[Samba] Problems with changing security setting on shared foldersvia Win2k

Clint Sharp clint at typhoon.org
Tue Feb 24 16:54:52 GMT 2004

I'm assuming you're running w/o ACL support.  Samba tries as best as
possible to map UNIX owner/group/other permissions to Windows ACL's,
however, the only way to have multiple users assigned permissions to a
file or folder is to have ACL support on your filesystem.  I don't know
if SuSE 8.2 comes with ACL support by default in the kernel, but you
might try to see first if 'which getfacl' returns anything (meaning you
at least have the tools installed) and then mount -o remount,acl
<whateverfilesystem> and see whether you can use setfacl to set ACL
permissions on the filesystem.  If so, make sure you add acl to the list
of options for that filesystem in /etc/fstab.  If that's the case, grab
the samba3 source RPM and add --with-acl-support to the SPEC file and
rebuild the RPM with rpmbuild.  What you're wanting to do works great if
you've got ACL support on the filesystem.

Clint Sharp
Systems Administrator, AT&T Wireless International IT
Desk: 425-580-1900    Mobile: 206-369-7394

> -----Original Message-----
> From: samba-bounces+clint=typhoon.org at lists.samba.org 
> [mailto:samba-bounces+clint=typhoon.org at lists.samba.org] On 
> Behalf Of newssysman at zbh.uni-hamburg.de
> Sent: Tuesday, February 24, 2004 1:30 AM
> To: Samba
> Subject: [Samba] Problems with changing security setting on 
> shared foldersvia Win2k
> Hi List,
> I'm using Samba 3.0.1 as PDC and Openldap 2.1.23 as backend 
> on a Suse 8.2 
> System, both are build from scratch.
> Nearly everything is fine, expect I'm not able to change the security 
> setting of subfolders on my shares via my Win2k box.
> More details:
> Changing the security setting of my top level shares (created 
> in smb.conf) 
> works fine with the SRVMGR, but everytime I try to change (e.g. add a 
> Domain User to a share) the security setting of a subfolder, 
> with my Win2K 
> box I get an Error: "The security settings of folder <name> 
> could not be 
> saved. Access denied". Maybe it's not the exact error message 
> because I use 
> a german Windows 2k.
> I tried it as Administrator and as normal Domain User. Creating and 
> deleting a folder  works fine. Another strange thing is that I get no 
> information about the actual settings. No checkbox (full 
> control, change, 
> execte and so on) is selected. If someone wants to take a 
> look at it I can 
> send a screenshot of the settings.
> Has anyone a clue for me how to fix this?
> ---------------------
> Some settings of my smb.conf
> [global]
> 	workgroup = ZBH
> 	netbios name =VESUVIO
> 	server string = ZBH_Master
> 	map to guest = Bad User
> 	passdb backend = ldapsam:ldap://ldap:389 (changed the real FQDN)
> 	pam password change = Yes
> 	passwd program = /usr/bin/smbpasswd %u
> 	encrypt passwords = yes
> 	security = users
> 	lanman auth = Yes
> 	ntlm auth = Yes
> 	domain logons = Yes
> 	os level = 65
> 	preferred master = Yes
> 	domain master = Yes
> 	wins support = Yes
> 	veto files = /*.eml/*.nws/riched20.dll/msblast.exe/*.{*}/
> 	socket options = TCP_NODELAY SO_RCVBUF=8192 
> 	[...]
> [public]
>        comment ="place for usefull things"
>        path = /samba/public
>        force group = users
>        read only = no
>        guest ok = yes
>        browseable = yes
> ------------------
> Best regards,
> Erik Pagel
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list