Contenu | Rechercher | Menus

Annonce

Si vous avez des soucis pour rester connecté, déconnectez-vous puis reconnectez-vous depuis ce lien en cochant la case
Me connecter automatiquement lors de mes prochaines visites.

À propos de l'équipe du forum.

Pages : 1

#1 Le 12/11/2008, à 12:31

leglen38

[SAMBA] Problèmes droits utilisateurs

Bonjour,

voici mon problème :

       J'ai mis en place sur un serveur ubuntu 8.04 un serveur Samba avec des comptes utilisateurs Active Directory. Les utilisateurs accèdent bien à leurs dossiers, en controle total. Cependant quand ils posent un fichiers depuis un poste sous Windows dans leur partage Samba, le fichier a les attributs 750 et le propriétaire/group est root.
        Est ce que c'est normal ? si non comment faire pour régler le problème ? Je ne suis pas au boulot donc je peux pas vous coller mon smb.conf.

        Je le posterais plus tard....

MAis merci pour votre aide si vous avec déjà une solution...

Hors ligne

#2 Le 12/11/2008, à 13:15

#hehedotcom\'isback

Re : [SAMBA] Problèmes droits utilisateurs

bonjour

il faut "arbitrairement" affecter un umask aux nouveaux fichiers.
issu de smb.conf:

# File creation mask is set to 0700 for security reasons. If you want to
# create files with group=rw permissions, set next parameter to 0775.
;   create mask = 0700

# Directory creation mask is set to 0700 for security reasons. If you want to
# create dirs. with group=rw permissions, set next parameter to 0775.
;   directory mask = 0700

Dernière modification par #hehedotcom\'isback (Le 12/11/2008, à 13:15)

../

Hors ligne

#3 Le 12/11/2008, à 17:19

leglen38

Re : [SAMBA] Problèmes droits utilisateurs

je suis bien d'accord avec toi, cependant ça ne règle pas mon deuxième problème des fichiers déposés sur le serveur et qui récupère comme attribut root:root....

Hors ligne

#4 Le 12/11/2008, à 23:51

MrWaloo

Re : [SAMBA] Problèmes droits utilisateurs

c'est là que le smb.conf ou la commande testparm seraient utiles

"De tous ceux qui n'ont rien à dire, les plus agréables sont ceux qui se taisent !!" (Desproges)
UNIX is an operating system, OS/2 is half an operating system, Windows is a shell, MS-DOS is a boot sector virus.

Hors ligne

#5 Le 13/11/2008, à 14:37

leglen38

Re : [SAMBA] Problèmes droits utilisateurs

et hop voilà mon smb.conf

# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not made any basic syntactic errors.
#
#======================= Global Settings =====================================
[global]
    log file = /var/log/samba/%m.log
# pour ne pas avoir de message concernant cups
    load printers = no
    socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
    map to guest = bad user
    encrypt passwords = yes
    realm = BDOM.AD.CORP
    winbind use default domain = yes
    winbind uid = 10000-20000
    dns proxy = no
    netbios name = BFRCPIEPX05
    server string = BFRCPIEPX05 Samba Server BUC %v
    printing = bsd

### voir si cette ligne est rélement utile 
    password server = bfrcpiedc01 bfrcpiedc02
    winbind gid = 10000-100000
    idmap uid=10000-100000
    idmap gid=10000-100000
    workgroup = BDOM
    printcap name = /dev/null
    security = ads
#    template homedir = /home/%U
    template shell = /bin/bash
    winbind separator = /
    max log size = 50
    winbind enum users = no
    winbind enum groups = yes
    winbind cache time = 7200
#    smb passwd file = /etc/samba/smbpasswd
#    winbind trusted domains only = yes
#    password server = bfrcpiedc01
#    encrypt passwords = yes 
    local master = no
    domain master = no
    preferred master = no


[etc]
    comment = parametres
    path = /etc
    browseable = no
    writeable = yes
    valid users = @bdom/bggbuc-linuxadmins
    admin users = @bdom/bggbuc-linuxadmins

[racine]
    comment = racine
    path = /
    browseable = no
    writable = yes
    valid users = @bdom/bggbuc-linuxadmins
    admin users = @bdom/bggbuc-linuxadmins
    public = no

[data]
    comment = data
    path = /data
    browseable = yes
        writable = yes
        valid users = @bdom/bggbucpie-linux-RD
        admin users = @bdom/bggbucpie-linux-RD-admin
        public = no
   
