[Samba] Permission weirdness

Chris chrisd at better-investing.org
Thu Sep 9 19:28:16 GMT 2004 

This is worse than I thought!

Another user has now complained to me that he does not have rights to 
something he should have rights to!

I have a printer shared out, to use it you must be in the DOMAIN+ColorPrint_ 
group.  He is a member, and yet it won't let him even access it to install 
it!  An authentication box pops up asking for username and passwd.

[phaser8400]
        path = /var/spool/samba
        valid users = @Domain+ColorPrint_
        printable = Yes
        printer name = phaser8400
        browseable = No
        root preexec = echo Connect   :%T U.G=%U.%G u.g=%u.%g 
>> /root/.info/p8400.log
        root postexec = echo Disconnect:%T U.G=%U.%G u.g=%u.%g 
>> /root/.info/p8400.log
        printer admin = @"DOMAIN+Domain Admins"

Nothing has changed...   I haven't messed with any of the configuration files 
or added any new software.  This just started happening spontaneously it 
seems.

my wbinfo -t/-u/-g all look good.

Is the tdb corrupted or something?   What can I do to fix this?


Chris


On Thursday 09 September 2004 02:29 pm, Chris wrote:
> Hello.
>
> I am running samba 3.0.5 in an ADS environment.  I have a win2k3 server as
> the DC and my samba machine (running on Gentoo Linux) is a member of that
> domain. I am using winbind.
>
> I have three users, for this example I will call them Larry, Curly and Moe.
> All three have RW access to a share on the server called "stooges".  The
> linux perms on this directory look like this:
>
> drwxrwx---  root DOMAIN+stooges_         stooges
>
> There are other users who are members of the DOMAIN+stooges group, but
> these three are in charge and need access to a more restricted subdirectory
> of stooges.  So I made a stooges_CIA directory under the stooges share.
>
> Its linux perms look like this:
>
> drwxrwx--- root DOMAIN+stooges_CIA_   stooges_CIA
>
> Larry, Curly and Moe are all members of both the DOMAIN+stooges_CIA_ (only
> those three) and the DOMAIN+stooges_ groups (those 3 plus other users in
> the dept).
>
> Now here is the strange part:
>
> Larry and curly can access everything in the share stooges and the
> subdirectory stooges_CIA.  Moe, can access everyting in the stooges share
> but NOT anything in the stooges_CIA subdir.
>
> This makes absolutely no sense to me!  Moe is a group member of
> DOMAIN+stooges_CIA.  He shows up thusly when I do a 'getent group' or when
> I do a 'groups DOMAIN+moe'.  Likewise, he shows up on the domain controller
> as being part of that group.  *BOTH* systems have him listed in that group
> -- but for some reason he has no access!
>
> He gets this error:
>
> "\\server\stooges\stooges_CIA is not accessible.  You might not have
> permission to use this network resource.  Contact the administrator of this
> server to find out if you have access permissions."
>
> What the heck is going on here?
>
> Thanks!
>
> Chris

More information about the samba mailing list