups -P %p %s # using cups own drivers (use generic PostScript on clients).
# The following two commands are the samba defaults for printing=cups
# change them only if you need different options:
; lpq command = lpq -P %p
; lprm command = cancel %p-%j

# This share is used for Windows NT-style point-and-print support.
# To be able to install drivers, you need to be either root, or listed
# in the printer admin parameter above. Note that you also need write access
# to the directory and share definition to be able to upload the drivers.
# For more information on this, please see the Printing Support Section of
# /usr/share/doc/samba-<version>/Samba-HOWTO-Collection.pdf
[print$]
path = /var/lib/samba/printers
browseable = yes
read only = yes
write list = @adm root
guest ok = yes

# This one is useful for people to share files
;[tmp]
; comment = Temporary file space
; path = /tmp
; read only = no
; public = yes

# A publicly accessible directory, but read only, except for people in
# the "staff" group
;[public]
; comment = Public Stuff
; path = /home/samba/public
; public = yes
; writable = no
; write list = @staff
# Audited directory through experimental VFS audit.so module:
# Uncomment next line.
; vfs object = /usr/lib/samba/vfs/audit.so

# Other examples.
#
# A private printer, usable only by Fred. Spool data will be placed in Fred's
# home directory. Note that fred must have write access to the spool directory,
# wherever it is.
;[fredsprn]
; comment = Fred's Printer
; valid users = fred
; path = /homes/fred
; printer = freds_printer
; public = no
; writable = no
; printable = yes

# A private directory, usable only by Fred. Note that Fred requires write
# access to the directory.
;[fredsdir]
; comment = Fred's Service
; path = /usr/somewhere/private
; valid users = fred
; public = no
; writable = yes
; printable = no

# a service which has a different directory for each machine that connects
# this allows you to tailor configurations to incoming machines. You could
# also use the %u option to tailor it by user name.
# The %m gets replaced with the machine name that is connecting.
;[pchome]
; comment = PC Directories
; path = /usr/pc/%m
; public = no
; writable = yes

# A publicly accessible directory, read/write to all users. Note that all files
# created in the directory by users will be owned by the default user, so
# any user with access can delete any other user's files. Obviously this
# directory must be writable by the default user. Another user could of course
# be specified, in which case all files would be owned by that user instead.
;[public]
; path = /usr/somewhere/else/public
; public = yes
; only guest = yes
; writable = yes
; printable = no

# The following two entries demonstrate how to share a directory so that two
# users can place files there that will be owned by the specific users. In this
# setup, the directory should be writable by both users and should have the
# sticky bit set on it to prevent abuse. Obviously this could be extended to
# as many users as required.
;[myshare]
; comment = Mary's and Fred's stuff
; path = /usr/somewhere/shared
; valid users = mary fred
; public = no
; writable = yes
; printable = no
; create mask = 0765

[floe-de]

Hab es nocheinmal Versucht die Zeile mit dem umask=0222 Attribut, leider kein Erfolg.

Wenn ich in Nautilus mir die Eigenschaftend es Ordners anschaue steht dort folgendes:
Dateibesitzer : 1001
Gruppe der Datei: messagebus
Zahlenansicht: 700

Woher kommt die Gruppe messagebus ?

Ich hab meinen Benutzer dort mal eingetragen und auch die ID meines Benutzers auf 1001 geändert, aber dieses Vorhaben war nicht wirklich von Erefolg gekrönt.

Nach einem Neustart hatte ich keine Berechtigung mehr auf meine Konfigurationsfiles und dann
habe ich die Benutzer ID wieder auf 1000 gesetzt.

[m.b.j.]

Also, ich hatte mit samba ähnliche probs:

deaktieviere die unix extensions (auf dem Server)

[floe-de]

Hallo,
nachdem ich die Option in die Server smb.conf eingetragen hatte und den Samba Service restartet wurde habe ich nun wirklich Zugriff auf alle Ordner. Danke !

Es fehlen mir zwar noch Berechtigungen etwas zu erstellen, zu löschen oder zu ändern
aber das liegt daran, dass nun alle Dateien dem Root zugeordnet sind und ich als User dann
nätürlich icht ändern darf.

Hoffe aber dies werde ich mit dem umask Befehl ändern können...