[Samba] Problems with changing security setting on sharedfoldersvia Win2k

rruegner robowarp at gmx.de
Tue Feb 24 17:15:17 GMT 2004


Hi,
suse 8.2 runs perfect with acl ( but it is no included in minimal install at
8.2 )
there is no failure with acl suse 8.2 and samba 3
everything works as descriped i run
4 machines acting as pdc for months.
did you check your ldap setting , group mapping,
?
Best Regards
----- Original Message ----- 
From: "Clint Sharp" <clint at typhoon.org>
To: <newssysman at zbh.uni-hamburg.de>; "'Samba'" <samba at lists.samba.org>
Sent: Tuesday, February 24, 2004 5:54 PM
Subject: RE: [Samba] Problems with changing security setting on
sharedfoldersvia Win2k


> I'm assuming you're running w/o ACL support.  Samba tries as best as
> possible to map UNIX owner/group/other permissions to Windows ACL's,
> however, the only way to have multiple users assigned permissions to a
> file or folder is to have ACL support on your filesystem.  I don't know
> if SuSE 8.2 comes with ACL support by default in the kernel, but you
> might try to see first if 'which getfacl' returns anything (meaning you
> at least have the tools installed) and then mount -o remount,acl
> <whateverfilesystem> and see whether you can use setfacl to set ACL
> permissions on the filesystem.  If so, make sure you add acl to the list
> of options for that filesystem in /etc/fstab.  If that's the case, grab
> the samba3 source RPM and add --with-acl-support to the SPEC file and
> rebuild the RPM with rpmbuild.  What you're wanting to do works great if
> you've got ACL support on the filesystem.
>
> Clint
>
> --
> Clint Sharp
> Systems Administrator, AT&T Wireless International IT
> Desk: 425-580-1900    Mobile: 206-369-7394
>
>
> > -----Original Message-----
> > From: samba-bounces+clint=typhoon.org at lists.samba.org
> > [mailto:samba-bounces+clint=typhoon.org at lists.samba.org] On
> > Behalf Of newssysman at zbh.uni-hamburg.de
> > Sent: Tuesday, February 24, 2004 1:30 AM
> > To: Samba
> > Subject: [Samba] Problems with changing security setting on
> > shared foldersvia Win2k
> >
> >
> > Hi List,
> >
> > I'm using Samba 3.0.1 as PDC and Openldap 2.1.23 as backend
> > on a Suse 8.2
> > System, both are build from scratch.
> > Nearly everything is fine, expect I'm not able to change the security
> > setting of subfolders on my shares via my Win2k box.
> >
> > More details:
> > Changing the security setting of my top level shares (created
> > in smb.conf)
> > works fine with the SRVMGR, but everytime I try to change (e.g. add a
> > Domain User to a share) the security setting of a subfolder,
> > with my Win2K
> > box I get an Error: "The security settings of folder <name>
> > could not be
> > saved. Access denied". Maybe it's not the exact error message
> > because I use
> > a german Windows 2k.
> > I tried it as Administrator and as normal Domain User. Creating and
> > deleting a folder  works fine. Another strange thing is that I get no
> > information about the actual settings. No checkbox (full
> > control, change,
> > execte and so on) is selected. If someone wants to take a
> > look at it I can
> > send a screenshot of the settings.
> >
> > Has anyone a clue for me how to fix this?
> >
> > ---------------------
> > Some settings of my smb.conf
> > [global]
> > workgroup = ZBH
> > netbios name =VESUVIO
> > server string = ZBH_Master
> > map to guest = Bad User
> > passdb backend = ldapsam:ldap://ldap:389 (changed the real FQDN)
> > pam password change = Yes
> > passwd program = /usr/bin/smbpasswd %u
> > encrypt passwords = yes
> > security = users
> > lanman auth = Yes
> > ntlm auth = Yes
> > domain logons = Yes
> > os level = 65
> > preferred master = Yes
> > domain master = Yes
> > wins support = Yes
> > veto files = /*.eml/*.nws/riched20.dll/msblast.exe/*.{*}/
> > socket options = TCP_NODELAY SO_RCVBUF=8192
> > SO_SNDBUF=8192 SO_KEEPALIVE
> > IPTOS_LOWDELAY TCP_NODELAY
> > [...]
> >
> > [public]
> >        comment ="place for usefull things"
> >        path = /samba/public
> >        force group = users
> >        read only = no
> >        guest ok = yes
> >        browseable = yes
> >
> > ------------------
> >
> > Best regards,
> >
> > Erik Pagel
> >
> >
> >
> > -- 
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
> >
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>



More information about the samba mailing list