[Samba] Permission weirdness
chrisd at better-investing.org
Thu Sep 9 19:28:16 GMT 2004
This is worse than I thought!
Another user has now complained to me that he does not have rights to
something he should have rights to!
I have a printer shared out, to use it you must be in the DOMAIN+ColorPrint_
group. He is a member, and yet it won't let him even access it to install
it! An authentication box pops up asking for username and passwd.
path = /var/spool/samba
valid users = @Domain+ColorPrint_
printable = Yes
printer name = phaser8400
browseable = No
root preexec = echo Connect :%T U.G=%U.%G u.g=%u.%g
root postexec = echo Disconnect:%T U.G=%U.%G u.g=%u.%g
printer admin = @"DOMAIN+Domain Admins"
Nothing has changed... I haven't messed with any of the configuration files
or added any new software. This just started happening spontaneously it
my wbinfo -t/-u/-g all look good.
Is the tdb corrupted or something? What can I do to fix this?
On Thursday 09 September 2004 02:29 pm, Chris wrote:
> I am running samba 3.0.5 in an ADS environment. I have a win2k3 server as
> the DC and my samba machine (running on Gentoo Linux) is a member of that
> domain. I am using winbind.
> I have three users, for this example I will call them Larry, Curly and Moe.
> All three have RW access to a share on the server called "stooges". The
> linux perms on this directory look like this:
> drwxrwx--- root DOMAIN+stooges_ stooges
> There are other users who are members of the DOMAIN+stooges group, but
> these three are in charge and need access to a more restricted subdirectory
> of stooges. So I made a stooges_CIA directory under the stooges share.
> Its linux perms look like this:
> drwxrwx--- root DOMAIN+stooges_CIA_ stooges_CIA
> Larry, Curly and Moe are all members of both the DOMAIN+stooges_CIA_ (only
> those three) and the DOMAIN+stooges_ groups (those 3 plus other users in
> the dept).
> Now here is the strange part:
> Larry and curly can access everything in the share stooges and the
> subdirectory stooges_CIA. Moe, can access everyting in the stooges share
> but NOT anything in the stooges_CIA subdir.
> This makes absolutely no sense to me! Moe is a group member of
> DOMAIN+stooges_CIA. He shows up thusly when I do a 'getent group' or when
> I do a 'groups DOMAIN+moe'. Likewise, he shows up on the domain controller
> as being part of that group. *BOTH* systems have him listed in that group
> -- but for some reason he has no access!
> He gets this error:
> "\\server\stooges\stooges_CIA is not accessible. You might not have
> permission to use this network resource. Contact the administrator of this
> server to find out if you have access permissions."
> What the heck is going on here?
More information about the samba