Help!

[Samba] Windows clients connecting to Samba with OpenLDAP ..

  
  
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> Samba RSS
Next:  Bug#533023: sqlite backend does not parse priorit..  
Author Message
Jonathan Adams
External


Since: Nov 02, 2009
Posts: 1
PostPosted: Mon Nov 02, 2009 9:10 am    Post subject: [Samba] Windows clients connecting to Samba with OpenLDAP password backend
Archived from groups: linux>samba (more info?)
I am having real troubles with one of our servers.

Background:
We have been using samba in our company for more than 11 years now, since
version 1.9.16 ...
We run Sun Solaris on our servers.
We used to run NIS+ as our password system, but due to it's almost
impossibility to manage (basically only I knew how) we've moved to LDAP ...
We have now decided to centralize all our Samba passwords into the LDAP.

On the one machine configured to use LDAP for passwords we have a mysterious
problem, If we access the machine via a Windows computer (XP, Vista, etc) we
can create files and folders we can even rename and delete folders, but we
cannot rename or delete files.

If we access the machine via a Solaris or Linux machine using smbclient we
can do everything.

I originally wondered if it was due to the Sun compiled Samba 3.0.35 server
that is installed, so i removed it and compiled in 3.4.2 with OpenLDAP
support, but it has exactly the same issues.

This problem does not occur on our other machines (that run ldap as their
naming service in all but samba) ...

I'm happy to show all relevant information and logs/debugs if necessary.

I have seen some people talk about this before on the internet, but there
doesn't appear to be any answer.

Thanks in advance.

Jon

PS. Sorry for posting to more than one section (Posted to smb-clients as well)
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Back to top
Adam Tauno Williams
External


Since: Dec 14, 2004
Posts: 25
PostPosted: Mon Nov 02, 2009 9:10 am    Post subject: Re: [Samba] Windows clients connecting to Samba with OpenLDAP password backend [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
On Mon, 2009-11-02 at 12:56 +0000, Jonathan Adams wrote:
> I am having real troubles with one of our servers.
> Background:
> We have been using samba in our company for more than 11 years now, since
> version 1.9.16 ...
> We run Sun Solaris on our servers.
> We used to run NIS+ as our password system, but due to it's almost
> impossibility to manage (basically only I knew how) we've moved to LDAP ...
> We have now decided to centralize all our Samba passwords into the LDAP.

Because LDAP is easier to manage! Smile I've been an OpenLDAP admin for 10
+ years... that really illustrates how horrible NIS was.

> On the one machine configured to use LDAP for passwords we have a mysterious
> problem, If we access the machine via a Windows computer (XP, Vista, etc) we
> can create files and folders we can even rename and delete folders, but we
> cannot rename or delete files.

This sounds like a basic permissions problem. If NSS is working, and
you've authenticated, it pretty much has to be a permissions problem.

> If we access the machine via a Solaris or Linux machine using smbclient we
> can do everything.

Maybe those are invoking "unix extensions". I've got no clue how that
specifically would effect permission handling.

> I originally wondered if it was due to the Sun compiled Samba 3.0.35 server
> that is installed, so i removed it and compiled in 3.4.2 with OpenLDAP
> support, but it has exactly the same issues.

Which even more strongly points to a permissions issue.

> This problem does not occur on our other machines (that run ldap as their
> naming service in all but samba) ...

I'm not sure what this means.

> I'm happy to show all relevant information and logs/debugs if
> necessary
> I have seen some people talk about this before on the internet, but there
> doesn't appear to be any answer.


--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Back to top
Gaiseric Vandal
External


Since: May 21, 2007
Posts: 5
PostPosted: Mon Nov 02, 2009 10:10 am    Post subject: Re: [Samba] Windows clients connecting to Samba with OpenLDAP password backend [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Are you using UFS or ZFS on the underlying file system- ZFS has a lot
more granularity - which is both a blessing and curse when it comes do
ZFS / Windows ACL integration. Although why smbclient should be
different either I don't know.

Are the initial ACL entries the same on a new file or directory when
created with Windows vs smbclient?

Are you using winbind at all? Is the server a PDC? Are there
multiple servers?

I ran into one issue with samba member servers in a domain: if I set
looked at permissions via windows it would show entries for
"UNIX/somename" not "MYDOMAIN/somename." (this was when I was using
LDAP for unix accounts but not for the actual samba passwords.







On 11/02/09 08:38, Adam Tauno Williams wrote:
> On Mon, 2009-11-02 at 12:56 +0000, Jonathan Adams wrote:
>
>> I am having real troubles with one of our servers.
>> Background:
>> We have been using samba in our company for more than 11 years now, since
>> version 1.9.16 ...
>> We run Sun Solaris on our servers.
>> We used to run NIS+ as our password system, but due to it's almost
>> impossibility to manage (basically only I knew how) we've moved to LDAP ...
>> We have now decided to centralize all our Samba passwords into the LDAP.
>>
> Because LDAP is easier to manage! Smile I've been an OpenLDAP admin for 10
> + years... that really illustrates how horrible NIS was.
>
>
>> On the one machine configured to use LDAP for passwords we have a mysterious
>> problem, If we access the machine via a Windows computer (XP, Vista, etc) we
>> can create files and folders we can even rename and delete folders, but we
>> cannot rename or delete files.
>>
> This sounds like a basic permissions problem. If NSS is working, and
> you've authenticated, it pretty much has to be a permissions problem.
>
>
>> If we access the machine via a Solaris or Linux machine using smbclient we
>> can do everything.
>>
> Maybe those are invoking "unix extensions". I've got no clue how that
> specifically would effect permission handling.
>
>
>> I originally wondered if it was due to the Sun compiled Samba 3.0.35 server
>> that is installed, so i removed it and compiled in 3.4.2 with OpenLDAP
>> support, but it has exactly the same issues.
>>
> Which even more strongly points to a permissions issue.
>
>
>> This problem does not occur on our other machines (that run ldap as their
>> naming service in all but samba) ...
>>
> I'm not sure what this means.
>
>
>> I'm happy to show all relevant information and logs/debugs if
>> necessary
>> I have seen some people talk about this before on the internet, but there
>> doesn't appear to be any answer.
>>
>
>

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Back to top
Display posts from previous:   
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> Samba All times are: Eastern Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum