[Samba] Samba Permissions Problem

Robert Steinmetz AIA rob at steinmetznet.com
Fri Jan 22 14:25:28 MST 2010 

Dale Schroeder wrote:
> On 01/21/2010 3:08 PM, Robert Steinmetz AIA wrote:
>> I need help understanding what is happening and trouble shooting.
>>
>> I have two servers running Samba 2.3.3, one as a Domain Controller 
>> one as a Member Server. Both are running Ubuntu 8.10. smbd, nmbd and 
>> winbindd using the tdb back end are running on both.
>>
>> I have two shares on the member server and as far as I can tell they 
>> are identical. [Projects] works as expected but [Windows] always asks 
>> for a login name even though the smb.conf entries for both are are 
>> the same. If I comment out the "force group" in [Windows] users can 
>> access the share but there are errors writing and creating files. If 
>> I create a new share it acts as the [Windows] share.
>>
>> Here are the share definitions and a list of the files in the directory;
>>
>> [Projects]
>>        Comment = Project Files
>>        path = /files/Lucretia/Projects
>>        writeable = yes
>>        browseable = yes
>>        create mask = 0764
>>        directory mask = 0775
>>        force group = "ATLANTA\domain users"
>>
>> [Windows]
>>        comment = Atlanta Windows Files
>>        path = /files/Lucretia/Windows
>>        browseable = yes
>>        writeable = yes
>>        create mask = 0764
>>        directory mask = 0775
>>        force group = "ATLANTA\domain users"
>>
>>
>> root at louise:/files/Lucretia# ls -l
>> total 66
>> drwxrwsr-x   2 root          10001    48 2008-07-17 03:17 Arris
>> -rw-r-Sr--   1 root          10001  5952 2008-07-17 04:25 list
>> drwxrwsr-x  74 ATLANTA\rob   10001 17040 2009-12-17 15:25 Office
>> drwxrwsr-x  67 rob           10001 14456 1969-12-31 19:00 Office.orig
>> drwxrwsr-x  51 ATLANTA\trish 10001  4528 2010-01-14 14:26 Projects
>> drwxrwsr-x   8 ATLANTA\rob   10001   400 2009-07-10 15:52 Sigma
>> drwxrwsr-x   6 rob           10001   304 2008-07-17 02:50 Sigma.old
>> drwxrwsr-x 314 ATLANTA\trish 10001 24280 2010-01-13 09:49 Windows
>>
>> Testparm shows no problems although it does rearrange the share 
>> definitions somewhat.
>>
>> The problem must be in windows permissions but I don't know how to 
>> check them, especially since I have only ssh access because the site 
>> is remote. I have to rely on local users for testing.
>>
>> How can I get a list of ATLANTA\domain admin group users?
>>
>> How can I change the permissions?
>
> Any possibility of acl's, especially default acl's?
>
> getfacl /files/Lucretia/Projects
> getfacl /files/Lucretia/Windows
>
Looks like not;

root at louise:/etc/samba# getfacl /files/Lucretia/Projects
getfacl: Removing leading '/' from absolute path names
# file: files/Lucretia/Projects
# owner: ATLANTA\134trish
# group: 10001
user::rwx
group::rwx
other::r-x

root at louise:/etc/samba# getfacl /files/Lucretia/Windows
getfacl: Removing leading '/' from absolute path names
# file: files/Lucretia/Windows
# owner: ATLANTA\134trish
# group: 10001
user::rwx
group::rwx
other::rwx



-- 
Robert Steinmetz, AIA
Principal
Steinmetz & Associates

More information about the samba mailing list