[Samba] Winbind: User can read a file on server but not on a share
Marc Mühlfeld
Marc.Muehlfeld at web.de
Mon Sep 11 23:24:41 GMT 2006
Hello,
I have two Domains (DOM1 and DOM2). Each trust each other. Now I configured winbind on PDC1 with the following settings:
winbind separator = +
idmap backend = ldap:ldap://192.168.1.4
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%U
template shell = /bin/bash
On PDC1 i can see the users of DOM2 now:
# wbinfo -u
DOM2+user2
.....
Nsswitch is configured to use winbind too.
I put DOM2+user2 in a global group (mygroup) on DOM1:
# id DOM2+user2
uid=10000(DOM2+user2) gid=10006(DOM2+domain users) groups=10006(DOM2+domain users),1031(mygroup)
I put a file on a share of PDC1 that is readable for mygroup:
# ls -la /share/test.txt
-rw-r----- 1 root mygroup 8 Sep 11 00:16 /share/test.txt
And here`s my problem:
When I do "su - DOM2+user2" on PDC1 I can read the content of this file (because of being a member of the group that has read rights on the file). But when I access the file from a machine out of DOM2, I get a permission denied error message.
Heres the output of log level = 10:
[2006/09/11 03:47:47, 10] lib/util.c:dump_data(2058)
[000] 00 5C 00 54 00 45 00 53 00 54 00 2E 00 54 00 58 .\.T.E.S .T...T.X
[010] 00 54 00 00 00 .T...
[2006/09/11 03:47:47, 3] smbd/process.c:switch_message(993)
switch message SMBntcreateX (pid 22401) conn 0x8033e648
[2006/09/11 03:47:47, 4] smbd/uid.c:change_to_user(222)
change_to_user: Skipping user change - already user
[2006/09/11 03:47:47, 10] smbd/nttrans.c:reply_ntcreate_and_X(506)
reply_ntcreateX: flags = 0x16, access_mask = 0x20089 file_attributes = 0x80, share_access = 0x3, create_disposition = 0x1 create_options = 0x4140 root_dir_f
id = 0x0
[2006/09/11 03:47:47, 5] smbd/filename.c:unix_convert(108)
unix_convert called on file "TEST.TXT"
[2006/09/11 03:47:47, 10] smbd/statcache.c:stat_cache_lookup(248)
stat_cache_lookup: lookup succeeded for name [TEST.TXT] -> [test.txt]
[2006/09/11 03:47:47, 8] lib/util.c:is_in_path(1677)
is_in_path: test.txt
[2006/09/11 03:47:47, 8] lib/util.c:is_in_path(1697)
is_in_path: match not found
[2006/09/11 03:47:47, 2] smbd/dosmode.c:unix_mode(70)
unix_mode(test.txt) inheriting from .
[2006/09/11 03:47:47, 2] smbd/dosmode.c:unix_mode(78)
unix_mode(test.txt) inherit mode 40755
[2006/09/11 03:47:47, 3] smbd/dosmode.c:unix_mode(121)
unix_mode(test.txt) returning 0644
[2006/09/11 03:47:47, 10] smbd/open.c:open_file_ntcreate(1091)
open_file_ntcreate: fname=test.txt, dos_attrs=0x80 access_mask=0x20089 share_access=0x3 create_disposition = 0x1 create_options=0x4140 unix mode=0644 oplock
_request=3
[2006/09/11 03:47:47, 8] lib/util.c:is_in_path(1677)
is_in_path: test.txt
[2006/09/11 03:47:47, 8] lib/util.c:is_in_path(1697)
is_in_path: match not found
[2006/09/11 03:47:47, 8] smbd/dosmode.c:dos_mode(300)
dos_mode: test.txt
[2006/09/11 03:47:47, 8] smbd/dosmode.c:dos_mode_from_sbuf(167)
dos_mode_from_sbuf returning
[2006/09/11 03:47:47, 8] smbd/dosmode.c:dos_mode(334)
dos_mode returning
[2006/09/11 03:47:47, 8] lib/util.c:is_in_path(1677)
is_in_path: test.txt
[2006/09/11 03:47:47, 8] lib/util.c:is_in_path(1697)
is_in_path: match not found
[2006/09/11 03:47:47, 10] smbd/open.c:open_file_ntcreate(1259)
open_file_ntcreate: fname=test.txt, after mapping access_mask=0x20089
[2006/09/11 03:47:47, 5] smbd/files.c:file_new(128)
allocated file structure 8902, fnum = 12998 (1 used)
[2006/09/11 03:47:47, 4] smbd/open.c:open_file_ntcreate(1490)
calling open_file with flags=0x0 flags2=0x0 mode=0644
[2006/09/11 03:47:47, 10] smbd/open.c:fd_open(55)
fd_open: name test.txt, flags = 00 mode = 0644, fd = -1. Permission denied
[2006/09/11 03:47:47, 3] smbd/open.c:open_file(276)
Error opening file test.txt (Permission denied) (local_flags=0) (flags=0)
[2006/09/11 03:47:47, 5] smbd/files.c:file_free(450)
freed files structure 12998 (0 used)
[2006/09/11 03:47:47, 10] smbd/trans2.c:set_bad_path_error(2623)
set_bad_path_error: err = 13 bad_path = 0
[2006/09/11 03:47:47, 3] smbd/error.c:unix_error_packet(90)
unix_error_packet: error string = Permission denied
[2006/09/11 03:47:47, 3] smbd/error.c:error_packet(146)
error packet at smbd/trans2.c(2632) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED
Maybe anybody can tell me what I did wrong.
Best regards
Marc
_____________________________________________________________________
Der WEB.DE SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
http://smartsurfer.web.de/?mc=100071&distributionid=000000000066
More information about the samba
mailing list