[Samba] NTLM & Kerberos.
Meli Marco
Marco.Meli at gknsintermetals.com
Tue Nov 15 08:48:16 GMT 2005
Hi all,
I'm working with samba 3.0.20a on Suse9.2, with followings files setted:
[global]
netbios name = NAME
wins server = XXX.XXX.XXX.XXX
workgroup = DOMAIN
realm = DOMAIN.COM
security = ADS
password server = *
encrypt passwords = yes
allow trusted domains = Yes
winbind use default domain = Yes
winbind separator = /
winbind enum users = Yes
winbind enum groups = Yes
winbind nested groups = Yes
idmap uid = 10000-100000
idmap gid = 10000-100000
admin users = ***
log file = /var/log/samba/log.%m
log level = 10 acls:10
max log size = 50
nt acl support = Yes
map acl inherit = Yes
hide unreadable = Yes
ldap ssl = No
[data]
comment = DATA repository
path = /data
read only = No
------------------------------------------------------------------------
I have followings permissions folders setted:
/data read permissions to domain
users and evryone
/user read permissions to domain
users
/user_one owned by user_one excluded
permissions by everyone
/user_two owned by user_one excluded
permissions by everyone
/user_three owned by user_one excluded
permissions by everyone
Why with Parameter "hide unreadable = Yes" and I'm logged in as user_one I
can't see my personal folder since I have full permissions on it?
This behaviour isn't what I'm expected and it happened only by my samba file
server was joined to ADS while when joined to NT4 it worked.
Using Etheral I can only see that in the case Kerberos authentication
failes, NTLMSSP perform authentication task and in this case ACL settings
behaviour works as I'm expected as in NT4 style.
Thanks.
Marco.
More information about the samba
mailing list