[soft]
        comment = soft
        path = /soft
        browseable = yes
        writable = yes
        valid users = @bdom/bggbucpie-linux-RD
        admin users = @bdom/bggbucpie-linux-RD-admin
        public = no


[mdupoizat]
    comment = home
    path = /home/mdupoizat
    browsable = no
    writable = yes
    valid users = BDOM/mdupoizat
    admin users = BDOM/mdupoizat

[mpeyrard]
        comment = home
        path = /home/mpeyrard
        browsable = no
        writable = yes
        valid users = BDOM/mpeyrard
        admin users = BDOM/mpeyrard

[cdaverat]
        comment = home
        path = /home/cdaverat
        browsable = no
        writable = yes
        valid users = BDOM/cdaverat
        admin users = BDOM/cdaverat

[tle-goaziou]
        comment = home
        path = /home/tle-goaziou
        browsable = no
        writable = yes
        valid users = BDOM/tle-goaziou
        admin users = BDOM/tle-goaziou

[jermartin]
        comment = home
        path = /home/jermartin
        browsable = no
        writable = yes
        valid users = BDOM/jermartin
        admin users = BDOM/jermartin

[bmorel]
        comment = home
        path = /home/bmorel
        browsable = no
        writable = yes
        valid users = BDOM/bmorel
        admin users = BDOM/bmorel

[aguyard]
        comment = home
        path = /home/aguyard
        browsable = no
        writable = yes
        valid users = BDOM/aguyard
        admin users = BDOM/aguyard

[ajourdan]
        comment = home
        path = /home/ajourdan
        browsable = no
        writable = yes
        valid users = BDOM/ajourdan
        admin users = BDOM/ajourdan

[mearab]
        comment = home
        path = /home/mearab
        browsable = no
        writable = yes
        valid users = BDOM/mearab
        admin users = BDOM/mearab

#[homes]
#    comment = Home Directories
    #valid users = %
#    browseable = no
#    writable = yes
# You can enable VFS recycle bin and on-access virus-scanning on a per
# share basis:
# Uncomment the next 2 lines (make sure you create a .recycle folder in
# the base of the share and ensure all users will have write access to it.
# For virus scanning, install samba-vscan-clamav and ensure the clamd service
# is running
#   vfs objects = vscan-clamav recycle
#   vscan-clamav: config-file = /etc/samba/vscan-clamav.conf

# Un-comment the following and create the netlogon directory for Domain Logons
# [netlogon]
#   comment = Network Logon Service
#   path = /var/lib/samba/netlogon
#   guest ok = yes
#   writable = no

#Uncomment the following 2 lines if you would like your login scripts to
#be created dynamically by ntlogon (check that you have it in the correct
#location (the default of the ntlogon rpm available in contribs)
#root preexec = /usr/bin/ntlogon -u '%u' -g '%g' -o %a -d /var/lib/samba/netlogon/
#root postexec = rm -f '/var/lib/samba/netlogon/%u.bat'

# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
#[Profiles]
#    path = /var/lib/samba/profiles
#    browseable = no
#    guest ok = yes
#    writable = yes
# This script can be enabled to create profile directories on the fly
# You may want to turn off guest acces if you enable this, as it
# hasn't been thoroughly tested.
#root preexec = PROFILE='/var/lib/samba/profiles/%u'; if [ ! -e $PROFILE ]; \
#                then mkdir -pm700 $PROFILE; chown '%u':'%g' $PROFILE;fi
# If you want read-only profiles, fake permissions so windows clients think
# they have written to the files
# vfs objects = fake_perms

# NOTE: If you have a CUPS print system there is no need to
# specifically define each individual printer.
# You must configure the samba printers with the appropriate Windows
# drivers on your Windows clients or upload the printer driver to the
# server from Windows (NT/2000/XP). On the Samba server no filtering is
# done. If you wish that the server provides the driver and the clients
# send PostScript ("Generic PostScript Printer" under Windows), you have
# to use 'printcap name = cups' or swap the 'print command' line below
# with the commented one. Note that print commands only work if not using
# 'printing=cups'
##**[printers]
##**   comment = All Printers
##**   path = /var/spool/samba
##**   browseable = no
# to allow user 'guest account' to print.
##**   guest ok = yes
##**   writable = no
##**   printable = yes
##**   create mode = 0700
# =====================================
# print command: see above for details.
# =====================================
##**   print command = lpr-cups -P %p -o raw %s -r   # using client side printer drivers.
#   print command = lpr-cups -P %p %s # using cups own drivers (use generic PostScript on clients).
# If you install drivers on the server, you will want to uncomment this so
# clients request the driver
##**   use client driver = yes

