[Samba] 3.0.0-2 on RH9 as domain member of win2k domain - not able
to write to shares...
bugtraq at victoriareal.com
Thu Oct 2 09:08:00 GMT 2003
I'm unable to write to shares on the RH9 box from win2k clients.
Have successfully joined domain with 'net join ads'
getent passwd lists local unix users and win2k domain users successfully
I've mapped a DOMAIN+user_group to unix user_group, which 'net groupmap list' shows successfully
I have tried various ways to give DOMAIN+user.name access to the share, by changing the 'valid users =' line to inlcude: DOMAIN+user_group, user_group, DOMAIN+user.name
Can browse successfully to share, but not able to write to share unless I give write permissions to other/world
Logs show user from win2k client connecting to service as DOMAIN+user.name
win2k client recieves error: access denied.
realm = DOMAIN.COM
workgroup = DOMAIN
server string = Samba Server
hosts allow = 192.168. 127.
printcap name = /etc/printcap
load printers = yes
log file = /var/log/samba/log.%m
max log size = 50
security = ads
password server = DC1 DC2 DC3
# Password Level allows matching of _n_ characters of the password for
# all combinations of upper and lower case.
; password level = 8
; username level = 8
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
unix password sync = yes
passwd program = /usr/bin/passwd %u
; passwd debug = yes
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
; username map = /etc/samba/smbusers
; include = /etc/samba/smb.conf.%m
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = no
domain master = no
preferred master = no
name resolve order = host wins lmhosts bcast
dns proxy = yes
# separate domain and username with '+', like DOMAIN+username
winbind separator = +
# use uids from 10000 to 20000 for domain users
winbind uid = 10000-20000
# use gids from 10000 to 20000 for domain groups
winbind gid = 10000-20000
# allow enumeration of winbind users and groups
winbind enum users = yes
winbind enum groups = yes
comment = Test Dir
path = /home/share
guest ok = no
browseable = yes
writable = yes
share modes = yes
valid users = DOMAIN+user_group
hide dot files = yes
What I'd like to be able to do is control access to shares using DOMAIN+user_group to unix user_group mappings - do I need to map DOMAIN+user.name to a unix user.name as well, for every user within the group?
Hope you can help.
Any views or opinions expressed in this e-mail are solely those of the author and do not necessarily represent those of ENDEMOL UK plc unless specifically stated.
This email and the information it contains are confidential and intended solely for the use of the individual or entity to which it is addressed. If you have received this email in error please notify us immediately and delete the copy you have received from your system.
You should not copy it for any purpose, re-transmit it, use it or disclose its contents to any other person. If you suspect the message may have been intercepted or amended please call the sender.
More information about the samba