[Samba] Domain Users Group Effective Permissions on Workstation
files after upgrade from 3.0.4 to 3.0.11
Roger Crom
crom at ccccorp.com
Tue Feb 15 23:00:28 GMT 2005
I have had a running 3.0.4 server running for quite some time with no
problem.
I built a new server with Fedora core 3 & ending up with SAMBA 3.0.11
running.
Workstation running windows xp pro with sp2 applied
Things are generally ok, but I am finding that group permissions at the
workstation are not being carried to the user, specifically for Domain
Users. Domain Admins appear to be progating properly
users/group authentication is through NIS with local smbpasswd file
Group is the primary group for user
NO LDAP involved
file permissions on the samba server appear to be working just fine
The only problem is effective permissions at the directory level on the
local workstation
Example:
directory has permssions assigned of full control to "Domain Users"
A user tammy is in unix group CCC which is mapped to "Domain Users"
net groupmap list :
System Operators (S-1-5-32-549) -> -1
Replicators (S-1-5-32-552) -> -1
Guests (S-1-5-32-546) -> -1
Domain Admins (S-1-5-21-892218768-3045639999-384985677-512) -> systems
Power Users (S-1-5-32-547) -> -1
Print Operators (S-1-5-32-550) -> -1
Administrators (S-1-5-32-544) -> -1
Print Operators (S-1-5-21-892218768-3045639999-384985677-550) -> CCC
Domain Users (S-1-5-21-892218768-3045639999-384985677-513) -> CCC
Account Operators (S-1-5-32-548) -> -1
Domain Guests (S-1-5-21-892218768-3045639999-384985677-514) -> nobody
Backup Operators (S-1-5-32-551) -> -1
Users (S-1-5-32-545) -> CCC
when we check effective permissions at the xp workstation user is not
being assigned the permissions associated with "Domain Users"
smb.conf file follows:
print from testparm -s
[global]
workgroup = CCCDISTRICT
server string = Freelog
interfaces = 172.16.1.16/24
update encrypted = Yes
null passwords = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *password* %n\n *password* %n\n *
unix password sync = Yes
log level = 9
log file = /var/log/samba/log.%m
max log size = 500
name resolve order = host wins bcast
socket options = TCP_NODELAY SO_RCVBUF=8192 IPTOS_LOWDELAY
SO_RCVBUF=8192 SO_SNDBUF=8192
logon script = scripts\%U.bat
logon path =
logon drive = g:
logon home = \\%L\%U
domain logons = Yes
os level = 255
preferred master = Yes
domain master = Yes
wins proxy = Yes
wins support = Yes
ldap ssl = no
invalid users = bin, daemon, adm, sync, shutdown, halt, mail, news
admin users = crom
hosts allow = 172.16.1.0/24, 127.0.0.1[homes]
comment = Home Directory
path = /shares/users/%u
force group = users
read only = No
create mask = 0700
directory mask = 0700
default case = upper
browseable = No
hosts deny = all
profile acls = Yes
preserve case = No
short preserve case = No
[Software]
comment = Software
path = /shares/software
valid users = @CCC
write list = @CCC
force group = CCC
read only = No
create mask = 0770
directory mask = 0770
default case = upper
[netlogon]
comment = Network Logon Service
path = /shares/netlogon
browseable = No
locking = No
share modes = No
[profile]
path = /shares/profile
read only = No
create mask = 0600
directory mask = 0700
csc policy = disable
[accounting]
comment = Printer in Steve White's Office
path = /tmp
printer admin = @CCC
printable = Yes
More printer shares below
Any questions help would be greatly appreciated
--
Roger A. Crom
Director of Systems
Custom Computing Corporation
(402) 341-2197
More information about the samba
mailing list