[Samba] Re: Very strange ACL issue

éric le hénaff eric.le.henaff at ens.fr
Thu Aug 5 10:25:44 GMT 2004 

i solved my problem by downgrading winbind to 3.0.2a.
i downgraded samba first but it didnt change anything.

"éric le hénaff" <eric.le.henaff at ens.fr> a écrit dans le message de
news:cestri$v2h$1 at sea.gmane.org...
> i may have a related problem too.
> i recently upgraded from 3.0.2a to 3.0.5. the server's os is debian sarge.
> it provides more disk space to the domain.
> before the upgrade, i was able to use a very usefull copy tool :
scopy.exe.
> this tool runs on the pdc (window NT4). i use it to copy files from the
old
> users share on the pdc to the new users share on the samba server. i want
to
> move some shares from the pdc to the samba server.
> after the upgrade, scopy answers "invalid destination : p:\" each time i
try
> to run it.
> i plan to downgrade samba to 3.0.2a.
> is there a recommended way to downgrade a package on a debian sarge system
?
> (i know this topic is not directly samba related)
> thanx
>
> --------------------
> "Andrew" <internet at nineproductions.com> a écrit dans le message de
> news:BD341E6B.D1EF%internet at nineproductions.com...
> Hello,
>
> I upgraded from Samba 3.0.2 to 3.0.4 on my Redhat Enterprise system and am
> now seeing something very strange with POSIX ACL¹s. We have several shared
> directories setup with per-directory group permissions (In other words
each
> directory has its own group in active directory). This way if we want to
> give a user access to a directory we just add them to the group. After
> upgrading too 3.0.4 all of a sudden additions to a group were not working.
>
> So if I edit UserA in active directory and add them to the group
> Company-Finance-Folder the user should now be able to access the folder on
> the file server but now for some reason the user is getting an access
> denied.
>
> Getfacl shows that the group has permissions to the folder.
> Wbinfo ­u/-g works
> ³getent group² shows the user has been added to the group
>
> But the user is still getting an access denied. The funny thing is that
all
> other users with this exact same group are able to access this folder
> properly (But these users were added before the upgrade).
>
> Does anyone know why this is?
>
> Here is my config:
>
> [global]
> log level = 0
> log file = /var/log/samba/%m.log
> realm = domain.net
> workgroup = DOMAIN
> security = ADS
> encrypt passwords = yes
> password server = dc0.domain.net dc1.domain.net
> server string = AMI File Server
> socket options = TCP_NODELAY SO_KEEPALIVE
> kernel oplocks = yes
> oplocks = yes
> veto oplock files =
>
/*.doc/*.DOC/*.xls/*.XLS/*.ppt/*.PPT/*.pst/*.PST/*.mdb/*.MDB/*.ldb/*.LDB/*.v
>
sd/*.VSD/*.mpp/*.MPP/*.qbw/*.QBW/*.qbb/*.QBB/*.qbI/*.qbl/*.dxf/*.DXF/*.dwg/*
>
.DWG/*.cdr/*.CDR/*.bak/*.BAK/*.ord/*.xlo/*.igs/*.ipt/*.ipj/*.slp/*.stp/*.opt
>
/*.xli/*.stl/*.cur/*.sjb/*.log/*.LOG/*.sbs/*.iam/*.idv/*.pcbdoc/*.PcbDoc/*.P
> CBDOC/
> interfaces = eth0*,lo
> bind interfaces only = yes
> #host msdfs = yes
> # strict locking
> # strict sync
> # separate domain and username with +, like DOMAIN+username
> winbind separator = +
> # use uids from 11000 to 19000 for domain users
> idmap uid = 11000-19000
> # use gids from 11000 to 19000 for domain groups
> idmap gid = 11000-19000
> # allow enumeration of winbind users and groups
> winbind enum users = yes
> winbind enum groups = yes
> # give winbind users a real shell (only needed if they have telnet access)
> template homedir = /mnt/share/Company_Share/Users/%U
> template shell = /bin/bash
>
> [Company_Share]
>    comment = Company Corporate
>    path = /mnt/share/Company_Share
>    create mask = 0770
>    directory mask = 0770
>    public = yes
>    writable = yes
>
> [Projects]
>    comment = Company Projects
>    path = /mnt/share/Projects
>    create mask = 0770
>    directory mask = 0770
>    public = yes
>    writable = yes
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
>
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

More information about the samba mailing list