On Thursday 08 March 2007, Craig White wrote: > > > > I never got to the bottom of this, but I had similar problems and this > > cured it. I thought that if Ruben actually found that this looser > > permission made a difference, it might provide the missing link so that > > someone could explain what was wrong and why this worked. > > ---- > actually no - 'security = share' is for all purposes abandoned and would > be removed except for some reluctance to eliminate backwards > compatibility (so says Jerry Carter - search samba@xxxxxxxxxxxxxxx > archives for this). Interesting. I hadn't seen that. > > Moreover, his configuration had 'hosts allow = 127.' which doesn't take > any understanding of samba whatsoever to recognize that only localhost > can connect and no other. Thus your recommendation would have no > benefit. Agreed - I missed that when reading his message. > > I've never understood why I had so many problems with samba3, when samba2 > > worked perfectly for me, in terms of doing what I expected. > > When samba 3.0.0 was released, it was immediately evident that though > many of the same configuration options were there, it was an entirely > new samba...winbindd, active directory, kerberos, dfs, groups, etc. The > information is there for those interest in investing the energy to learn > it and I know that the samba official documentation is the best > documentation open source offers. > When I started using samba I used 'Using Samba' as my guide, and found it excellent. When it changed to samba3 it was clear that some options did not behave in the same way, and it was difficult to pinpoint the changes that caused problems. It's some time since I last set up my server. Reading 'Samba-3 by Example' implied that many of the lines I had been told to put into by [global] section were simply not necessary for my lan. I then started from the premise that the barest minimum was the place to start, adding only what was necessary to achieve my ends. Now [global] has only these lines workgroup = lydgate.lan server string = Samba Server %v printcap name = /etc/printcap log file = /var/log/samba/%m.log os level = 66 ##to cut down on the number of contentions from W2k box - it seems to help. I have had few problems since, though every now and then I come up against a box being able to read a share but not write to it. I usually find the cause after enough poking around. Prior to that I had a much longer [global] > (Official Samba 3.0 HowTo and By Example) - both available at > http://www.samba.org/samba/docs in html or pdf form or available in dead > tree form from most any bookseller. > > As to your own issues with Samba 3.x - your suggestion to use 'security > = share' is just a bad idea. The underlying premise behind that setting > is to emulate Windows 95/98 type file sharing - no concept of users but > rather a share with a password and permissions are for a single user. > Windows networking has evolved and likewise, samba usage has evolved. > I did not recommend staying with security=share, but just as some people suggest temporarily turning off selinux, just to rule out whether that was the contentious area. Elimination of an area is always useful. At one time this was the only way I got one box working, though I did eventually track down the problem - can't remember what it was, though. I'm not disputing anything that you have said, Craig - you probably do this more often than I do. I would mention, though, that for most people three quarters of the By Example book is totally irrelevant, but the remainder is likely to sort out any problems. I've not regretted following its advice. Anne