[Samba] Access Denied setting Directory Access Permissions

Holger Brückner lists at net-labs.de
Tue Jun 10 15:45:10 GMT 2003


u upgraded to 3.0beta1, but i'm still having the same problem.



On Tue, 2003-06-10 at 16:29, Holger Brückner wrote:
> Hello *,
> 
> i've got a debian samba 3.0alpha23 with ldapsam.
> my problem is that i can't set directory permissions. i alwasy get
> access denied.
> 
> what i have:
> 
> svpdc:/etc/samba# smbgroupedit -v
> params.c:Parameter() - Ignoring badly formed line in configuration file:
> ldap trust ids
> NT group (SID) -> Unix group
> System Operators (S-1-5-32-549) -> -1
> Replicators (S-1-5-32-552) -> -1
> Guests (S-1-5-32-546) -> -1
> kollegstufe (S-1-5-21-3839733233-2759951301-2176690758-3011) ->
> kollegstufe
> root (S-1-5-21-3839733233-2759951301-2176690758-1001) -> root
> Domain Admins (S-1-5-21-3839733233-2759951301-2176690758-512) -> root
> Domain Guests (S-1-5-21-3839733233-2759951301-2176690758-514) -> -1
> Power Users (S-1-5-32-547) -> -1
> stundenplan (S-1-5-21-3839733233-2759951301-2176690758-3013) ->
> stundenplan
> users (S-1-5-21-1904509300-1595774664-1972565418-1201) -> users
> Domain Admins (S-1-5-21-1904509300-1595774664-1972565418-512) -> root
> Domain Guests (S-1-5-21-4168099664-486183441-673156717-514) -> -1
> Print Operators (S-1-5-32-550) -> -1
> Administrators (S-1-5-32-544) -> -1
> Domain Guests (S-1-5-21-1904509300-1595774664-1972565418-514) -> -1
> sekretariat (S-1-5-21-3839733233-2759951301-2176690758-3007) ->
> sekretariat
> Account Operators (S-1-5-32-548) -> -1
> Domain Users (S-1-5-21-3839733233-2759951301-2176690758-513) -> users
> Backup Operators (S-1-5-32-551) -> -1
> direktorat (S-1-5-21-3839733233-2759951301-2176690758-3009) ->
> direktorat
> Users (S-1-5-32-545) -> users
> 
> i'm wondering why some groups are listed more than once. how can i find
> out which group is actually used and how do i get rid of the unused ones
> ? i know i can do smbgroupedit -x, but there i can't specify a SID.
> 
> svpdc:~# pdbedit -v -l root
> params.c:Parameter() - Ignoring badly formed line in configuration file:
> ldap trust ids
> Unix username:        root
> NT username:
> Account Flags:        [U          ]
> User ID/Group ID:     0/0
> User SID:             S-1-5-21-3839733233-2759951301-2176690758-1000
> Primary Group SID:    S-1-5-21-3839733233-2759951301-2176690758-1001
> Full Name:            root
> Home Directory:       \\svpdc\root
> HomeDir Drive:
> Logon Script:
> Profile Path:         \\svpdc\root\profile
> Domain:               SVFMG
> Account desc:
> Workstations:
> Munged dial:
> Logon time:           0
> Logoff time:          Fri, 13 Dec 1901 21:45:51 GMT
> Kickoff time:         Fri, 13 Dec 1901 21:45:51 GMT
> Password last set:    Tue, 10 Jun 2003 16:15:24 GMT
> Password can change:  Tue, 10 Jun 2003 16:15:24 GMT
> Password must change: Fri, 13 Dec 1901 21:45:51 GMT
> 
> so user root is not a member of the domain admins. this might be the
> reason why i get access denied trying to apply direcotry permissions.
> i though mapping group root to NT Domain Admin should be enough, but it
> doesn't seem to be. 
> 
> can anybody help me on this issue ?!?
> 
> thanks a lot
> 
> Holger Brueckner
> net-labs Systemhaus GmbH
> 
> 
> 
> 
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba





More information about the samba mailing list