+ Responder ao Tópico



  1. #1

    Padrão Erro estranho no samba, ninguem acessa nada!

    Opa, blz?
    O samba aqui onde eu trabalho funcionava perfeitamente...
    De repente começou a dar acesso negado para todos os usuarios em todos os arquivos.
    Se eu logo pelo linux tenho acesso normalmente (leitura e escrita, execucao nao posso testar).
    O estranho é o seguinte, mesmo as permissoes dos usuarios setadas corretamente, eles nao conseguem ler nenhum arquivo.
    Se eu logado no linux, pego o arquivo edito ele no vi e salvo ele, os usuarios conseguem ser ele, mas nao conseguem executá-lo

    Em anexo segue o nosso smb.conf
    Código :
    [global]
     
    # workgroup = NT-Domain-Name or Workgroup-Name
       workgroup = BIFERCO
     
    # server string is the equivalent of the NT Description field
       server string = Samba Server %v
     
    # This option is important for security. It allows you to restrict
    # connections to machines which are on your local network. The
    # following example restricts access to two C class networks and
    # the "loopback" interface. For more examples of the syntax see
    # the smb.conf man page
    ;   hosts allow = 192.168.1. 192.168.2. 127.
     
    # if you want to automatically load your printer list rather
    # than setting them up individually then you'll need this
       printcap name = /etc/printcap
       load printers = yes
     
    # It should not be necessary to spell out the print system type unless
    # yours is non-standard. Currently supported print systems include:
    # bsd, sysv, plp, lprng, aix, hpux, qnx, cups
       printing = cups
     
    # Uncomment this if you want a guest account, you must add this to /etc/passwd
    # otherwise the user "nobody" is used
    ;  guest account = pcguest
     
    # this tells Samba to use a separate log file for each machine
    # that connects
       log file = /var/log/samba/%m.log
     
    # Put a capping on the size of the log files (in Kb).
       max log size = 0
     
    # Security mode. Most people will want user level security. See
    # security_level.txt for details.
       security = user
     
    # Use password server option only with security = server
    # The argument list may include:
    #   password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
    # or to auto-locate the domain controller/s
    #   password server = *
    ;   password server = <NT-Server-Name>
     
    # Password Level allows matching of _n_ characters of the password for
    # all combinations of upper and lower case.
    ;  password level = 8
    ;  username level = 8
     
    # You may wish to use password encryption. Please read
    # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
    # Do not enable this option unless you have read those documents
       encrypt passwords = yes
       smb passwd file = /etc/samba/smbpasswd
     
    # The following is needed to keep smbclient from spouting spurious errors
    # when Samba is built with support for SSL.
    ;   ssl CA certFile = /usr/share/ssl/certs/ca-bundle.crt
     
    # The following are needed to allow password changing from Windows to
    # update the Linux system password also.
    # NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.
    # NOTE2: You do NOT need these to allow workstations to change only
    #        the encrypted SMB passwords. They allow the Unix password
    #        to be kept in sync with the SMB password.
       unix password sync = Yes
       passwd program = /usr/bin/passwd %u
       passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
     
    # You can use PAM's password change control flag for Samba. If
    # enabled, then PAM will be used for password changes when requested
    # by an SMB client instead of the program listed in passwd program.
    # It should be possible to enable this without changing your passwd
    # chat parameter for most setups.
     
       pam password change = yes
     
    # Unix users can map to different SMB User names
    ;  username map = /etc/samba/smbusers
     
    # Using the following line enables you to customise your configuration
    # on a per machine basis. The %m gets replaced with the netbios name
    # of the machine that is connecting
    ;   include = /etc/samba/smb.conf.%m
     
    # This parameter will control whether or not Samba should obey PAM's
    # account and session management directives. The default behavior is
    # to use PAM for clear text authentication only and to ignore any
    # account or session management. Note that Samba always ignores PAM
    # for authentication in the case of encrypt passwords = yes
     
      obey pam restrictions = yes
     
    # Most people will find that this option gives better performance.
    # See speed.txt and the manual pages for details
       socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
     
