users can create in /temp, but not delete

MATHOG at seqaxp.bio.caltech.edu MATHOG at seqaxp.bio.caltech.edu
Sat Oct 17 23:06:23 GMT 1998


Domain users can create files in C:\TEMP, but cannot delete them.

This is for 1.9.19 alpha (yes, I know 2.0.x alpha is current, but I've
never been able to make that work for NT logins with our NT 4 workstations
and our new Linux server, so I'm stuck at 1.9.19 running on an SGI.) 

The ownership on all files created by domain users are "Account Unknown",
and all such files have protections:  Everybody FULL.  So you'd think that
anybody could delete them - but you'd be wrong. An attempt to move such a
file to the trash results in: 

  Cannot delete <FILENAME>:  Access is denied.
  Make sure this disk is not full or write protected and that
  the file is not currently in use.

An attempt to grab ownership of such a file (from an domain account served
from the Samba 1.9.19 server) was a VERY bad idea.  It blew the desktop
away and jammed the "properties -> security" window which was open. The
only way out was ctrl-alt-del and logout. 

Oddly these files can be renamed, just not deleted.

The administrator account on the workstation can delete the files with no
problems.

I don't know if this is related, but in the event viewer, all of the
users from the domain just show up as numbers.  It would be nice if they
came up as "DOMAIN\joe_user", but the number is better than nothing.


One unrelated question. If you move a bunch of NT workstations from one
Samba domain controller to another, should you set the MACHINE SID's of the
two controllers to be the same?  If you don't, will the NT workstations
refuse to be logged in from the new Samba controller?  I ask, because
that's what I see when I try to move mine, and I recall that there was
something like this for NT Server running as a domain controller.

Thanks,

David Mathog
mathog at seqaxp.bio.caltech.edu
Manager, sequence analysis facility, biology division, Caltech 


More information about the samba-ntdom mailing list