smb win2k-server-as-client share permission problem
Marcel Kunath
kunathma at pilot.msu.edu
Sat Oct 13 14:54:04 GMT 2001
Hello,
I am not new to samba but new to win2k clients using samba.
I have a copy of win2k advanced server(no service packs yet) and want to
connect as client machine of samba. I installed samba 2.2.1a. I am able to log
onto the domain (with use of user root) and log in as user(marcel). Profiles
\\%L\profiles\%U work. The home directory gets mapped automatically and the
user "marcel" has control over it. I checked (right click) the drive but there
is no security permission tab.
I want as user to map another share called share-drive1 and I can do so. The
user has no permissions though. I check the security tab and it says something
weird.
Everyone none checked
ntadmin(mydomain\ntadmin) none checked
unix_user.103(mydomain\unix_user.103) none checked
(ntadmin is my domain admin group; I don't understand why it chose to add a
unix_user.103 to the list instead of the other user:
Marcel (mydomain\marcel)
marcel has a unix account 500:100 and not 103:100.
Marcel is part of group ntadmin so I try to change some permissions maybe. I
check some stuff on either marcel or ntadmin and hit "Apply". It stalls out, I
see constant traffic on the switch and when I click the "[X]" to abord it says
program fails to respond "End Now".
Another thing I did not set up was the permissions on the unix directory as
they are now:
103:ntadmin /share-drive1
I am sure I had set them to root:users.There is no unix user 103 on my Linux
system.
I was logged in locally as admin before and was able to change permissions for
Marcel (mydomain\marcel) on the C drive just fine. It didn't stall.
While the permission change hangs the log for the machine on the samba server
says:
[2001/10/14 07:02:59, 0] smbd/posix_acls.c:create_canon_ace_lists(747)
create_canon_ace_lists: unable to map SID
S-1-5-21-2274180574-1372678260-942134435-3005 to uid or gid.
[2001/10/14 07:02:59, 0] smbd/posix_acls.c:create_canon_ace_lists(747)
create_canon_ace_lists: unable to map SID
S-1-5-21-2274180574-1372678260-942134435-3005 to uid or gid.
[2001/10/14 07:02:59, 0] smbd/posix_acls.c:create_canon_ace_lists(747)
create_canon_ace_lists: unable to map SID
S-1-5-21-2274180574-1372678260-942134435-3005 to uid or gid.
[2001/10/14 07:02:59, 0] smbd/posix_acls.c:create_canon_ace_lists(747)
create_canon_ace_lists: unable to map SID
S-1-5-21-2274180574-1372678260-942134435-3005 to uid or gid.
[2001/10/14 07:02:59, 0] smbd/posix_acls.c:create_canon_ace_lists(747)
create_canon_ace_lists: unable to map SID
S-1-5-21-2274180574-1372678260-942134435-3005 to uid or gid.
I wonder why I have to set permissions in the first place. Do I have to be root
to set the permissions? I thought Samba as PDC will take the Unix
permissions(user:group) existing on the unix directory to be mounted and take
any permissions(directory mask etc) from the smb.conf file and map it onto the
win2k workstation(advanced server in my case). When I did this stuff with win9x
my user had proper read,write,execute permissions across all my shares. I know
win2k is a different beast.
I don't mind having to set permissions but it stalls and that is what is the
problem.
My second problem is I have a logon script which does get executed. It doesn't
do any work as prescribed in it though.
My script is to map three shares to drive letters but none of them show up.
My commands are of the form:
net use i: \\server\share-drive1 /persistent:no
It doesn't get mapped automatically but I can map it manually once logged in.
Another question I had was: What are the unix directory permissions suppose to
be on the profiles directories:
/etc/samba/ntprofile
/etc/samba/ntprofile/marcel
Find my smb.conf attached. I'd appreciate any suggestions. Thanks,
mk
# Samba config file created using SWAT
# from 192.168.1.2 (192.168.1.2)
# Date: 2001/10/13 18:08:55
# Global parameters
[global]
workgroup = mydomain
netbios name = MAIL
server string = Samba %v on %L
interfaces = 192.168.1.1/24 127.0.0.0/24
encrypt passwords = Yes
update encrypted = Yes
null passwords = Yes
passwd program = /usr/bin/passwd %u
passwd chat debug = Yes
unix password sync = No
log file = /var/log/samba-log.%m
time server = Yes
keepalive = 30
domain admin group = @ntadmin
#domain admin users = marcel
logon script = %U.bat
logon path = \\%L\profiles\%U
logon drive = X:
domain logons = Yes
os level = 65
preferred master = True
domain master = True
kernel oplocks = No
#config file = /etc/smb.conf.%U
guest account = guest
hosts allow = 192.168.1., 127.
browseable = No
[homes]
comment = %U Home Directory
invalid users = guest
read only = No
veto files = /.*/
writable = Yes
[netlogon]
comment = The Domain Logon Service
path = /etc/samba/logon
[share-drive1]
comment = Network Drive
path = /share-drive1
read only = No
create mask = 0644
guest ok = Yes
[programs]
comment = Unix and Windows Programs
path = /usr/src/source-storage
valid users = marcel
read only = No
[profiles]
comment = NT profiles
path = /etc/samba/ntprofile
create mask = 0600
directory mask = 0700
writable = Yes
More information about the samba-ntdom
mailing list