[CentOS] Re: new CentOS5.1, samba help requested

Wed Mar 26 20:28:09 UTC 2008
Scott Silva <ssilva at sgvwater.com>

on 3-26-2008 1:01 PM Ray Leventhal spake the following:
> 
>>>
>> It is possible, because I am doing it. I have share=user and have home 
>> directories viewable by the user and the admin (me). I have various 
>> departmental shares that each department can access and no one else 
>> (but the admin -- again me). Even shares that aren't browsable, so no 
>> one even knows they are there if not given access.
>> And I have several public shares, some read-write, some read only with 
>> install files and such. USers that try to access a share they have no 
>> permission to get the logon box, but it will never actually auth 
>> because their rights don't allow it.
>>
>> ------------------------------------------------------------------------
> I have no doubt it's possible....might it be possible for you to post a 
> sanitized version of your [globals] and one or two of the shares from 
> the smb.conf file so that I can compare what's working for you with 
> what's not working for me?
> 
> TIA,
> -Ray
Some sanitized areas marked ***removed***
A server that will also do domain logins and roaming profiles;


[global]
	protocol = NT1
	name resolve order = lmhosts, wins, bcast
	passwd chat = *New*password* %n\n *Retype*new*password* %n\n 
*passwd:*all*authentication*tokens*updated*successfully*
	idmap gid = ***removed***
	admin users = ***removed***
	lm announce = Yes
	lpq cache time = 600
	remote browse sync = ***removed***
	hosts allow = ***removed***
	time server = Yes
	veto files = /lost+found/
	level2 oplocks = yes
	passwd program = /usr/bin/passwd %u
	dns proxy = yes
	netbios name = SERVER
	printing = cups
	logon script = netlogin.bat
	idmap uid = ***removed***
	veto oplock files = /*.xls/
	remote announce = ***removed***
	workgroup = ***removed***
	os level = 129
	security = user
	add machine script = /usr/sbin/useradd -d /dev/null -g machines -s 
/sbin/nologin -M %u
	delete user script = /usr/sbin/deluser %u
	dos filetimes = yes
	log file = /var/log/samba/smbd.log
	load printers = yes
	guest account = smbuser
	socket options = TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096
	logon drive = Z:
	deadtime = 30
	domain master = Yes
	interfaces = ***removed***
	map to guest = Bad User
	encrypt passwords = yes
	winbind use default domain = no
	printer admin = ***removed***
	passdb backend = tdbsam
	template shell = /bin/false
	wins support = true
	server string = ***removed***
	path = /var/spool/samba
	unix password sync = yes
	logon path = \\%N\profiles\%U
	domain logons = Yes
	socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192


Home share;

[homes]
	browseable = no
	comment = Home Directories
	writable = yes
	vfs objects = recycle
	recycle:repository = Recycle Bin
	recycle:versions = Yes
	recycle:keeptree = Yes
	recycle:exclude = *.tmp|*.temp|*.o|*.obj|~$*|*.~??|*.log|*.trace|*.TMP
	recycle:excludedir = /tmp|/temp|/cache
	recycle:noversions = *.doc|*.ppt|*.dat|*.ini

A public writable share;

[public]
	comment = public access directory
	path = /home/public
	admin users = ***removed***
	read only = No
	guest ok = Yes
	vfs objects = recycle
	#recycle: config-file = /etc/samba/recycle.conf
	recycle:repository = Recycle Bin
	recycle:versions = Yes
	recycle:keeptree = Yes
	recycle:exclude = *.tmp|*.temp|*.o|*.obj|~$*|*.~??|*.log|*.trace|*.TMP
	recycle:excludedir = /tmp|/temp|/cache
	recycle:noversions = *.doc|*.ppt|*.dat|*.ini

A public read-only share writable by admin;

[install]
	comment = Home Directories
	path = /opt/updates
	admin users = ***removed***
	write list = ***removed***
	read only = No
	guest ok = Yes


A group departmental share only certain users allowed;

[Accounting]
	writeable = yes
	wide links = No
	path = /home/accounting
	force group = accounting
	force user = accounting
	valid users = ***removed***
	vfs objects = recycle
	#recycle: config-file = /etc/samba/recycle.conf
	recycle:repository = Recycle Bin
	recycle:versions = Yes
	recycle:keeptree = Yes
	recycle:exclude = *.tmp|*.temp|*.o|*.obj|~$*|*.~??|*.log|*.trace|*.TMP
	recycle:excludedir = /tmp|/temp|/cache
	recycle:noversions = *.doc|*.ppt|*.dat|*.ini

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20080326/7419c302/attachment-0005.sig>