    # Configure Samba to use multiple interfaces
    # If you have multiple network interfaces then you must list them
    # here. See the man page for details.
    ;   interfaces = 192.168.12.2/24 192.168.13.2/24 
     
    # Configure remote browse list synchronisation here
    #  request announcement to, or browse list sync from:
    #	a specific host or from / to a whole subnet (see below)
    ;   remote browse sync = 192.168.3.25 192.168.5.255
    # Cause this host to announce itself to local subnets here
    ;   remote announce = 192.168.1.255 192.168.2.44
     
    # Browser Control Options:
    # set local master to no if you don't want Samba to become a master
    # browser on your network. Otherwise the normal election rules apply
    ;   local master = no
     
    # OS Level determines the precedence of this server in master browser
    # elections. The default value should be reasonable
    ;   os level = 33
     
    # Domain Master specifies Samba to be the Domain Master Browser. This
    # allows Samba to collate browse lists between subnets. Don't use this
    # if you already have a Windows NT domain controller doing this job
       domain master = yes 
     
    # Preferred Master causes Samba to force a local browser election on startup
    # and gives it a slightly higher chance of winning the election
       preferred master = yes
     
    # Enable this if you want Samba to be a domain logon server for 
    # Windows95 workstations. 
       domain logons = yes
     
    # if you enable domain logons then you may want a per-machine or
    # per user logon script
    # run a specific logon batch file per workstation (machine)
       logon script = biferco.bat
    # run a specific logon batch file per username
    ;   logon script = %U.bat
     
    # Where to store roving profiles (only for Win95 and WinNT)
    #        %L substitutes for this servers netbios name, %U is username
    #        You must uncomment the [Profiles] share below
    ;   logon path = \\%L\Profiles\%U
     
    # Windows Internet Name Serving Support Section:
    # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
    ;   wins support = yes
     
    # WINS Server - Tells the NMBD components of Samba to be a WINS Client
    #	Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
    ;   wins server = w.x.y.z
     
    # WINS Proxy - Tells Samba to answer name resolution queries on
    # behalf of a non WINS capable client, for this to work there must be
    # at least one	WINS Server on the network. The default is NO.
    ;   wins proxy = yes
     
    # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
    # via DNS nslookups. The built-in default for versions 1.9.17 is yes,
    # this has been changed in version 1.9.18 to no.
       dns proxy = no 
     
    # Case Preservation can be handy - system default is _no_
    # NOTE: These can be set on a per share basis
    ;  preserve case = no
    ;  short preserve case = no
    # Default case is normally upper case for all DOS files
    ;  default case = lower
    # Be very careful with case sensitivity - it can break things!
    ;  case sensitive = no
     
    #============================ Share Definitions ==============================
    #[homes]
    #   comment = Home Directories
    #   browseable = no
    #   writable = yes
    #   valid users = %S
    #   create mode = 0664
    #   directory mode = 0775
    # If you want users samba doesn't recognize to be mapped to a guest user
    ; map to guest = bad user
     
     
    # Un-comment the following and create the netlogon directory for Domain Logons
     [netlogon]
       comment = Network Logon Service
    #  path = /usr/local/samba/lib/netlogon
       path = /home/netlogon
       guest ok = yes
       writable = no
       share modes = yes
     
    # Un-comment the following to provide a specific roving profile share
    # the default is to use the user's home directory
    ;[Profiles]
    ;    path = /usr/local/samba/profiles
    ;    browseable = no
    ;    guest ok = yes
     
     
    # NOTE: If you have a BSD-style print system there is no need to 
    # specifically define each individual printer
    [printers]
       comment = All Printers
       path = /var/spool/samba
       browseable = no
    # Set public = yes to allow user 'guest account' to print
       guest ok = no
       writable = no
       printable = yes
     
    # This one is useful for people to share files
    ;[tmp]
    ;   comment = Temporary file space
    ;   path = /tmp
    ;   read only = no
    ;   public = yes
     
