Domain logon issue with Samba 3.0.20pre2 -> current 3.0.20rc2
Andrew Bartlett
abartlet at samba.org
Sat Aug 20 00:01:17 GMT 2005
On Fri, 2005-08-19 at 18:11 -0500, Gerald (Jerry) Carter wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Andrew Bartlett wrote:
>
> > I'm locked out of the network, and I can't get windows
> > update to behave for me. (I'm assuming I have a proxy
> > problem or similar).
> >
> > The purpose of this Samba update (which I try not to do often,
> > as we use almost *every* aspect of Samba, so do find
> > issues) was because I knew there were announced issues with
> > windows security updates and older Samba revisions... :-)
>
> Here's the scoop. The change is in r6895. It is a necessary
> and correct change. In the absence of a real ReadOnly dos
> attribbute we have to approximate it. Previously we were marking
> a file as read-only based on the file ownership. Now we
> approximate it based on the sum of group permissions.
>
> The fix is to ensure that NTUSER.MAN is not marked with the
> DOS reqadonly attribute. DOn't ask me why Windows cares
> when this is a mandatory profile. So either set 'acl check
> permissions = no' or actually store the dos attribute in EA's
> and make sure the read only attribute is unset on that one
> file.
I still don't quite get it. The Samba VFS module fake_perms sets mode
0700 (S_IRWXU), uid == current_user.uid, so that test should pass. I'll
have to grab out a debugger...
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc. http://suse.de
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20050820/158a3b3c/attachment.bin
More information about the samba-technical
mailing list