[Samba] member server config problem
Angela Gavazzi
edv at goetheanum.ch
Mon Sep 10 15:39:42 GMT 2007
Hi,
I'm settin up a member Server in a samba domain. (both 3.0.24)
getent passwd/group shows all user and groups
wbinfo -u/g shows user and groups
net groupmap list shows all groups correctly
Here's the testparm output:
Server role: ROLE_DOMAIN_MEMBER
[global]
workgroup = AAG
server string = FILES (%v)
security = DOMAIN
password server = 192.168.100.72
passdb backend = ldapsam:ldap://192.168.100.72/
log level = 10
log file = /var/log/samba/%m.log
name resolve order = host wins bcast
deadtime = 15
keepalive = 0
load printers = No
preferred master = No
local master = No
domain master = No
wins server = 192.168.100.72
ldap admin dn = cn=admin,dc=aag
ldap group suffix = ou=groups
ldap idmap suffix = ou=idmap
ldap machine suffix = ou=computers
ldap suffix = dc=aag
ldap user suffix = ou=users
panic action = /etc/samba/panic-action %d
idmap backend = ldap:ldap://erde.aag
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind trusted domains only = Yes
read only = No
create mask = 0770
force create mode = 0770
directory mask = 0770
force directory mode = 0770
inherit acls = Yes
map acl inherit = Yes
strict sync = Yes
sync always = Yes
use sendfile = Yes
veto oplock files = /*.mdb/
delete readonly = Yes
dos filemode = Yes
msdfs root = No
[Homes]
path = /userdata/%S
invalid users = root, admin, bin, daemon, sys, sync, lp, mail, news,
uucp, proxy, www-data, backup, irc, sshd, man, identd, bacula, nobody,
Debian-exim
create mask = 0700
directory mask = 0700
browseable = No
Then all the shares....
ACLS are enabled in fstab
I have /groupdata with all groupshares and /userdata for homes.
/groupdata is actually owned by me.domain_admins
I can set acls from linux with
setfacl -R -d -m g:group:rwx folder
unfortunately I cannot change permissions from windows, not as domain-root nor
as me even if I am in the domain_admins group and privileges are activated I
get a permission denied message. I also don't see the acls I set for "group"
under windows even if linux shows them correctly.
I'm afraid it is something very stupid I don't see, but I would be very
gratefull if somebody could point me to the error.
Please let me know what logs I should append
tia,
Angela
More information about the samba
mailing list