monline

Most guides on this topic assume that you'll want to authenticate OS users and groups of your Debian server against the Active Directory server too. That's not absolutely necessary. You can keep your own user pool on the linux server (authenticate from /etc/passwd or from OpenLDAP ... or whatever source you choose) and only authenticate Samba access against AD.

You've to set the setuid bit on smbmnt and smbumount:
Note: do not mix smbmnt with smbmount! You'll get a warning upon use if you set the setuid for the latter.

You can use the smbstatus command to get a list of current Samba connections (processes, shares and locks). However if you're looking for the user who has a specific file open, then first you've to look for a lock in the lock list (smbstatus --locks), then you've to look up the username for the given PID in the process list (smbstatus --processes). I've made a script that uses awk to process the output of smbstatus and print the name of the user who keeps opened the file specified in the parameters.

The manpage description of "read list" and "write list" might be a little bit confusing to a Samba-newbie like me. I thought that to restrict users I just had to set "read list" to an empty value and "write list" to a set of users+groups. However these do not work as I thought.

Samba is tricky. Even if you allow authentication and access of the "root" user to a service, it will not create new files/directories with root's credential, but use the ownership of the parent directory instead. You can set "force group", "inherit owner" or whatever ... if you authenticate to the Samba server as "root" and create a file or a directory, then it will inherit the ownership (both user and group) of the parent directory. The only was to create root-owned files while authenticated as "root" is if you do this within a directory that itself is owned by root.

You can allow guest access to Samba shares using a combination of the "public = yes" (or the "guest ok = yes"), the "guest account = <account>" and the "read list = user1, user2, group1" config parameters in smb.conf. However this works only with Windows 2000 and recent versions of Windows clients, they can successfully access the share without a valid username or password.

I was trying to access a Samba v3.0.20 from a Windows 2003 server, but got only error messages without much explanation.