| View previous topic :: View next topic |
| Author |
Message |
igodit
n00b
Joined: 24 Jun 2004
Posts: 6
Location: Kingston, Jamaica
|
 Posted: Sun Feb 27, 2005 11:12 pm Post subject: Samba Share Problems |
 |
|
I have installed Samba+LDAP as PDC and setup share folder(s) however I'm unable to read files after they have been written to the share. For example I would copy a text document to the share and will attempting to open it I get "Access Denied".
| Code: |
[global]
workgroup = ELITEORG
netbios name = logos
server string = PDC
os level = 65
prefered master = yes
local master = yes
domain master = yes
security = user
; socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
; Performance modification
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=20480 SO_SNDBUF=20480
; Domain Control Options
domain logons = yes
logon script = login.bat
logon path = \\%L\profiles\%U
logon drive = H:
logon home = \\%L\%U\.9xprofile
; Logging options
log level = 3
log file = /var/log/samba.log.%m
max log size = 50
interfaces = lo eth0
bind interfaces only = yes
null passwords = no
hide unreadable = yes
hide dot files = yes
; WINS support
wins support = yes
name resolve order = wins lmhosts hosts bcast
dns proxy = no
; Time server suport
time server = yes
Dos charset = 850
Unix charset = ISO8859-1
passdb backend = ldapsam:ldap://127.0.0.1
; SAMBA-LDAP declarations
ldap passwd sync = Yes
ldap admin dn = cn=Manager,dc=ELITEORG,dc=LAN
ldap suffix = dc=ELITEORG,dc=LAN
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap ssl = no
; Idealx scripts
add machine script = /usr/share/samba/scripts/smbldap-useradd -w "%u"
add user script = /usr/share/samba/scripts/smbldap-useradd -m "%u"
ldap delete dn = Yes
add machine script = /usr/share/samba/scripts/smbldap-useradd -w "%u"
add group script = /usr/share/samba/scripts/smbldap-groupadd -p "%g"
add user to group script = /usr/share/samba/scripts/smbldap-groupmod -m "%u" $
delete user from group script = /usr/share/samba/scripts/smbldap-groupmod -x $
set primary group script = /usr/share/samba/scripts/smbldap-usermod -g "%g" "$
; clamav settings
vfs object = vscan-clamav
vscan-clamav: config-file = /etc/samba/vscan-clamav.conf
; Shares
[netlogon]
path = /home/samba/netlogon
public = no
writeable = no
browseable = no
[homes]
path = /home/%U
browseable = no
valid users = %S
writable = yes
guest ok = no
inherit permissions = yes
[profiles]
path = /home/samba/profiles
browseable = no
writeable = yes
default case = lower
preserve case = no
short preserve case = no
case sensitive = no
hide files = /desktop.ini/ntuser.ini/NTUSER.*/
write list = U%
create mode = 0600
directory mode = 0700
[music]
comment = Music
path = /home/samba/music
public = yes
writeable = yes
read only = no
browseable = yes
write list = U% @"Domain users"
|
The permissions on the folders are as follows
| Code: |
# ls -al /home/samba/
total 20
drwxr-xr-x 5 root root 4096 Feb 25 08:14 .
drwxr-xr-x 5 root root 4096 Jan 6 10:11 ..
drwxr-xr-x 2 root root 4096 Feb 25 08:27 music
drwxr-xr-x 2 root root 4096 Feb 25 08:12 netlogon
drwxr-xr-x 2 root root 4096 Feb 25 08:12 profiles
|
_________________
igodit |
|
| Back to top |
|
 |
Will Scarlet
Apprentice
Joined: 19 Mar 2004
Posts: 239
|
| Posted: Mon Feb 28, 2005 5:52 pm Post subject: |
|
|
I believe that you have two problems:
1. With your smb.conf file for your Music share:
| igodit wrote: | | write list = U% @"Domain users" |
The list is not valid. With @ the group should be the Unix group not the mapped Windows group. I also don't believe the U% is valid. From what I gather, this list should only consist of users and/or groups.
2. With permissions on your Music share:
| igodit wrote: | | drwxr-xr-x 2 root root 4096 Feb 25 08:27 music |
This is really dependant on how you are trying to implement permissions.
A. If you don't care who has permissions to write to the share, do a "chmod 777 music".
B. If you are trying to limit write access by group change the group, "chgrp [group name here] music", then "chmod 775 music".
C. If you are trying to limit access to only a particular grouip, then follow suggestion B for the group then "chmod 770 music"
Hope this helps... |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