    # A publicly accessible directory, but read only, except for people in
    # the "staff" group
    ;[public]
    ;   comment = Public Stuff
    ;   path = /home/samba
    ;   public = yes
    ;   writable = yes
    ;   printable = no
    ;   write list = @staff
     
    # Other examples. 
    #
    # A private printer, usable only by fred. Spool data will be placed in fred's
    # home directory. Note that fred must have write access to the spool directory,
    # wherever it is.
    ;[fredsprn]
    ;   comment = Fred's Printer
    ;   valid users = fred
    ;   path = /home/fred
    ;   printer = freds_printer
    ;   public = no
    ;   writable = no
    ;   printable = yes
     
    # A private directory, usable only by fred. Note that fred requires write
    # access to the directory.
    ;[fredsdir]
    ;   comment = Fred's Service
    ;   path = /usr/somewhere/private
    ;   valid users = fred
    ;   public = no
    ;   writable = yes
    ;   printable = no
     
    # a service which has a different directory for each machine that connects
    # this allows you to tailor configurations to incoming machines. You could
    # also use the %U option to tailor it by user name.
    # The %m gets replaced with the machine name that is connecting.
    ;[pchome]
    ;  comment = PC Directories
    ;  path = /usr/local/pc/%m
    ;  public = no
    ;  writable = yes
     
    # A publicly accessible directory, read/write to all users. Note that all files
    # created in the directory by users will be owned by the default user, so
    # any user with access can delete any other user's files. Obviously this
    # directory must be writable by the default user. Another user could of course
    # be specified, in which case all files would be owned by that user instead.
    ;[public]
    ;   path = /usr/somewhere/else/public
    ;   public = yes
    ;   only guest = yes
    ;   writable = yes
    ;   printable = no
     
    # The following two entries demonstrate how to share a directory so that two
    # users can place files there that will be owned by the specific users. In this
    # setup, the directory should be writable by both users and should have the
    # sticky bit set on it to prevent abuse. Obviously this could be extended to
    # as many users as required.
    ;[myshare]
    ;   comment = Mary's and Fred's stuff
    ;   path = /usr/somewhere/shared
    ;   valid users = mary fred
    ;   public = no
    ;   writable = yes
    ;   printable = no
    ;   create mask = 0765
     
    [orionasp]
    	comment = MegaERP
    	path = /orionasp
    	valid users = @biferco,@admin
    	public = no
    	writable = yes
    	printable = no
    	create mask = 0770
    	directory mask = 0770
     
    [teste]
            comment = MegaERP
            path = /orionasp/orion_teste
    	valid users = @biferco,@admin
            public = no
            writable = yes
            printable = no
            create mask = 0770
            directory mask = 0770
     
    [dataflex]
    	comment = Sistema Dataflex - Biferco
    	path = /dataflex
    	valid users = @biferco,@admin
    	public = no
    	writable = yes
    	printable = no
    	create mask = 2770
    	directory mask = 2770
           # umask = 555
     
    [usuarios]
    	comment = Pasta de Usuarios
    	path = /home
    	valid users = @biferco,@admin,carlos
    	public = no
    	writable = yes
    	printable = no
    	create mask = 0770
    	directory mask = 0770
    [backup]
            comment = Backup da Base de Dados - MegaERP
            path = /backup
            valid users = fernando,orionasp
            public = no
            writable = yes
            printable = no
            create mask = 0770
            directory mask = 0770


    Abraços
    Dirceu Semighini Filho

  2. #2
    mcm
    Visitante

    Padrão Erro estranho no samba, ninguem acessa nada!

    Como está a permissão de grupo desses diretórios dentro do Linux?

    Qual o grupo dos usuários?

  3. #3

    Padrão Erro estranho no samba, ninguem acessa nada!

    todos usuarios tao no grupo biferco e a permissao e 775 para todos os arquivos como que estao como dono= root e grupo=biferco

  4. #4

    Padrão Erro estranho no samba, ninguem acessa nada!

    o Estranho foi que depois de backupear, testar mcher e fuçar... Ele voltou a funcionar do nada..

    Até agora eu não sei explicar isto pro meu patrão..

    O que e isso? Bug do samba, erro de hardware ?