[Samba] Browsing.

Mon May 23 08:51:52 GMT 2005

Hi,
	I hope I've reported all you need to understand my situation:
Samba-3.0.14a on RH9 joined to Windows Server 2003 and configured with
Kerberos.
Following my smb.conf.

[global]
        netbios name = MILLX03
        os level = 16
        wins server = xxx.xxx.xxx.xxx (AD Server)
        socket options = IPTOS_LOWDELAY TCP_NODELAY SO_KEEPALIVE
        workgroup = DOMAIN
        realm = REALM.COM
        security = ADS
        encrypt passwords = yes
        allow trusted domains = Yes
        winbind use default domain = Yes
        winbind separator = /
        winbind enum users = Yes
        winbind enum groups = Yes
        idmap uid = 10000-100000
        idmap gid = 10000-100000
        hide unreadable = Yes
        template shell = /bin/false
        use sendfile = Yes
        printer admin = xxx
        admin users = xxx
        log file = /var/log/samba/log.%m
        log level = 2 auth:10 sam:10
        max log size = 50
        printcap name = cups
        disable spoolss = No
        show add printer wizard = Yes
        printing = cups
        load printers = yes
        nt acl support = Yes
        map acl inherit = Yes
        client use spnego = Yes
[data]
        comment = DATA repository
        path = /data
        read only = No
        create mask = 0775
        security mask = 0777
        force security mode = 0
        directory mask = 0775
        directory security mask = 0777
        force directory security mode = 0
        dos filetimes = yes

Following my data structure:

/data	
	/user	
		/dtomasoni 
		/another user ...

Data share is mounted on XFS filesystem so I use ACL:
/data
	# file: data
	# owner: root
	# group: root
	user::rwx
	group::r-x
	group:domain\040users:r-x
	mask::rwx
	other::r-x
	default:user::rwx
	default:group::---
	default:group:domain\040users:r-x
	default:mask::rwx
	default:other::r-x	

/user
	# file: user
	# owner: root
	# group: root
	user::rwx
	group::---
	group:domain\040users:r-x
	mask::rwx
	other::r-x
	default:user::rwx
	default:group::---
	default:group:domain\040users:r-x
	default:mask::rwx
	default:other::r-x

/dtomasoni
	# file: dtomasoni
	# owner: root
	# group: root
	user::rwx
	user:dtomasoni:rwx
	group::r-x
	mask::rwx
	other::---
	default:user::rwx
	default:user:dtomasoni:rwx
	default:group::---
	default:mask::rwx
	default:other::--- 

My target is to allow read/write permission on user's shares but nobody else
can see others share than own.
Target reached succesfully with "smbclient //millx03/data
-Udtomasoni%dtomaso", but not with "smbclient -k //millx03/data
-Udtomasoni%dtomaso", I have also reported below this behavior that
unfortunatly is the same when I connect to the share by my W2k and XP
client.

[root at millx03 data]# smbclient -k //millx03/data -Udtomasoni%dtomaso
added interface ip=xxx.xxx.xxx.xxx bcast=xxx.xxx.xxx.xxx
nmask=xxx.xxx.xxx.xxx
Doing kerberos session setup
OS=[Unix] Server=[Samba 3.0.14a]
smb: \> dir
  .                                   D        0  Mon May 16 11:17:43 2005
  ..                                  D        0  Fri May 20 15:39:24 2005
  user                                D        0  Fri May 20 18:21:48 2005

                50906 blocks of size 16384. 50894 blocks available
smb: \> cd user
smb: \user\> dir
  .                                   D        0  Fri May 20 18:21:48 2005
  ..                                  D        0  Mon May 16 11:17:43 2005

                50906 blocks of size 16384. 50894 blocks available
smb: \user\> ...

[root at millx03 data]# smbclient //millx03/data -Udtomasoni%dtomaso
added interface ip=xxx.xxx.xxx.xxx bcast=xxx.xxx.xxx.xxx
nmask=xxx.xxx.xxx.xxx
Domain=[DOMAIN] OS=[Unix] Server=[Samba 3.0.14a]
smb: \> dir
  .                                   D        0  Mon May 16 11:17:43 2005
  ..                                  D        0  Fri May 20 15:39:24 2005
  user                                D        0  Fri May 20 18:21:48 2005

                50906 blocks of size 16384. 50894 blocks available
smb: \> cd user
smb: \user\> dir
  .                                   D        0  Fri May 20 18:21:48 2005
  ..                                  D        0  Mon May 16 11:17:43 2005
  dtomasoni                           D        0  Wed May 18 19:01:55 2005

                50906 blocks of size 16384. 50894 blocks available
smb: \user\> ... 

Whats the different by these two method of authentication on browsing
folders?
Thanks a lot.
Marco.