[sisyphus] поламалась samba

Alexander Volkov =?iso-8859-1?q?alt_=CE=C1_vladregion=2Eru?=
Ср Июн 20 11:05:18 MSD 2007 

On 2007-05-23 18:13:59 +0400, Alexander Bokovoy wrote:
AB> Genix пишет:
AB> > Alexander Bokovoy пишет:
AB> > 
AB> >>> Началось с последних обновлений до 3.0.25
AB> >> Не настроен passdb и idmap.
AB> > 
AB> > О! Спасибо, хотя бы понятно куда искать
AB> > 
AB> >> В 3.0.25 существенным образом переписали механизм преобразования
AB> >> идентификаторов CIFS (sid) в идентификаторы POSIX (uid/gid). Теперь весь
AB> >> этот функционал вынесен в winbindd и настраивается чуть по-другому (man
AB> >> -k idmap).
AB> >>
AB> >> Можно увидеть конфигурационный файл?
AB> > 
AB> > [global]
AB> >         workgroup = FARHEAP.RUS
AB> >         server string = Eugene V. Horohorin
AB> >         security = SHARE
AB> Для security = share погасите winbindd. Ничего больше настраивать не
AB> надо, только убедитесь, что он не стартует. См. другие письма в этом треде.

Сегодня тоже таки обновился. Тред перечитал.
Не пущает пользователей, правда, некоторых, совсем, а некоторых - местами.
У меня контроллер домена, пароли в smbpasswd, конфиг прилагаю.
Что крутить?


--
 Regards, Alexander

----------- следующая часть -----------
# Samba config file created using SWAT
# from 192.168.2.1 (192.168.2.1)
# Date: 2005/03/28 11:34:31

# Global parameters
[global]
	name resolve order = wins lmhosts bcast
	
	idmap domains = VLADREGION.RU

#        idmap config SAMBA:backend  = nss
#	idmap config SAMBA:readonly = yes
				
	idmap config VLADREGION.RU:default = yes
	idmap config VLADREGION.RU:backend = smbpasswd
	idmap config VLADREGION.RU:range   = 10000 - 50000
					
	idmap alloc backend      = smbpasswd
	idmap alloc config:range = 10000 - 50000
														
	ldap ssl = no
	defer sharing violations = No
#	idmap gid = 10000-20000
	dns proxy = No
	printing = cups
#	idmap uid = 10000-20000
	logon script = user.bat
	dos charset = CP866
	remote announce = 192.168.2.136/vladregion.ru
	local master = yes
	workgroup = VLADREGION.RU
	os level = 63
	printcap name = cups
	security = user
	add machine script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Account' -s /bin/false -M %u
	max log size = 150
	log file = /var/log/samba/log.%m
	load printers = yes
	add group script = /usr/sbin/groupadd %g
	socket options = TCP_NODELAY IPTOS_LOWDELAY
	delete group script = /usr/sbin/groupdel %g
	create mask = 0664
	domain master = yes
	username map = /etc/samba/smbusers
	winbind use default domain = True
	passdb backend = smbpasswd:/etc/samba/smbpasswd
	logon home = 
	wins support = true
	netbios aliases = DBS
	server string = XEON(Domain master) 
	template homedir = /home/%U
	logon path = 
	use sendfile = yes
	directory mask = 0775
	add user script = /usr/sbin/useradd  -g 600 -s /bin/false -M %u
	set primary group script = /usr/sbin/usermod -g %g %u	
	unix charset = KOI8-R
	domain logons = yes
#	password server = *
	#, tdbsam:/etc/samba/passdb.tdb
#	log level = 5 
# Script for domain member for adding local accounts for authenticated users:
#	wins server = 192.168.2.32
#	valid users = @"VLADREGION.RU\Domain Users"
#	admin users = @"VLADREGION.RU\Domain Admins"
#	nt acl support = No
#	template primary group = "Domain Users"
#	add user to group script = /path/to/script/smb_add_user_to_grp.sh %u %g
#	delete user from group script   = /path/to/script/smb_del_user_from_grp.sh %u %g

# 2. Printing Options:
# CHANGES TO ENABLE PRINTING ON ALL CUPS PRINTERS IN THE NETWORK
# (as cups is now used in ALT Linux by default)
# if you want to automatically load your printer list rather
# than setting them up individually then you'll need this
      
