[Samba] Re: Very strange ACL issue

éric le hénaff eric.le.henaff at ens.fr
Thu Aug 5 09:15:29 GMT 2004 

i may have a related problem too.
i recently upgraded from 3.0.2a to 3.0.5. the server's os is debian sarge.
it provides more disk space to the domain.
before the upgrade, i was able to use a very usefull copy tool : scopy.exe.
this tool runs on the pdc (window NT4). i use it to copy files from the old
users share on the pdc to the new users share on the samba server. i want to
move some shares from the pdc to the samba server.
after the upgrade, scopy answers "invalid destination : p:\" each time i try
to run it.
i plan to downgrade samba to 3.0.2a.
is there a recommended way to downgrade a package on a debian sarge system ?
(i know this topic is not directly samba related)
thanx

--------------------
"Andrew" <internet at nineproductions.com> a écrit dans le message de
news:BD341E6B.D1EF%internet at nineproductions.com...
Hello,

I upgraded from Samba 3.0.2 to 3.0.4 on my Redhat Enterprise system and am
now seeing something very strange with POSIX ACL¹s. We have several shared
directories setup with per-directory group permissions (In other words each
directory has its own group in active directory). This way if we want to
give a user access to a directory we just add them to the group. After
upgrading too 3.0.4 all of a sudden additions to a group were not working.

So if I edit UserA in active directory and add them to the group
Company-Finance-Folder the user should now be able to access the folder on
the file server but now for some reason the user is getting an access
denied.

Getfacl shows that the group has permissions to the folder.
Wbinfo ­u/-g works
³getent group² shows the user has been added to the group

But the user is still getting an access denied. The funny thing is that all
other users with this exact same group are able to access this folder
properly (But these users were added before the upgrade).

Does anyone know why this is?

Here is my config:

[global]
log level = 0
log file = /var/log/samba/%m.log
realm = domain.net
workgroup = DOMAIN
security = ADS
encrypt passwords = yes
password server = dc0.domain.net dc1.domain.net
server string = AMI File Server
socket options = TCP_NODELAY SO_KEEPALIVE
kernel oplocks = yes
oplocks = yes
veto oplock files =
/*.doc/*.DOC/*.xls/*.XLS/*.ppt/*.PPT/*.pst/*.PST/*.mdb/*.MDB/*.ldb/*.LDB/*.v
sd/*.VSD/*.mpp/*.MPP/*.qbw/*.QBW/*.qbb/*.QBB/*.qbI/*.qbl/*.dxf/*.DXF/*.dwg/*
.DWG/*.cdr/*.CDR/*.bak/*.BAK/*.ord/*.xlo/*.igs/*.ipt/*.ipj/*.slp/*.stp/*.opt
/*.xli/*.stl/*.cur/*.sjb/*.log/*.LOG/*.sbs/*.iam/*.idv/*.pcbdoc/*.PcbDoc/*.P
CBDOC/
interfaces = eth0*,lo
bind interfaces only = yes
#host msdfs = yes
# strict locking
# strict sync
# separate domain and username with +, like DOMAIN+username
winbind separator = +
# use uids from 11000 to 19000 for domain users
idmap uid = 11000-19000
# use gids from 11000 to 19000 for domain groups
idmap gid = 11000-19000
# allow enumeration of winbind users and groups
winbind enum users = yes
winbind enum groups = yes
# give winbind users a real shell (only needed if they have telnet access)
template homedir = /mnt/share/Company_Share/Users/%U
template shell = /bin/bash

[Company_Share]
   comment = Company Corporate
   path = /mnt/share/Company_Share
   create mask = 0770
   directory mask = 0770
   public = yes
   writable = yes

[Projects]
   comment = Company Projects
   path = /mnt/share/Projects
   create mask = 0770
   directory mask = 0770
   public = yes
   writable = yes
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list