[Samba] Problems with Samba as a ADS domain member

Andreas Stallmann stallmann at dawin.de
Tue Oct 11 10:07:03 GMT 2005


Hi there,

I have some problems with a samba server (v. 3.0.14a installed on gentoo
linux 2005.1), which is a domain member server in an windows 2003 active
directory domain.

The authentication works fine, and when I set the permissions on the
Linux side for a certain user on a certain folder, he will have the
access I granted him. As I'm using reiserfs with acl-support for the
/-partition and xfs (which has acl build in) for /home, I can even chown
a folder to several users (by using setfacl). Nice.

Now, here's what causing me trouble:
User and group permissions are not displayed correctly in windows
explorer. Well... you can see, who has permissions on the directories,
but there are no checkboxes set. As the local admin of our customer is a
pure Windows guy, I can't tell him to set permissions via a Linux
commandline. He'd like to do this via Windows Explorer. Shouldn't this
work? Or am I working on a problem that can not be solved with samba?
Are there any errors in my smb.conf? At least, testparm

As gentoo is not using the latest samba version (3.0.14a-r2 instead of
3.0.20a), I will test the scenario with a new samba compiled from the
original sources. Will that be helpful?

My smb.conf looks like that:

[global]
     netbios name = fileserver-2
     server string = Samba Server %v
     log file = /var/log/samba/samba.log
     log level = 9
     smb passwd file = /var/lib/samba/private/smbpasswd
     username level = 8
     os level = 33
     domain master = no
     local master = no
     prefered master = no
     domain logons = no
     username map = /etc/samba/smbusers
     map to guest = bad user
     encrypt passwords = yes
     realm = mein-kunde.de
     workgroup = mein-kunde
     security = ads
# Winbind Parameter
     idmap uid = 10000-20000
     idmap gid = 10000-20000
     winbind uid = 10000-20000
     winbind gid = 10000-20000
     winbind enum users = yes
     winbind enum groups = yes
     template homedir = /home/userdaten/%U
     template shell = /bin/false
     ;winbind enable local accounts = yes
# ACL Parameter
     inherit acls = yes
     acl compatibility = auto
     map acl inherit = yes
# Behebung einiger Kompatibilitätsprobleme
     #store dos attributes = yes
     #dos filemode = yes
     #dos filetimes = yes
     #dos filetime resolution = yes
     max protocol = NT1
     min protocol = NT1
     client lanman auth = no
     lanman auth = no
# Netlogon Konfiguration
     logon path = \\%L\PROFILE\%U
     logon drive = h:

#----- Freigaben -----#

[homes]
     comment = Home Directory
     browseable = no
     writeable = yes

[tmp]
     comment = Temporary file space
     path = /tmp
     read only = no
     public = yes

[USERDATEN]
     comment = Home Directory
     path = /home/userdaten
     read only = no
     writeable = yes

[gruppenspeicher]
     comment = Home Directory
     path = /home/gruppenspeicher
     read only = no

[PROFILE]
     comment = User Profile
     path = /home/profile
     read only = no
     writeable = yes

[netlogon]
     comment = Logonscripte
     path = /home/netlogon
     browseable = no


Regards,

Andreas
-- 
dawin GmbH - Andreas Stallmann - Consultant
Belgische Allee 50 - 53842 Troisdorf
FON +49 (0)2241 / 39 71 98 - 0
FAX +49 (0)2241 / 39 71 98 - 9
-- 
dawin GmbH - Andreas Stallmann - Consultant
Belgische Allee 50 - 53842 Troisdorf
FON +49 (0)2241 / 39 71 98 - 0
FAX +49 (0)2241 / 39 71 98 - 9


-- 
dawin GmbH - Andreas Stallmann - Consultant
Belgische Allee 50 - 53842 Troisdorf
FON +49 (0)2241 / 39 71 98 - 0
FAX +49 (0)2241 / 39 71 98 - 9


More information about the samba mailing list