      # It should not be necessary to spell out the print system type unless
      # yours is non-standard. Currently supported print systems include:
      # bsd, sysv, plp, lprng, aix, hpux, qnx, cups
	 
# NOTE: If you have a CUPS print system there is no need to
# specifically define each individual printer.
# You must configure the samba printers with the appropriate Windows
# drivers on your Windows clients. On the Samba server no filtering is
# done. If you wish that the server provides the driver and the clients
# send PostScript ("Generic PostScript Printer" under Windows), you have
# to swap the 'print command' line below with the commented one.

[printers]
       comment = All Printers
       path = /var/spool/samba
# to allow user 'guest account' to print.
#    guest ok = yes
    writable = no
    printable = yes
    create mode = 0700
	    # =====================================
	    # print command: see above for details.
	    # =====================================
    print command = lpr-cups -P %p -o raw %s -r   # using client side printer drivers.
	       ;;   print command = lpr-cups -P %p %s # using cups own drivers (use generic PostScript on clients).
	       # The following two commands are the samba defaults for printing=cups
	       # change them only if you need different options:
    lpq command = lpq -P %p
		  ;   lprm command = cancel %p-%j
		  
		  # This share is used for Windows NT-style point-and-print support.
		  # To be able to install drivers, you need to be either root, or listed
		  # in the printer admin parameter above. Note that you also need write access
		  # to the directory and share definition to be able to upload the drivers.
		  # For more information on this, please see the Printing Support Section of
		  # /usr/share/doc/samba-<version>/docs/Samba-HOWTO-Collection.pdf
[print$]
      path = /var/lib/samba/printing
      browseable = yes
      read only = yes
      write list = @wheel
			             
# This is 'a must' when you'd like to support quotas on your shares.
# Quotas are set up per mount point and can be changed from Win2K/XP/2K3
# Explorer's share 'properties' dialog when browsing the share as Domain Admin.
# Quotas are supported and tested on Ext2/3 and XFS file systems.
# It is important to represent mount point as 'drive' share (C$/D$/etc)
# otherwise Win2K/XP/2K3 would not issue proper RPC calls.
# Note also that domain separator should be exact as set above for winbind
[C$]
   comment = Administrative share for homes
   path = /home/users
   admin users = @"VLADREGION.RU\\Domain Admins"
   valid users = @"VLADREGION.RU\\Domain Admins"
   writable = yes

       
[homes]
	comment = Home Directory for '%u'
	read only = No
	browseable = No
	path = /home/%u

[public]
	path = /home/public
#	admin users = vaa, igor, administrator
	read only = No
	guest ok = No

[opktool]
	path = /home/public/prog/System/opktool
	admin users = vaa, igor, administrator
	browseable = No

[video]
	comment = video materials
	path = /work/video
	admin users = @wheel, administrator
	write list = @wheel, @TV, @vladregion.ru
	read only = No

[sound]
	comment = sound materials
	path = /work/sound
	write list = sidortsev, vaa, igor, korablev, @sound, burukov
	read only = No
#	case senstive = true
	default case = lower
	preserve case = no
	short preserve case = no
	
[backup]
	path = /backup
	valid users = @wheel
	admin users = vaa, igor
	read only = No
	browseable = No

[users]
	path = /home/users
#	admin users = @wheel, igor, vaa
	browseable = No
	writeable = yes

[glaf]
	path = /home/glafira
#	admin users = @wheel, igor, vaa
	browseable = No
	writeable = yes

[cd]
	path = /mnt/cdrom

[1cbase]
	writeable = yes
	delete readonly = yes
	browsable = no
	path = /home/1c
	write list = @management, wheel
	force group = management

[profiles]
	guest ok = Yes
	create mask = 0700
	browseable = no
#	profile acls = yes
	directory mask = 0700
	writable = yes
	path = /var/lib/samba/profiles
[netlogon]
   comment = Network Logon Service
   path = /var/lib/samba/netlogon
   guest ok = yes
   writable = no
   write list = @wheel
[fifty]
	valid users = @boss
	writable = yes
	browsable = no
	path = /home/fifty

Подробная информация о списке рассылки Sisyphus