I have the following directory shared for the user "pcbadmin". He/she
can mount and read/write without any difficulty:
[pcbdata]
comment = PCB Design Files
path = /home/pcbadmin/pcbdata
valid users = pcbadmin
public = no
writable = yes
Question: How can I make the same directory only readable by the rest of
the users ?
TIA, Ben
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
> Question: How can I make the same directory only readable by the rest of
> the users ?
[pcbdata]
comment = PCB Design Files
path = /home/pcbadmin/pcbdata
writable = no
write list = pcbadmin
--
Ciao,
Marco.
..."Dancing", Mike Keneally & Beer for Dolphins 2000
I惴 working hard on understing how to make trust relationship work between
to samba servers with ldap backend.
In my lab I have two Debian Sarge boxes running samba 3.0.7 with openldap
2.1.30. I joined each other domain with both machines. In the first one
(DOM1) I created the machine account with the command smbldap-useradd -a -i
DOM2 and set it愀 password. Did the same on the second box with
smbldap-useradd -a -i DOM3. The strange thing is that these trust domain
account doesn愒 have the $ simbol in front of it.
Next I扉e tried to add the trusting in DOM1 using the command "net rpc
trustdom add DOM2 123" and retyped the passsword. And did with DOM2 "net rpc
trustdom add DOM1 654" and retyped the password.
And then I tried to establish the trust relationship in DOM1 doing "net rpc
trustdom establish DOM2" typed the password 654 and got the following error:
[2004/09/21 10:53:19, 0] utils/net_rpc.c:rpc_trustdom_establish(3075)
Couldn't verify trusting domain account. Error was NT_STATUS_OK
Did the same on DOM2 and got the same error.
Does anybody have a clue of what I惴 doing wrong?
Thank愀 you all.
Gustavo
First, before setting up the trust relationship, you need to join each Samba
server to its own domain.
net rpc join
Then the setting up of the trust should work.
- John T.
>
> Thank´s you all.
>
> Gustavo
--
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668
Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
OpenLDAP by Example, ISBN: 0131488732
Other books in production.
Thank´s for answering, but still the same problem. I think is better for us
to go step by step.
Well, I joined the remote domain and the local domain with the net rpc join
command. Then after I tried to create the machine account with the command
net rpc trustdom add DOM2 654. Then I´m asked for another password:
dom1:~# net rpc trustdom add DOM2 654
Password:
What password is this one asked after the command. Anything I put there
don´t give me an error but doesn´t give me a sucessfull output later on "net
rpc trustdom list". Still giving me "none" in trusting and trusted domains
list. So I think before trying to reach the end, I should have to make a
trusting domains add sucessfull.
Can you tell me where is good docs about it or give me a step by step
configuration?
Thank´s once again.
Gustavo
Before you do this, use the smbldap-useradd tool to create the trust account.
Then set a pasword on it. That is the one you need to use.
- John T.
I cleanned all the entries from my ldap. Created the OUs again.
Joined the local and the remote domain.
dom1:/etc# net rpc join -S dom1 -U Administrator%passwd
dom1:/etc# net rpc join -S dom2 -U Administrator%passwd
Created the machine user:
dom1:/etc/smbldap-tools# smbldap-useradd -a -i dom2
New password : 123456
Retype new password : 123456
dom1:/etc/smbldap-tools# net rpc trustdom add dom2 123456
Password: 123456
Then I listed the trusts:
teste1:/etc/smbldap-tools# net rpc trustdom list
Password: (here, everything I type works)
Trusted domains list:
none
Trusting domains list:
none
Other tip?
Gustavo
No. Each machine needs to join its own domain.
- John T.
>
> Created the machine user:
>
> dom1:/etc/smbldap-tools# smbldap-useradd -a -i dom2
> New password : 123456
> Retype new password : 123456
> dom1:/etc/smbldap-tools# net rpc trustdom add dom2 123456
> Password: 123456
>
> Then I listed the trusts:
>
> teste1:/etc/smbldap-tools# net rpc trustdom list
> Password: (here, everything I type works)
> Trusted domains list:
>
> none
>
> Trusting domains list:
>
> none
>
> Other tip?
>
> Gustavo
--
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668
Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
OpenLDAP by Example, ISBN: 0131488732
Other books in production.
Just berfore I explain how it worked a last question. In NT networks we need
to replicate WINS between PDCs. Is this needed in samba? How does it work?
Or I have to use the same WINS server to all PDC over WAN? Not clear for me.
I did this way.
Joined the local domain.
Created a machine account with smbldap-useradd -w dom2 on domain 1 machine.
Then changed it´s password and at last changed the sambaAcctFlags in ldap db
to [I].
At this time the trusting was showed on list command.
Then I did the same on the domain 2 machine.
Ending the story I established the trust on dom1 with the command
net rpc trustdom establish dom2
and put the dom2 machine account password.
At last I repeated the process on machine dom2.
Logged on WinXP and everything was working fine.
Thank´s by the tips. Were very usefull.
Gustavo
You need to use one single WINS server. WINS replication is not yet fully
implemented and is therefore not functional.
- John T.
>
> I did this way.
>
> Joined the local domain.
>
> Created a machine account with smbldap-useradd -w dom2 on domain 1 machine.
>
> Then changed it´s password and at last changed the sambaAcctFlags in ldap
> db to [I].
>
> At this time the trusting was showed on list command.
>
> Then I did the same on the domain 2 machine.
>
> Ending the story I established the trust on dom1 with the command
>
> net rpc trustdom establish dom2
>
> and put the dom2 machine account password.
>
> At last I repeated the process on machine dom2.
>
> Logged on WinXP and everything was working fine.
>
> Thank´s by the tips. Were very usefull.
>
> Gustavo
--
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668
Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
OpenLDAP by Example, ISBN: 0131488732
Other books in production.
Let愀 start with another issue.
My other domains have quite unstable connections. So it愀 hard to work just
using the main WINS server in all offices. I need to maintain on each office
some kind of secondary WINS to respond just for the local network if the
primary fails.
Can I use simultaneously the wins support = yes and wins server = 10.0.0.2
(for example) entrys in a samba configuration and point a secondary WINS
server in the clients?
Gustavo
No. That does not work.
- John T.
--
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668
Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
OpenLDAP by Example, ISBN: 0131488732
Other books in production.