Roberto Spedale - Studio Progetto Ambiente
2017-Mar-03 13:04 UTC
[Samba] Samba as BDC: unable to write on shared folders
ps://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html)> Can I ask why you are setting up an NT4-style domain, you do know that > Windows made them EOL quite a long time ago and is trying to make them > hard to use with the newer versions of Windows. > > Also, the howto that you refer to is extremely old is not recommended > anymore. >Many thanks Penny! I know is not recommended but I have just inherited the management of the corporate network from a former colleague and now I do not have a great experience and I would like to proceed gradually.> Can you post the smb.conf files from the PDC& BDC. > > Rowland > > >S.O. Centos 6.8 on PDC & BDC _* SMB.conf PDC*_ [global] workgroup = SPADOMAIN security = user idmap uid = 10000-20000 idmap gid = 10000-20000 template shell = /bin/false winbind use default domain = yes server string = Samba Server Version %v netbios name = NEWSERVERSPA interfaces = lo eth2 hosts allow = 127. 192.168.0. # logs split per machine log file = /var/log/samba/log.%m # max 50KB per log file, then rotate max log size = 50 passdb backend = tdbsam domain master = yes domain logons = yes logon path add user script = /usr/sbin/useradd "%u" -n -g users add group script = /usr/sbin/groupadd "%g" add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u" delete user script = /usr/sbin/userdel "%u" delete user from group script = /usr/sbin/userdel "%u" "%g" delete group script = /usr/sbin/groupdel "%g" logon drive = X: admin users = root, administrator hostname lookups = Yes username map = /etc/samba/smbusers client lanman auth = No client plaintext auth = No time server = Yes log level = 3 os level = 33 preferred master = yes name resolve order = wins bcast hosts wins support = yes dns proxy = no load printers = yes show add printer wizard = yes printcap name = cups printing = cups cups options = raw use client driver = no printcap cache time = 750 [print$] comment = Printer Drivers path = /var/lib/samba/drivers guest ok = no browsable = yes read only = yes write list = root administrator Administrator [printers] comment = All Printers path = /var/spool/samba browseable = yes guest ok = yes writable = no printable = yes [netlogon] comment = Network Logon Service path = /var/lib/samba/scripts read only = No browseable = No [homes] comment = Home Directories path = /home/%U valid users = %U read only = No browseable = No [Commesse] path = /home/shares/Commesse read only = No create mask = 0666 directory mask = 0777 inherit permissions = Yes map archive = No [Amministrazione] path = /home/shares/Amministrazione read list = @amministrazione write list = @amministrazione read only = No create mask = 0660 directory mask = 02770 inherit permissions = Yes map archive = No [Insound] path = /home/shares/Insound read list = @insound write list = @insound read only = No create mask = 0660 directory mask = 02770 inherit permissions = Yes map archive = No browseable = No [Documentazione] path = /home/shares/Documentazione read only = No create mask = 0666 directory mask = 0777 inherit permissions = Yes map archive = No [Qualita] path = /home/shares/Qualita read only = No [Archivio] path = /home/shares/Archivio read only = Yes write list = @ntadmins inherit permissions = Yes map archive = No [Offerte] path = /home/shares/Offerte read only = No create mask = 0666 directory mask = 0777 inherit permissions = Yes map archive = No _*SMB.conf PDC*_ [global] workgroup = SPADOMAIN security = user idmap uid = 10000-20000 idmap gid = 10000-20000 template shell = /bin/false winbind use default domain = yes server string = Samba Server Version %v netbios name = SERVER2017 interfaces = lo em1 hosts allow = 127. 192.168.0. # logs split per machine log file = /var/log/samba/log.