[Samba] Samba and Windows ACL Issue

Ross McInnes sysrm at stvincent.ac.uk
Fri May 27 13:20:40 GMT 2005 

Hi all got a bit of and odd problem with ACL. Ive read up on a few bits in
the samba howto and read some threads on here about it.

Im not sure if this is a bug, something ive not done, doing wrong etc so
anyone that could shed some light on it that would be great.

Basically the windows box handles all user account processing and during
creating a script for all this it will attempt to change the permissions on
the HOME directory to the user in question

(i.e C:\>cacls Z:\Students\2005\sb05 /G sb05:F /T /E)

But I always get Access is denied. Even tho its currently owned by
administrator.

Trying the "manual" way, and the ways listed in the offical samba howto
guide produces similar results.

The only way I can change the owner is to go into linux and use the chown
command.

After that its set to the correct user and all is well... Except by doing it
by hand kinda rains on my lovely automatic user creation script!

Samba.log file shows me no errors, as do any of the others. If there a
switch/option I need to enable?

Below is smb.conf

Im running RHES3, Samba 3.0.14a and Windows 2k3 AD in mixed Mode.

Many thanks

Ross

[global]
        netbios name = DEV1
        socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind enum users = yes
        winbind gid = 10000-20000
        workgroup = DEV-DOMAIN
        log file = /var/log/samba/samba.log
        os level = 20
        ldap idmap suffix = ou=auth1,dc=dev-domain,dc=stvincent,dc=ac,dc=uk
        winbind enum groups = yes
#        socket address = 1.2.3.4 <- Change this to match the IP address or
remove it to listen to all addresses.
        password server = auth1.DEV-DOMAIN.STVINCENT.AC.UK
        preferred master = no
        winbind separator = +
        winbind use default domain = yes
        max log size = 500 <- In K
        encrypt passwords = yes
        dns proxy = no
        realm = DEV-DOMAIN.STVINCENT.AC.UK
        security = ADS
        wins server = 172.16.2.254
        wins proxy = no
#       nt acl support = No


# Shares section
[adminshare]
        comment = testshare
        browseable = no
        writeable = yes
        guest ok = no
#       valid users = Administrator
        create mode = 0750
        path = /home


[homes]
        comment = Personal Storage Area
        browseable = no
        guest ok = no
        writable = yes
        create mode = 0750
        path = /home/DEV-DOMAIN/%U
        vfs object = recycle:repository=.recycle
                    recycle:versions=True
                    recycle:touch=True
                    recycle:keeptree=True
 
recycle:exclude=*.tmp|*.temp|*.o|*.obj|~$*|t*.1|t*.2|t*.3|t*.4|t*.5|t*.6|t$
                    recycle:exclude_dir=/tmp|/temp
                    recycle:noversions=*.doc|*.xls|*.ppt

More information about the samba mailing list