|

»

Samba - General

Windows clients connecting to Samba with OpenLDAP password backend

View: New views

4 Messages — Rating Filter: Alert me

	Windows clients connecting to Samba with OpenLDAP password backend by t12nslookup :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message I am having real troubles with one of our servers. Background: We have been using samba in our company for more than 11 years now, since version 1.9.16 ... We run Sun Solaris on our servers. We used to run NIS+ as our password system, but due to it's almost impossibility to manage (basically only I knew how) we've moved to LDAP ... We have now decided to centralize all our Samba passwords into the LDAP. On the one machine configured to use LDAP for passwords we have a mysterious problem, If we access the machine via a Windows computer (XP, Vista, etc) we can create files and folders we can even rename and delete folders, but we cannot rename or delete files. If we access the machine via a Solaris or Linux machine using smbclient we can do everything. I originally wondered if it was due to the Sun compiled Samba 3.0.35 server that is installed, so i removed it and compiled in 3.4.2 with OpenLDAP support, but it has exactly the same issues. This problem does not occur on our other machines (that run ldap as their naming service in all but samba) ... I'm happy to show all relevant information and logs/debugs if necessary. I have seen some people talk about this before on the internet, but there doesn't appear to be any answer. Thanks in advance. Jon PS. Sorry for posting to more than one section (Posted to smb-clients as well) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
	Re: Windows clients connecting to Samba with OpenLDAP password backend by Adam Tauno Williams :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Mon, 2009-11-02 at 12:56 +0000, Jonathan Adams wrote: > I am having real troubles with one of our servers. > Background: > We have been using samba in our company for more than 11 years now, since > version 1.9.16 ... > We run Sun Solaris on our servers. > We used to run NIS+ as our password system, but due to it's almost > impossibility to manage (basically only I knew how) we've moved to LDAP ... > We have now decided to centralize all our Samba passwords into the LDAP. Because LDAP is easier to manage! :) I've been an OpenLDAP admin for 10 + years... that really illustrates how horrible NIS was. > On the one machine configured to use LDAP for passwords we have a mysterious > problem, If we access the machine via a Windows computer (XP, Vista, etc) we > can create files and folders we can even rename and delete folders, but we > cannot rename or delete files. This sounds like a basic permissions problem. If NSS is working, and you've authenticated, it pretty much has to be a permissions problem. > If we access the machine via a Solaris or Linux machine using smbclient we > can do everything. Maybe those are invoking "unix extensions". I've got no clue how that specifically would effect permission handling. > I originally wondered if it was due to the Sun compiled Samba 3.0.35 server > that is installed, so i removed it and compiled in 3.4.2 with OpenLDAP > support, but it has exactly the same issues. Which even more strongly points to a permissions issue. > This problem does not occur on our other machines (that run ldap as their > naming service in all but samba) ... I'm not sure what this means. > I'm happy to show all relevant information and logs/debugs if > necessary > I have seen some people talk about this before on the internet, but there > doesn't appear to be any answer. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
	Re: Windows clients connecting to Samba with OpenLDAP password backend by Gaiseric Vandal :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Are you using UFS or ZFS on the underlying file system- ZFS has a lot more granularity - which is both a blessing and curse when it comes do ZFS / Windows ACL integration. Although why smbclient should be different either I don't know. Are the initial ACL entries the same on a new file or directory when created with Windows vs smbclient? Are you using winbind at all? Is the server a PDC? Are there multiple servers? I ran into one issue with samba member servers in a domain: if I set looked at permissions via windows it would show entries for "UNIX/somename" not "MYDOMAIN/somename." (this was when I was using LDAP for unix accounts but not for the actual samba passwords. On 11/02/09 08:38, Adam Tauno Williams wrote: > On Mon, 2009-11-02 at 12:56 +0000, Jonathan Adams wrote: > >> I am having real troubles with one of our servers. >> Background: >> We have been using samba in our company for more than 11 years now, since >> version 1.9.16 ... >> We run Sun Solaris on our servers. >> We used to run NIS+ as our password system, but due to it's almost >> impossibility to manage (basically only I knew how) we've moved to LDAP ... >> We have now decided to centralize all our Samba passwords into the LDAP. >> > Because LDAP is easier to manage! :) I've been an OpenLDAP admin for 10 > + years... that really illustrates how horrible NIS was. > > >> On the one machine configured to use LDAP for passwords we have a mysterious >> problem, If we access the machine via a Windows computer (XP, Vista, etc) we >> can create files and folders we can even rename and delete folders, but we >> cannot rename or delete files. >> > This sounds like a basic permissions problem. If NSS is working, and > you've authenticated, it pretty much has to be a permissions problem. > > >> If we access the machine via a Solaris or Linux machine using smbclient we >> can do everything. >> > Maybe those are invoking "unix extensions". I've got no clue how that > specifically would effect permission handling. > > >> I originally wondered if it was due to the Sun compiled Samba 3.0.35 server >> that is installed, so i removed it and compiled in 3.4.2 with OpenLDAP >> support, but it has exactly the same issues. >> > Which even more strongly points to a permissions issue. > > >> This problem does not occur on our other machines (that run ldap as their >> naming service in all but samba) ... >> > I'm not sure what this means. > > >> I'm happy to show all relevant information and logs/debugs if >> necessary >> I have seen some people talk about this before on the internet, but there >> doesn't appear to be any answer. >> > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
	Re: Windows clients connecting to Samba with OpenLDAP password backend by t12nslookup :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message I was wrong ... the issue in this case was caused 100% by the line "profile acls = Yes" in the global section rather than the profiles section, it had nothing to do with our OpenLDAP setup (thankfully), and nothing to do with the ZFS partitions/NFS partitions ... moving the "profile acl" line from the global to the profiles section fixed all the issues, on all versions. thanks, you have no idea how many days I've been staring at this thing :) Jon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba