smb win2k-server-as-client share permission problem

Marcel Kunath kunathma at pilot.msu.edu
Sat Oct 13 15:26:03 GMT 2001


Well I reset my share-drive1 to root:users and it now shows up as such on w2k.
It still stalls when trying to set permissions.

Not sure about my w2k setup. I never installed it before. I just went next nex
next =) So I guess its a normal setup. =)

I will upgrade to sp2 soon but can't right now. I am scared of telstra and its
3gig cap service people chasing me down.

thanks,

mk

> > Sorry don't have an answer to your
question (yet), > but as I am running W2K AS here as well, I just checked the
> permissions on my shares and I am not getting the
> that unix user.
>
> just the normal
>
> FYI:
>
> Charlie &,,, (OPENBSD\root) (all checked)
> daemon (OPENBSD\root) (none checked)
> EveryOne (some additional ACLs)
>
>
> Could there be something in your setup (W2L) which is
> different from a stanadrd setup (btw I ran it against W2K AS SP2)
>
> Bolke
>
> -----Oorspronkelijk bericht-----
> Van: samba-ntdom-admin at lists.samba.org
> [mailto:samba-ntdom-admin at lists.samba.org]Namens Marcel Kunath
> Verzonden: zaterdag 13 oktober 2001 23:56
> Aan: samba-ntdom at samba.org
> Onderwerp: smb win2k-server-as-client share permission problem
>
>
> Hello,
>
> I am not new to samba but new to win2k clients using samba.
>
> I have a copy of win2k advanced server(no service packs yet) and want to
> connect as client machine of samba. I installed samba 2.2.1a. I am able to
> log
> onto the domain (with use of user root) and log in as user(marcel). Profiles
> \\%L\profiles\%U work. The home directory gets mapped automatically and the
> user "marcel" has control over it. I checked (right click) the drive but
> there
> is no security permission tab.
>
> I want as user to map another share called share-drive1 and I can do so. The
> user has no permissions though. I check the security tab and it says
> something
> weird.
>
> Everyone                none checked
> ntadmin(mydomain\ntadmin)       none checked
> unix_user.103(mydomain\unix_user.103)   none checked
>
>
> (ntadmin is my domain admin group; I don't understand why it chose to add a
> unix_user.103 to the list instead of the other user:
>
> Marcel (mydomain\marcel)
>
> marcel has a unix account 500:100 and not 103:100.
>
> Marcel is part of group ntadmin so I try to change some permissions maybe. I
> check some stuff on either marcel or ntadmin and hit "Apply". It stalls out,
> I
> see constant traffic on the switch and when I click the "[X]" to abord it
> says
> program fails to respond "End Now".
>
> Another thing I did not set up was the permissions on the unix directory as
> they are now:
>
> 103:ntadmin /share-drive1
>
> I am sure I had set them to root:users.There is no unix user 103 on my Linux
> system.
>
> I was logged in locally as admin before and was able to change permissions
> for
> Marcel (mydomain\marcel) on the C drive just fine. It didn't stall.
>
> While the permission change hangs the log for the machine on the samba
> server
> says:
>
>
> [2001/10/14 07:02:59, 0] smbd/posix_acls.c:create_canon_ace_lists(747)
>   create_canon_ace_lists: unable to map SID
> S-1-5-21-2274180574-1372678260-942134435-3005 to uid or gid.
> [2001/10/14 07:02:59, 0] smbd/posix_acls.c:create_canon_ace_lists(747)
>   create_canon_ace_lists: unable to map SID
> S-1-5-21-2274180574-1372678260-942134435-3005 to uid or gid.
> [2001/10/14 07:02:59, 0] smbd/posix_acls.c:create_canon_ace_lists(747)
>   create_canon_ace_lists: unable to map SID
> S-1-5-21-2274180574-1372678260-942134435-3005 to uid or gid.
> [2001/10/14 07:02:59, 0] smbd/posix_acls.c:create_canon_ace_lists(747)
>   create_canon_ace_lists: unable to map SID
> S-1-5-21-2274180574-1372678260-942134435-3005 to uid or gid.
> [2001/10/14 07:02:59, 0] smbd/posix_acls.c:create_canon_ace_lists(747)
>   create_canon_ace_lists: unable to map SID
> S-1-5-21-2274180574-1372678260-942134435-3005 to uid or gid.
>
>
> I wonder why I have to set permissions in the first place. Do I have to be
> root
> to set the permissions? I thought Samba as PDC will take the Unix
> permissions(user:group) existing on the unix directory to be mounted and
> take
> any permissions(directory mask etc) from the smb.conf file and map it onto
> the
> win2k workstation(advanced server in my case). When I did this stuff with
> win9x
> my user had proper read,write,execute permissions across all my shares. I
> know
> win2k is a different beast.
>
> I don't mind having to set permissions but it stalls and that is what is the
> problem.
>
>
> My second problem is I have a logon script which does get executed. It
> doesn't
> do any work as prescribed in it though.
>
> My script is to map three shares to drive letters but none of them show up.
>
> My commands are of the form:
>
> net use i: \\server\share-drive1 /persistent:no
>
> It doesn't get mapped automatically but I can map it manually once logged
> in.
>
>
> Another question I had was: What are the unix directory permissions suppose
> to
> be on the profiles directories:
>
> /etc/samba/ntprofile
> /etc/samba/ntprofile/marcel
>
>
> Find my smb.conf attached. I'd appreciate any suggestions. Thanks,
>
> mk
>
>
> # Samba config file created using SWAT
> # from 192.168.1.2 (192.168.1.2)
> # Date: 2001/10/13 18:08:55
>
> # Global parameters
> [global]
>     workgroup = mydomain
>     netbios name = MAIL
>     server string = Samba %v on %L
>     interfaces = 192.168.1.1/24 127.0.0.0/24
>     encrypt passwords = Yes
>     update encrypted = Yes
>     null passwords = Yes
>     passwd program = /usr/bin/passwd %u
>     passwd chat debug = Yes
>     unix password sync = No
>     log file = /var/log/samba-log.%m
>     time server = Yes
>     keepalive = 30
>     domain admin group = @ntadmin
>     #domain admin users = marcel
>     logon script = %U.bat
>     logon path = \\%L\profiles\%U
>     logon drive = X:
>     domain logons = Yes
>     os level = 65
>     preferred master = True
>     domain master = True
>     kernel oplocks = No
>     #config file = /etc/smb.conf.%U
>     guest account = guest
>     hosts allow = 192.168.1., 127.
>     browseable = No
>
> [homes]
>     comment = %U Home Directory
>     invalid users = guest
>     read only = No
>     veto files = /.*/
>     writable = Yes
>
> [netlogon]
>     comment = The Domain Logon Service
>     path = /etc/samba/logon
>
> [share-drive1]
>     comment = Network Drive
>     path = /share-drive1
>     read only = No
>     create mask = 0644
>     guest ok = Yes
>
> [programs]
>     comment = Unix and Windows Programs
>     path = /usr/src/source-storage
>     valid users = marcel
>     read only = No
>
> [profiles]
>     comment = NT profiles
>     path = /etc/samba/ntprofile
>     create mask = 0600
>     directory mask = 0700
>     writable = Yes
>
>
>
>


--
Marcel Kunath

*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

 Montie House Network            Greater Lansing Linux Users Group
  http://www.montiehouse.com      http://www.gllug.org

*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*




More information about the samba-ntdom mailing list