%m # max 50KB per log file, then rotate max log size = 50 passdb backend = tdbsam domain master = no domain logons = yes # disables profiles support by specifing an empty path logon path add user script = /usr/sbin/useradd "%u" -n -g users add group script = /usr/sbin/groupadd "%g" add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u" delete user script = /usr/sbin/userdel "%u" delete user from group script = /usr/sbin/userdel "%u" "%g" delete group script = /usr/sbin/groupdel "%g" #Aggiunto dal vecchio server logon drive = X: admin users = root, administrator #cambiato da versione presente su master hostname lookups = no username map = /etc/samba/smbusers client lanman auth = No client plaintext auth = No log level = 3 preferred master = no name resolve order = wins bcast hosts wins support = no dns proxy = no load printers = no show add printer wizard = yes printcap name = cups printing = cups cups options = raw use client driver = no printcap cache time = 750 [print$] comment = Printer Drivers path = /var/lib/samba/drivers guest ok = no browsable = yes read only = yes write list = root administrator Administrator [printers] comment = All Printers path = /var/spool/samba browseable = yes guest ok = yes writable = no printable = yes [netlogon] comment = Network Logon Service path = /var/lib/samba/scripts read only = No browseable = No [homes] comment = Home Directories path = /home/%U valid users = %U read only = No browseable = No [Commesse] path = /home/shares/Commesse read only = No create mask = 0666 directory mask = 0777 inherit permissions = Yes map archive = No [Amministrazione] path = /home/shares/Amministrazione read list = @amministrazione write list = @amministrazione read only = No create mask = 0660 directory mask = 02770 inherit permissions = Yes map archive = No [Insound] path = /home/shares/Insound read list = @insound write list = @insound read only = No create mask = 0660 directory mask = 02770 inherit permissions = Yes map archive = No browseable = No [Documentazione] path = /home/shares/Documentazione read only = No create mask = 0666 directory mask = 0777 inherit permissions = Yes map archive = No [Qualita] path = /home/shares/Qualita read only = No [Offerte] path = /home/shares/Offerte read only = No create mask = 0666 directory mask = 0777 inherit permissions = Yes map archive = No
Rowland Penny
2017-Mar-03 13:41 UTC
[Samba] Samba as BDC: unable to write on shared folders
On Fri, 03 Mar 2017 14:04:53 +0100 Roberto Spedale - Studio Progetto Ambiente <r.spedale at progambiente.it> wrote:> ps://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html) > > Can I ask why you are setting up an NT4-style domain, you do know > > that Windows made them EOL quite a long time ago and is trying to > > make them hard to use with the newer versions of Windows. > > > > Also, the howto that you refer to is extremely old is not > > recommended anymore. > > > > Many thanks Penny! > I know is not recommended but I have just inherited the management of > the corporate network from a former colleague and now I do not have a > great experience and I would like to proceed gradually. >Hi Spedale, Can I suggest you speed up, overtake that slow, liable to breakdown NT4 domain and use a Samba AD domain ? I think you will find it easier than trying to get the NT4-style domain working, plus you get the opportunity to manage it from windows via ADUC, or from Linux via samba-tool. Most of what you will learn by using the NT4 domain isn't used in an AD domain, plus there is a lot you can do with an AD domain that you cannot do with an NT4 domain, GPO's for instance. The only problem that I can see, you are using Centos and, at the present, you cannot set up an AD DC with the OS packages. It is only a small problem, you could compile Samba yourself on Centos, or change to another OS such as Debian and then use Louis Van Belle's packages from here: https://downloads.van-belle.nl/samba4/samba-4.5.3/ These are the most up-to-date free packages available at the present, though no doubt Louis is working on later packages. Rowland
Roberto Spedale - Studio Progetto Ambiente
2017-Mar-03 14:18 UTC
[Samba] Samba as BDC: unable to write on shared folders
> Hi Spedale, Can I suggest you speed up, overtake that slow, liable to > breakdown NT4 domain and use a Samba AD domain ? > > I think you will find it easier than trying to get the NT4-style domain > working, plus you get the opportunity to manage it from windows via > ADUC, or from Linux via samba-tool. >Thank you Rowland! Surely I will follow your advice in the coming months when we acquire the new office server. For now I was hoping to solve the problem and to secure the network. do you see something wrong in smb.conf? Or is there any test I can do to see if the problem is the samba configuration or the permissions on the server?