[Samba] Windows ACL modify ability?
Louis van Belle
louis at van-belle.nl
Tue Jan 3 13:15:45 GMT 2006
does your kernel support ACL and Extended Attributes.
Also you can set the following settings
inherit acls = (yes/no)
nt acl support =
map hidden = no
map system = no
map achieve = no
store dos attributes = yes
ea support = yes
u combine above settings for your enviroment.
Als dit you set the privileges for the samba server
or do you set the rights as root
Louis
>-----Oorspronkelijk bericht-----
>Van: Mike Partyka [mailto:mpartyka at gmail.com]
>Verzonden: dinsdag 3 januari 2006 13:56
>Aan: Louis van Belle
>CC: samba at lists.samba.org
>Onderwerp: Re: [Samba] Windows ACL modify ability?
>
>Samba 3.0.14a server which is a domain member server of a 2003
>Active Directory and Domain Controller.
>
>There are no errors that appear in the windows servers event
>log, and my smb.conf is pretty simple:
>
>[global]
> unix charset = LOCALE
> workgroup = mrpartyka
> realm = MRPARTYKA.DOMAIN
> server string = SMBv3.0.14a/MS ADS/winbindd
> security = ads
> log level = 1
> syslog = 0
> log file = /var/log/samba/%m
> max log size = 50
> printcap name = CUPS
> ldap ssl = No
> idmap uid = 10000-40000000
> idmap gid = 10000-40000000
> template primary group = "Domain Users"
> template shell = /bin/bash
> nt acl support = Yes
> printing = cups
> # winbind trusted domains only = Yes
> winbind separator = \#
>
>[ftp]
> comment = All users share
> path = /ftproot
> valid users = @"MRPARTYKA\Domain Users"
> writeable = Yes
> browseable = Yes
>
>As i said originally, my goal here is to manage
>permissions's/ACL's from the server 2003 MMC, but any time i
>try to add or remove groups for access on either the Security
>tab or the Permissions tab, i get the message "changes could
>not be saved, access is denied". Also, though the message
>indicates the changes are not saved, if you open the share
>properties window again and go to the same permission you just
>tried to adjust, the group is there, but when you selected the
>group from the AD container, it looked like "MRPARTYA\Domain
>Users" and now it's liked as "SAND\Domain Users". SAND is the
>hostname of the samba server.
>
>Is this expected behavior? Due to winbindd making AD groups
>and users appear as though they are local groups/users of the
>Samba server? Samba logging indicates this:
>
>[2006/01/03 06:43:18, 0] rpc_server/srv_pipe.c:api_pipe_bind_req(993)
> api_pipe_bind_req: unknown auth type 9 requested.
>[2006/01/03 06:43:18, 1] smbd/service.c:make_connection_snum(642)
> 192.168.0.7 (192.168.0.7) connect to service ftp initially
>as user MRPARTYKA\administrator (uid=10000, gid=10000) (pid 3343)
>[2006/01/03 06:43:18, 0] rpc_server/srv_pipe.c:api_pipe_bind_req(993)
> api_pipe_bind_req: unknown auth type 9 requested.
>[2006/01/03 06:43:22, 0] rpc_server/srv_pipe.c:api_pipe_bind_req(993)
> api_pipe_bind_req: unknown auth type 9 requested.
>[2006/01/03 06:43:29, 1] smbd/service.c:close_cnum(830)
> 192.168.0.7 (192.168.0.7) closed connection to service ftp
>
>I have many messages in the Samba archive asking about enties
>like this, but i did not see any responses explaining it.
>
>Any ideas about how i can correct this problem and manage
>share permissions from the server MMC?
>
>TIA,
>
>
>
>On 1/3/06, Louis van Belle <louis at van-belle.nl > wrote:
>
> Hi,
>
> first which version of samba are you running?
> are you running pdc or AD Member ?
>
> etc etc.
> need more input ;-)
>
> Louis
>
>
>
> >-----Oorspronkelijk bericht-----
> >Van: samba-bounces+louis= van-belle.nl at lists.samba.org
><mailto:van-belle.nl at lists.samba.org>
> >[mailto:
>samba-bounces+louis=van-belle.nl at lists.samba.org
><mailto:samba-bounces+louis=van-belle.nl at lists.samba.org> ]
> >Namens Mike Partyka
> >Verzonden: maandag 2 januari 2006 23:50
> >Aan: samba at lists.samba.org <mailto:samba at lists.samba.org>
> >Onderwerp: [Samba] Windows ACL modify ability?
> >
> >I have posted several questions now and have ben unsuccessful
> >in getting any
> >responses, so i thought i would take a different tack.
> >
> >I know adjusting permissions on Samba shares, through the
> >Microsoft MMC is
> >possible when you have POSIX ACL support compiled in your
> >kernel. I don't
> >think that level of control is necessary for me and short of
> >recompiling the
> >kernel for that support i have been unable to adjust
> >permissions on Samba
> >shares through the MMC, i keep getting "Access is denied".
> >
> >Could someone just toss out a couple ideas about
>whether adjustments to
> >ACL's ar possible without kernel POSIX ACL support and
>if so, what some
> >causes of the "Access is denied" could be?
> >
> >TIA,
> >
> >-MIKE
> >--
> >To unsubscribe from this list go to the following URL
>and read the
> >instructions:
>https://lists.samba.org/mailman/listinfo/samba
><https://lists.samba.org/mailman/listinfo/samba>
> >
>
> --
> To unsubscribe from this list go to the following URL
>and read the
> instructions:
>https://lists.samba.org/mailman/listinfo/samba
><https://lists.samba.org/mailman/listinfo/samba>
>
>
>
>
More information about the samba
mailing list