[Samba] Access Denied setting Directory Access Permissions

Holger Brückner brueckner at net-labs.de
Tue Jun 10 14:29:52 GMT 2003 

Hello *,

i've got a debian samba 3.0alpha23 with ldapsam.
my problem is that i can't set directory permissions. i alwasy get
access denied.

what i have:

svpdc:/etc/samba# smbgroupedit -v
params.c:Parameter() - Ignoring badly formed line in configuration file:
ldap trust ids
NT group (SID) -> Unix group
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
kollegstufe (S-1-5-21-3839733233-2759951301-2176690758-3011) ->
kollegstufe
root (S-1-5-21-3839733233-2759951301-2176690758-1001) -> root
Domain Admins (S-1-5-21-3839733233-2759951301-2176690758-512) -> root
Domain Guests (S-1-5-21-3839733233-2759951301-2176690758-514) -> -1
Power Users (S-1-5-32-547) -> -1
stundenplan (S-1-5-21-3839733233-2759951301-2176690758-3013) ->
stundenplan
users (S-1-5-21-1904509300-1595774664-1972565418-1201) -> users
Domain Admins (S-1-5-21-1904509300-1595774664-1972565418-512) -> root
Domain Guests (S-1-5-21-4168099664-486183441-673156717-514) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Domain Guests (S-1-5-21-1904509300-1595774664-1972565418-514) -> -1
sekretariat (S-1-5-21-3839733233-2759951301-2176690758-3007) ->
sekretariat
Account Operators (S-1-5-32-548) -> -1
Domain Users (S-1-5-21-3839733233-2759951301-2176690758-513) -> users
Backup Operators (S-1-5-32-551) -> -1
direktorat (S-1-5-21-3839733233-2759951301-2176690758-3009) ->
direktorat
Users (S-1-5-32-545) -> users

i'm wondering why some groups are listed more than once. how can i find
out which group is actually used and how do i get rid of the unused ones
? i know i can do smbgroupedit -x, but there i can't specify a SID.

svpdc:~# pdbedit -v -l root
params.c:Parameter() - Ignoring badly formed line in configuration file:
ldap trust ids
Unix username:        root
NT username:
Account Flags:        [U          ]
User ID/Group ID:     0/0
User SID:             S-1-5-21-3839733233-2759951301-2176690758-1000
Primary Group SID:    S-1-5-21-3839733233-2759951301-2176690758-1001
Full Name:            root
Home Directory:       \\svpdc\root
HomeDir Drive:
Logon Script:
Profile Path:         \\svpdc\root\profile
Domain:               SVFMG
Account desc:
Workstations:
Munged dial:
Logon time:           0
Logoff time:          Fri, 13 Dec 1901 21:45:51 GMT
Kickoff time:         Fri, 13 Dec 1901 21:45:51 GMT
Password last set:    Tue, 10 Jun 2003 16:15:24 GMT
Password can change:  Tue, 10 Jun 2003 16:15:24 GMT
Password must change: Fri, 13 Dec 1901 21:45:51 GMT

so user root is not a member of the domain admins. this might be the
reason why i get access denied trying to apply direcotry permissions.
i though mapping group root to NT Domain Admin should be enough, but it
doesn't seem to be. 

can anybody help me on this issue ?!?

thanks a lot

Holger Brueckner
net-labs Systemhaus GmbH

More information about the samba mailing list