Date: Fri, 11 Mar 2005 22:26:36 +0000 From: freebsduser@comcast.net To: Joerg Pulz <Joerg.Pulz@frm2.tum.de> Cc: freebsd-questions@freebsd.org Subject: Re: Help Samba3 seems broke for me... Message-ID: <031120052226.21364.42321B1C00036F8D0000537422070009539C0201079B010307020E@comcast.net>
next in thread | raw e-mail | index | archive | help
-------------- Original message -------------- > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Fri, 11 Mar 2005 freebsduser@comcast.net wrote: > > > > > I am following the How To from this URL: > http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/FastStart.html#id2464 > 512 > > Here are some things that I've noticed: > > Group names appear all lower-case: > > getent missing, I am pretty sure that it can be found in Fedora Core 3 > > and also SuSe. The thing has always been missing in FreeBSD and the > > Samba3 docs may need updating. > > Created a usermap file but it doesn't appear to honor it: > > username map = /usr/local/etc/username.map > > = > > Inside mapped username directory on FreeBSD by way of XP browsing access > > is denied in creating anything. > > Inside mapped user's directory on FreeBSD via XP and when deleting > > something it goes away but then a refresh on XP window and the item > > returns. No access denied message is thrown. > > I don't know if I did it or Samba did it but in the /etc/passwd there > > are user names within the range of idmap uid/gid (This is on Samba > > 3.0.5) but on the Samba 3.0.11 no user names have been changed (they > > sill have the FreeBSD assigned Ids). > > idmap uid = 15000-20000 > > idmap gid = 15000-20000 > > in passwd; > > nagios:*:15035:15030::0:0:Nagios pseudo-user:/var/spool/nagios:/nonexistent > > Separator has changed from a '+' to a '\' (Wish somebody would stop doing > that, heck on a SuSe Machine, it once was an 'm' that one baffled me.) Unless of > course I'm thinking of something else, but still why did it go from TEL+ to > TEL\? > > Samba 3.0.5 wbinfo -g reports: > > TEL+Exchange Domain Servers > > Samba 3.0.11 wbinfo -g reports: > > TEL\exchange domain servers > > Oh, and most importantly... Thanks for helping with that CVS thing. Worked > great. My working system allows me to do the things I do while the 3.0.11 just > drives me nutso. I'm thinking of trying 3.0.5 on the other system to see if it > is behaving. But not just yet. > > uname -a reports (holding off upgrading the world for the moment): > > FreeBSD oracle.internal.qualmax.net 5.3-RELEASE FreeBSD 5.3-RELEASE #0: Fri > Nov 5 04:19:18 UTC 2004 > root@harlow.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 > > > > Here's my smb.conf (System is acting as a domain member) for 3.0.11 > > [global] > > workgroup = INTERNAL > > netbios name = ORACLE > > server string = %h server (Samba %v) > > security = DOMAIN > > username map = /usr/local/etc/username.map > > load printers = yes > > printcap name = cups > > printing = cups > > show add printer wizard = No > > idmap uid = 15000-20000 > > idmap gid = 15000-20000 > > winbind use default domain = Yes > > use sendfile = Yes > > log file = /var/log/samba/log.%m > > max log size = 50 > > socket options = TCP_NODELAY > > dns proxy = no > > #============================ Share Definitions ============================== > > [homes] > > comment = Home Directories > > browseable = no > > writable = yes > > # NOTE: If you have a BSD-style print system there is no need to > > # specifically define each individual printer > > [printers] > > comment = All Printers > > path = /var/spool/samba > > browseable = no > > # Set public = yes to allow user 'guest account' to print > > guest ok = no > > writable = no > > printable = yes > > hi, > > here are some short notes for the points you mentioned. > > - - getent missing > there is no Fedora or SuSE like getent in FreeBSD! > but you can use pw(8) to show all available users > - --- > prompt> pw usershow -a > - --- > if you think the samba documentation needs updating in this section, > please report it to the samba team. > > - - winbind separator change from + to \ > there is an smb.conf(5) option to change it back to + > the smb.conf(5) manpage says: > - --- > Please note that setting this parameter to + causes problems > with group membership at least on glibc systems, as the character + is > used as a special character for NIS in /etc/group. > - --- > if it was sometimes an m on SuSE system, it was due to modifications made > by the SuSE people. neither the samba team nor FreeBSD has anything to do > with it. > > - - username map option > you should carefully read the smb.conf(5) manpage as there where some > changes around samba-3.0.8 in this area. > you should also read the Release Notes for samba-3.0.8 for clarification. > > - - nagios account > the account with this uid comes from installing the net-mgmt/nagios port > the uid is automatically generated, but you can simply change it and > chown(8) all files and diretories belonging to the old uid to the new one. > > - - file deletion using the WinXP box > i will not try to analyze this until you have taken the above comments > into account. > > Joerg Hmm for the winbind separator, didn't know that. I figure if I did wbinfo -g and it had either a + or a \ then that's what I was also suppose to put in the smb.conf. Dunno why, must have been reading the docs and figured if that's what they put then that's what I should put. Bad suse people for confusing the heck out of me. That was bad, because I had an account with an m in it's name and it only showed up at pest. I was like, what person went in and changed my directory from tempest to pest. hehe. Arrgh. I just want it to work the way it did. I put in my user map file and was hoping that once I mapped my unix name to my windows name that life and the universe as we know it would not implode. Now it looks like it's going to implode. For example, if my Windows account is Tom Jones and my FreeBSD account is samba_challenged my map file is set to samba_challenged = "Tom Jones" and thusly when my XP system connects to Samba I get to see samba_challenged's home share and I get to read, write, edit and delete things from it. I understand that about the nagios account, I should have clarified that what I was meaning is that there are accounts on the FreeBSD user base with 15000+ numbers and that any new accounts I create on the system will have a 15000+ number. I just don't remember doing it myself to my original uid which had 1001 but sometime after Samba installation the number changed to 15028. As for the reading, writing, and other mysteries... .it's still doing it. But my nice little 3.0.5 is allowing me to do what I want with no fuss. I checked a 3.0.11 log that has my computer's name and found this (The names have been changed to protect the innocent, me.)--- snooping (192.168.20.2) connect to service samba_challenged initially as user MYDOMAIN\"Tom Jones" (uid=15000, gid=15001) (pid 17960) So I bet if I were to go in to my group and vipw and change things to for the samba_challenged account that all in the world would be right. You think? But then man smb.conf says not to have any local or NIS groups or strange things happen with conflicting gid and uid. Oddly I don't recall how my gid or uid got changed on the system running 3.0.5 for users. But strange things aren't happening, other than it works. Under 3.0.11 looks like my user map file isn't working or it is but up to a point because Samba isn't translating it back to my Unix gid/uid. For giggles, I chowned my samba_challenged:samba_challenged home directory to "Tom Jones":"domain users" and suddenly 3.0.11 decides I can do things to it. But from what I can tell I'm not suppose to have overlapping gid or uid because of conflictsn (The overlap would occur if I thusly vipw and vi groups to reflect "Tom Jones":"domain users" or rather changing samba_challenged to match the Samba assigned uid/gids of 15000 and 15001). Changing it back to samba_challenged:samba_challenged and I get no loving from the Samba via XP. Looks like the gid/uid mechanism is funky some place. Or not, because maybe I'm not getting it. Something os FUBAR someplace, just not sure where now. :~(
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?031120052226.21364.42321B1C00036F8D0000537422070009539C0201079B010307020E>