smb win2k-server-as-client share permission problem
Marcel Kunath
kunathma at pilot.msu.edu
Sat Oct 13 15:26:03 GMT 2001
Well I reset my share-drive1 to root:users and it now shows up as such on w2k.
It still stalls when trying to set permissions.
Not sure about my w2k setup. I never installed it before. I just went next nex
next =) So I guess its a normal setup. =)
I will upgrade to sp2 soon but can't right now. I am scared of telstra and its
3gig cap service people chasing me down.
thanks,
mk
> > Sorry don't have an answer to your
question (yet), > but as I am running W2K AS here as well, I just checked the
> permissions on my shares and I am not getting the
> that unix user.
>
> just the normal
>
> FYI:
>
> Charlie &,,, (OPENBSD\root) (all checked)
> daemon (OPENBSD\root) (none checked)
> EveryOne (some additional ACLs)
>
>
> Could there be something in your setup (W2L) which is
> different from a stanadrd setup (btw I ran it against W2K AS SP2)
>
> Bolke
>
> -----Oorspronkelijk bericht-----
> Van: samba-ntdom-admin at lists.samba.org
> [mailto:samba-ntdom-admin at lists.samba.org]Namens Marcel Kunath
> Verzonden: zaterdag 13 oktober 2001 23:56
> Aan: samba-ntdom at samba.org
> Onderwerp: smb win2k-server-as-client share permission problem
>
>
> Hello,
>
> I am not new to samba but new to win2k clients using samba.
>
> I have a copy of win2k advanced server(no service packs yet) and want to
> connect as client machine of samba. I installed samba 2.2.1a. I am able to
> log
> onto the domain (with use of user root) and log in as user(marcel). Profiles
> \\%L\profiles\%U work. The home directory gets mapped automatically and the
> user "marcel" has control over it. I checked (right click) the drive but
> there
> is no security permission tab.
>
> I want as user to map another share called share-drive1 and I can do so. The
> user has no permissions though. I check the security tab and it says
> something
> weird.
>
> Everyone none checked
> ntadmin(mydomain\ntadmin) none checked
> unix_user.103(mydomain\unix_user.103) none checked
>
>
> (ntadmin is my domain admin group; I don't understand why it chose to add a
> unix_user.103 to the list instead of the other user:
>
> Marcel (mydomain\marcel)
>
> marcel has a unix account 500:100 and not 103:100.
>
> Marcel is part of group ntadmin so I try to change some permissions maybe. I
> check some stuff on either marcel or ntadmin and hit "Apply". It stalls out,
> I
> see constant traffic on the switch and when I click the "[X]" to abord it
> says
> program fails to respond "End Now".
>
> Another thing I did not set up was the permissions on the unix directory as
> they are now:
>
> 103:ntadmin /share-drive1
>
> I am sure I had set them to root:users.There is no unix user 103 on my Linux
> system.
>
> I was logged in locally as admin before and was able to change permissions
> for
> Marcel (mydomain\marcel) on the C drive just fine. It didn't stall.
>
> While the permission change hangs the log for the machine on the samba
> server
> says:
>
>
> [2001/10/14 07:02:59, 0] smbd/posix_acls.c:create_canon_ace_lists(747)
> create_canon_ace_lists: unable to map SID
> S-1-5-21-2274180574-1372678260-942134435-3005 to uid or gid.
> [2001/10/14 07:02:59, 0] smbd/posix_acls.c:create_canon_ace_lists(747)
> create_canon_ace_lists: unable to map SID
> S-1-5-21-2274180574-1372678260-942134435-3005 to uid or gid.
> [2001/10/14 07:02:59, 0] smbd/posix_acls.c:create_canon_ace_lists(747)
> create_canon_ace_lists: unable to map SID
> S-1-5-21-2274180574-1372678260-942134435-3005 to uid or gid.
> [2001/10/14 07:02:59, 0] smbd/posix_acls.c:create_canon_ace_lists(747)
> create_canon_ace_lists: unable to map SID
> S-1-5-21-2274180574-1372678260-942134435-3005 to uid or gid.
> [2001/10/14 07:02:59, 0] smbd/posix_acls.c:create_canon_ace_lists(747)
> create_canon_ace_lists: unable to map SID
> S-1-5-21-2274180574-1372678260-942134435-3005 to uid or gid.
>
>
> I wonder why I have to set permissions in the first place. Do I have to be
> root
> to set the permissions? I thought Samba as PDC will take the Unix
> permissions(user:group) existing on the unix directory to be mounted and
> take
> any permissions(directory mask etc) from the smb.conf file and map it onto
> the
> win2k workstation(advanced server in my case). When I did this stuff with
> win9x
> my user had proper read,write,execute permissions across all my shares. I
> know
> win2k is a different beast.
>
> I don't mind having to set permissions but it stalls and that is what is the
> problem.
>
>
> My second problem is I have a logon script which does get executed. It
> doesn't
> do any work as prescribed in it though.
>
> My script is to map three shares to drive letters but none of them show up.
>
> My commands are of the form:
>
> net use i: \\server\share-drive1 /persistent:no
>
> It doesn't get mapped automatically but I can map it manually once logged
> in.
>
>
> Another question I had was: What are the unix directory permissions suppose
> to
> be on the profiles directories:
>
> /etc/samba/ntprofile
> /etc/samba/ntprofile/marcel
>
>
> Find my smb.conf attached. I'd appreciate any suggestions. Thanks,
>
> mk
>
>
> # Samba config file created using SWAT
> # from 192.168.1.2 (192.168.1.2)
> # Date: 2001/10/13 18:08:55
>
> # Global parameters
> [global]
> workgroup = mydomain
> netbios name = MAIL
> server string = Samba %v on %L
> interfaces = 192.168.1.1/24 127.0.0.0/24
> encrypt passwords = Yes
> update encrypted = Yes
> null passwords = Yes
> passwd program = /usr/bin/passwd %u
> passwd chat debug = Yes
> unix password sync = No
> log file = /var/log/samba-log.%m
> time server = Yes
> keepalive = 30
> domain admin group = @ntadmin
> #domain admin users = marcel
> logon script = %U.bat
> logon path = \\%L\profiles\%U
> logon drive = X:
> domain logons = Yes
> os level = 65
> preferred master = True
> domain master = True
> kernel oplocks = No
> #config file = /etc/smb.conf.%U
> guest account = guest
> hosts allow = 192.168.1., 127.
> browseable = No
>
> [homes]
> comment = %U Home Directory
> invalid users = guest
> read only = No
> veto files = /.*/
> writable = Yes
>
> [netlogon]
> comment = The Domain Logon Service
> path = /etc/samba/logon
>
> [share-drive1]
> comment = Network Drive
> path = /share-drive1
> read only = No
> create mask = 0644
> guest ok = Yes
>
> [programs]
> comment = Unix and Windows Programs
> path = /usr/src/source-storage
> valid users = marcel
> read only = No
>
> [profiles]
> comment = NT profiles
> path = /etc/samba/ntprofile
> create mask = 0600
> directory mask = 0700
> writable = Yes
>
>
>
>
--
Marcel Kunath
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
Montie House Network Greater Lansing Linux Users Group
http://www.montiehouse.com http://www.gllug.org
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
More information about the samba-ntdom
mailing list