[Samba] Access denied msg when using M$ MMC under W2k or XP on ACL compiled Samba and 2.4.20 Kernel with Acl on ext2 and ext3

incynr8 incynr8 at lawngnome.org
Wed Oct 22 15:10:53 GMT 2003

I am currently struggling with the final step (so it seems) in using a RH9
box with standardized kernel build 2.4.20, with enabled acl, and Samba 3
built with ACL enabled as well. I am able to join the domian with net ADS
join -U USERNAME, and use wbinfo and getent, showing the users and groups
from the domain.
However, I am incappable of setting the permissions so DOMAIN+USER can use
the samba shares.
Example...I can chown DOMAIN+BOB DIRECTORY, that is samba share, but he
cannot write to it.
More importantly, I cannot determine a way to manage the permissions through
the MMC, so that the DOMAIN users can access/write, etc the shares.
Included is a copy of my smb.conf file.
I have nt acl support set in a couple places in an attempt to see what
works, but I get the EVERYONE full control option as descriped as if the
seeting is off, yet noone does seem to have write access to bob2 share for
I'm not certain if my problem is pam related, passwddb backed related, or
filesystem/permissions related.
Thank you,

# Samba config file created using SWAT
# from
# Date: 2003/10/20 17:24:03

# Global parameters
        workgroup = DOMAIN
        realm = DOMAIN.LOCAL
        netbios name = FILES
        server string =
        security = ADS
        auth methods = winbind
        obey pam restrictions = Yes
        password server = WIN2KPDCIPADDRESS
        pam password change = Yes
        passwd program = /usr/bin/passwd %u
        passwd chat = *New*password* %n\n *Retype*new*password* %n\n
        unix password sync = Yes
        log file = /var/log/samba/%m.log
        max log size = 0
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        load printers = No
        preferred master = No
        local master = No
        domain master = No
        dns proxy = No
        ldap ssl = no
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind separator = +
        printing = cups
        nt acl support = yes

        comment = test-writeable
        path = /home/samba/test
        read only = No

        comment = All-writeable
        path = /home/samba/all
        write list = guest
        read only = No
        guest ok = Yes

        nt acl support = yes
        path = /home/DOMAIN/bob
        admin users = DOMAIN/root, DOMAIN/administrator, DOMAIN/bob
        read list = bob

More information about the samba mailing list