On Friday 09 March 2007, Anne Wilson wrote: >On Thursday 08 March 2007, Craig White wrote: >> > I never got to the bottom of this, but I had similar problems and >> > this cured it. I thought that if Ruben actually found that this >> > looser permission made a difference, it might provide the missing >> > link so that someone could explain what was wrong and why this >> > worked. >> >> ---- >> actually no - 'security = share' is for all purposes abandoned and >> would be removed except for some reluctance to eliminate backwards >> compatibility (so says Jerry Carter - search samba@xxxxxxxxxxxxxxx >> archives for this). > >Interesting. I hadn't seen that. Neither had I, and if it goes away, I'm not sure I'll be able to recover since share is the only model that while throwing an occasional warning in the logs, does work between the many disparate versions of samba or cifs extant in my own local network. If it does go away, then I feel its incumbent on the folks removing it to write docs adequate for old farts like me to understand exactly how we go about making these other security models function. >> Moreover, his configuration had 'hosts allow = 127.' which doesn't >> take any understanding of samba whatsoever to recognize that only >> localhost can connect and no other. Thus your recommendation would >> have no benefit. > >Agreed - I missed that when reading his message. > >> > I've never understood why I had so many problems with samba3, when >> > samba2 worked perfectly for me, in terms of doing what I expected. >> >> When samba 3.0.0 was released, it was immediately evident that though >> many of the same configuration options were there, it was an entirely >> new samba...winbindd, active directory, kerberos, dfs, groups, etc. >> The information is there for those interest in investing the energy to >> learn it and I know that the samba official documentation is the best >> documentation open source offers. mmm, is that a separate rpm to install? >When I started using samba I used 'Using Samba' as my guide, and found > it excellent. When it changed to samba3 it was clear that some options > did not behave in the same way, and it was difficult to pinpoint the > changes that caused problems. Ditto here. >It's some time since I last set up my server. Reading 'Samba-3 by > Example' implied that many of the lines I had been told to put into by > [global] section were simply not necessary for my lan. I then started > from the premise that the barest minimum was the place to start, adding > only what was necessary to achieve my ends. Now [global] has only > these lines > >workgroup = lydgate.lan >server string = Samba Server %v >printcap name = /etc/printcap >log file = /var/log/samba/%m.log >os level = 66 ##to cut down on the number of contentions from W2k box - > it seems to help. > >I have had few problems since, though every now and then I come up > against a box being able to read a share but not write to it. I > usually find the cause after enough poking around. Prior to that I had > a much longer [global] > >> (Official Samba 3.0 HowTo and By Example) - both available at >> http://www.samba.org/samba/docs in html or pdf form or available in >> dead tree form from most any bookseller. I cannot find the pdf version on that site, only the html, in 100+ separate pages. To dl and dead tree that would be a rather herculean task I think I'll pass on. I take it back, its buried, along with a bunch of other, probably relevant stuff, in a 13 megabyte snapshot.bz2. Unpacking that should be 'interesting'.. >> As to your own issues with Samba 3.x - your suggestion to use >> 'security = share' is just a bad idea. The underlying premise behind >> that setting is to emulate Windows 95/98 type file sharing - no >> concept of users but rather a share with a password and permissions >> are for a single user. Windows networking has evolved and likewise, >> samba usage has evolved. > >I did not recommend staying with security=share, but just as some people >suggest temporarily turning off selinux, just to rule out whether that > was the contentious area. Elimination of an area is always useful. At > one time this was the only way I got one box working, though I did > eventually track down the problem - can't remember what it was, though. > >I'm not disputing anything that you have said, Craig - you probably do > this more often than I do. I would mention, though, that for most > people three quarters of the By Example book is totally irrelevant, but > the remainder is likely to sort out any problems. I've not regretted > following its advice. > >Anne -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) You now have Asian Flu.