Frequently Asked Questions: Difference between revisions

From SambaWiki
(added example)
No edit summary
Line 35: Line 35:
</tr>
</tr>
<tr>
<tr>
<td>messages.tdb</td><td>Samba messaging system</td>
<td>messages.tdb</td><td>Samba [[messaging]] system</td>
</tr>
</tr>
<tr>
<tr>

Revision as of 12:50, 9 May 2006

What are tdb files?

 Answered by Jerry Carter on samba@lists.samba.org
 [1]

Samba uses a lightweight database called Trivial Database (tdb). Here's the list (john, we should really document this somewhere).
(*) information persistent across restarts (but not necessarily important to backup).

account_policy.tdb*NT account policy settings such as pw expiration, etc...
brlock.tdbbyte range locks
browse.datbrowse lists
connections.tdbshare connections (used to enforce max connections, etc...)
gencache.tdbgeneric caching db
group_mapping.tdb*group mapping information
lang_en.tdbLanguage encodings (i think).
locking.tdbshare modes & oplocks
login_cache.tdb*bad pw attempts
messages.tdbSamba messaging system
netsamlogon_cache.tdb*cache of user net_info_3 struct from net_samlogon() request (as a domain member)
ntdrivers.tdb*installed printer drivers
ntforms.tdb*installed printer forms
ntprinters.tdb*installed printer information
printing/directory containing tdb per print queue of cached lpq output
registry.tdbWindows registry skeleton (connect via regedit.exe)
sessionid.tdbsession information (e.g. support for 'utmp = yes')
share_info.tdb*share acls
unexpected.tdbunexpected packet queue needed to support windows clients that respond on a difference port that the originating request) (i could be wrong on this one).
winbindd_cache.tdbwinbindd's cache of user lists, etc...
winbindd_idmap.tdb*winbindd's local idmap db
wins.dat*wins database when 'wins support = yes'

In the private subdirectory we have two more tdb files:

secrets.tdb*Private information like workstation passwords, the ldap admin dn and trust account information
passdb.tdb*User account information if passdb backend = tdbsam is used

The following tdb's should be backed up IMO:
  nt*.tdb   account_policy.tdb   group_mapping.tdb   share_info.tdb   winbindd_idmap.tdb   secrets.tdb   passdb.tdb

vfs - An example for a recycle container on a samba share

vfs objects =  recycle
      recycle:keeptree = yes
      recycle:versions = yes
      recycle:touch = yes
      recycle:exclude = ?~$*,~$*,*.tmp,index*.pl,index*.htm*,*.temp,*.TMP
      recycle:exclude_dir=  /tmp,/temp,/cache
      recycle:repository = .recycle/.recycle.%u
      recycle:noversions = *.doc,*.xls,*.ppt
      #hide files = /.recycle.*/.recycle/
      #veto files = /.recycle.*/.recycle/

inherit permissions

Use the UNIX form of setgid to make all files and subdirectories belong to the enclosing group.

For example: the root directory for a samba share appears as:

# ls -ld /home/storage
drwxrwxr-x  47 root dom_users 4096 Jan 31 08:09 /home/storage

change the directory so all files & subdirectories created will belong to 'dom_users' group:

# chmod g+s /home/storage

verify the results:

# ls -ld /home/storage
drwxrwsr-x  47 root dom_users 4096 Jan 31 08:09 /home/storage

if you create a new file 'abc' as user 'foo' who has the primary group 'users' the file is created as

# ls -ld /home/storage/*
drwxrwsr-x  47 foo  dom_users 4096 Jan 31 08:09 /home/storage/abc

guest access

The Guest account of the windows world is mapped to the user nobody in the unix world. This can be changed with the global option guest account which defaults to nobody. Also the guest ok parameter on every share deafult to no. The unix account nobody must exist in your account database. If the Guest has read or write access to the share depends on the mode bits of the path and wether the share has read only = no set.

To enable guest access to a share you need the following parameters in your smb.conf:

 [global]
  security = user
  map to guest = Bad Password

 [share_definition]
  guest ok = yes 

The other way to get public access is to use security = share. Then all access is mapped to the guest account. But this is not a good choice since you cant distinguish between authorized users and anonymous users.