[Samba] Samba and Active Directory Permissions

Aden, Steve saden at itscommunications.com
Thu Mar 18 19:01:46 GMT 2004

I have had similar problems. I was able to set permissions on shares
from Windows by adding:

admin users = "DOMAIN_Domain Admins" to my smb.conf file. ( "_" is my
Winbind separator character).

The problem is that once they are set and the everyone group is removed,
the users cannot connect to the share with kerberos authentication.
(They can connect via ip address, which causes samba to use NTLM?
authentication). I always get Access Denied. Setting logging to 10 I can
see the authentication checks in the log, but the user sid captured does
not match the user's actual sid so it doesn't match the sid in the acl.

Hopefully you do not have the same problem. I have had this problem for
over two weeks and haven't been able to solve it. Even on a totally
clean install of everything in my lab including the W2K AD server and
the Samba server.

Steve Aden

Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Opinions, conclusions and other information contained in this message that do not relate to official business shall be understood as neither given nor endorsed by ITS

-----Original Message-----
From: John Petro [mailto:jxpsys at rit.edu] 
Sent: Thursday, March 18, 2004 12:13 PM
To: samba at lists.samba.org
Subject: [Samba] Samba and Active Directory Permissions


  I am currently running Samba 3.0.2a on a RHEL3 server.  I would like
to use the extended file systems permissions through windows, but I
haven't had much luck.  Here is how I am set up....


My linux box is joined to my AD domain and appears to be functioning
correctly.  I also have winbind set up, and functioning, although I
still have some tweaking to do, it is assigning user and group ids as I
would expect it to.  I can create a share ok via Samba or active
directory users and computers with out a problem.  However, once I
create this share, and I mount it on a windows client, I can't do
anything as far as  setting or deligating permissions.  When I look at
the folder properties, it says the folder it owned by root on my linux
server.  It will not let me change the ownership to any other user.  I
get a error that says something to the effect that I don't have the
rights to change the permissions.  


Has anyone had this issue, and do you know what I can do to get around
this.  I really don't want to go to a windows platform for my





To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

This message was content-scanned by IXC Shield 
Powered by GatewayDefender - BH08999c2f.00000001.mml

More information about the samba mailing list