Re: samba4 AD DC as file server?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

On Tue, 2013-03-12 at 01:30 +0800, d tbsky wrote:
> hi:
>    I want to setup a small samba4 server with AD and file server function.
> I know that samba4 AD DC has no netbios browsing support. are there other
> missing functions, like winbindd or something else?

The next release will include this patch, which avoids mistakenly
creating world-writeable files in additional file shares. 

>   and if I install two samba4 instance, one to "/usr/local/samba"(for file
> server), one to "/usr/local/samba-ad"(for AD DC). and give them two seprate
> ip to bind. will it work better?

No, it would need to be a different virtual machine (you can only have
one winbind per machine, and the different winbind is most important
difference between the operating modes). 

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 

>From c7fdbeae0965fdb8f1b990df585565b78b5e9369 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@xxxxxxxxx>
Date: Fri, 8 Mar 2013 16:49:21 +1100
Subject: [PATCH] param: Remove incorrectly added defaults in AD DC allowing

These defaults were incorrectly added in
fc5caffbc139d63cab1ec105884863f73772586f in what turns out to be an
incorrect fix for bug #9462, which was in turn introduced by the
swapping of security mask (default 0777) for create mask (0755) in

While the permissions on sysvol and netlogon (the default shares) were
fixed by provision, any additional shares that did not yet have an
explit ACL set would create world-writable files by default.

Administrators will need to manually correct the file permissions on
any additional shares that were created after installation of the AD

Andrew Bartlett

Reviewed-by: Michael Adam <obnox@xxxxxxxxx>

Autobuild-User(master): Andrew Bartlett <abartlet@xxxxxxxxx>
Autobuild-Date(master): Sun Mar 10 12:00:31 CET 2013 on sn-devel-104
(cherry picked from commit 287b5f6c0f40d3e3d09bc2ce80f5fee02cbae40f)
 source3/param/loadparm.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index cbcab78..e09c2bf 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -3502,8 +3502,6 @@ static void init_locals(void)
 		lp_do_parameter(-1, "map readonly", "no");
 		lp_do_parameter(-1, "map archive", "no");
 		lp_do_parameter(-1, "store dos attributes", "yes");
-		lp_do_parameter(-1, "create mask", "0777");
-		lp_do_parameter(-1, "directory mask", "0777");

To unsubscribe from this list go to the following URL and read the

[Linux]     [Info Cyrus]     [LARTC]     [Bugtraq]     [Netfilter]     [Internet Dating Forums]     [RAID]     [Yosemite News]     [Photography]

Add to Google Powered by Linux