Domain logon issue with Samba 3.0.20pre2 -> current 3.0.20rc2

Andrew Bartlett abartlet at
Sat Aug 20 00:01:17 GMT 2005

On Fri, 2005-08-19 at 18:11 -0500, Gerald (Jerry) Carter wrote:
> Hash: SHA1
> Andrew Bartlett wrote:
> > I'm locked out of the network, and I can't get windows 
> > update to behave for me.  (I'm assuming I have a proxy
> > problem or similar).
> > 
> > The purpose of this Samba update (which I try not to do often, 
> > as we use almost *every* aspect of Samba, so do find
> > issues) was because I knew there were announced issues with
> > windows security updates and older Samba revisions... :-)
> Here's the scoop.  The change is in r6895.  It is a necessary
> and correct change.  In the absence of a real ReadOnly dos
> attribbute we have to approximate it.  Previously we were marking
> a file as read-only based on the file ownership.  Now we
> approximate it based on the sum of group permissions.
> The fix is to ensure that NTUSER.MAN is not marked with the
> DOS reqadonly attribute.  DOn't ask me why Windows cares
> when this is a mandatory profile.  So either set 'acl check
> permissions = no' or actually store the dos attribute in EA's
> and make sure the read only attribute is unset on that one
> file.

I still don't quite get it.  The Samba VFS module fake_perms sets mode
0700 (S_IRWXU), uid == current_user.uid, so that test should pass.  I'll
have to grab out a debugger...

Andrew Bartlett

Andrew Bartlett                      
Samba Developer, SuSE Labs, Novell Inc.
Authentication Developer, Samba Team 
Student Network Administrator, Hawker College
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list