# This share is used for Windows NT-style point-and-print support.
# To be able to install drivers, you need to be either root, or listed
# in the printer admin parameter above. Note that you also need write access
# to the directory and share definition to be able to upload the drivers.
# For more information on this, please see the Printing Support Section of
# /usr/share/doc/samba-<version>/docs/Samba-HOWTO-Collection.pdf
#
# A special case is using the CUPS Windows Postscript driver, which allows
# all features available via CUPS on the client, by publishing the ppd file
# and the cups driver by using the 'cupsaddsmb' tool. This requires the
# installation of the CUPS driver (http://www.cups.org/windows.php)
# on the server, but doesn't require you to use Windows at all :-).
##**[print$]
##**   path = /var/lib/samba/printers
##**   browseable = yes
##**   write list = @adm root
##**   guest ok = yes
##**   inherit permissions = yes
# Settings suitable for Winbind:
# write list = @"Domain Admins" root
# force group = +@"Domain Admins"

# A useful application of samba is to make a PDF-generation service
# To streamline this, install windows postscript drivers (preferably colour)
# on the samba server, so that clients can automatically install them.
# Note that this only works if 'printing' is *not* set to 'cups'

[pdf-gen]
    path = /var/tmp
    guest ok = No
    printable = Yes
    comment = PDF Generator (only valid users)
    printing = bsd
    #print command = /usr/share/samba/scripts/print-pdf file path win_path recipient IP &
    print command = /usr/share/samba/scripts/print-pdf "%s" "%H" "//%L/%u" "%m" "%I" "%J" &
    lpq command = /bin/true

# A share allowing administrators to set ACLs on, or access for backup purposes
# all files (as root).
#[admin]
#  path = /
#  admin users = @"Domain Admins"
#  valid users = @"Domain Admins"
#  browseable = no
#  writeable = yes

# This one is useful for people to share files
;[tmp]
;   comment = Temporary file space
;   path = /tmp
;   read only = no
;   public = yes

# A publicly accessible directory, but read only, except for people in
# the "staff" group
;[public]
;   comment = Public Stuff
;   path = /home/samba/public
;   public = yes
;   writable = no
;   write list = @staff
# Audited directory through experimental VFS audit.so module:
# Uncomment next line.
#   vfs object = /usr/lib/samba/vfs/audit.so

# Other examples.
#
# A private printer, usable only by Fred. Spool data will be placed in Fred's
# home directory. Note that fred must have write access to the spool directory,
# wherever it is.
;[fredsprn]
;   comment = Fred's Printer
;   valid users = fred
;   path = /homes/fred
;   printer = freds_printer
;   public = no
;   writable = no
;   printable = yes

# A private directory, usable only by Fred. Note that Fred requires write
# access to the directory.
;[fredsdir]
;   comment = Fred's Service
;   path = /usr/somewhere/private
;   valid users = fred
;   public = no
;   writable = yes
;   printable = no

# a service which has a different directory for each machine that connects
# this allows you to tailor configurations to incoming machines. You could
# also use the %u option to tailor it by user name.
# The %m gets replaced with the machine name that is connecting.
;[pchome]
;  comment = PC Directories
;  path = /usr/pc/%m
;  public = no
;  writable = yes

# The following two entries demonstrate how to share a directory so that two
# users can place files there that will be owned by the specific users. In this
# setup, the directory should be writable by both users and should have the
# sticky bit set on it to prevent abuse. Obviously this could be extended to
# as many users as required.
;[myshare]
;   comment = Mary's and Fred's stuff
;   path = /usr/somewhere/shared
;   valid users = mary fred
;   public = no
;   writable = yes
;   printable = no
;   create mask = 0765

Hors ligne

#6 Le 13/11/2008, à 19:02

MrWaloo

Re : [SAMBA] Problèmes droits utilisateurs

essai de commenter tout ce qui concerne windbind et idmap, puis redémarre samba

"De tous ceux qui n'ont rien à dire, les plus agréables sont ceux qui se taisent !!" (Desproges)
UNIX is an operating system, OS/2 is half an operating system, Windows is a shell, MS-DOS is a boot sector virus.

Hors ligne

Pages : 1