[Samba] ACLs with Problem
Luis Henrique de Faria Guimarães
henrique at ecp.org.br
Thu Sep 22 14:43:06 GMT 2005
Hi All,
I am with problem with the permissions of windows.
The samba is not getting the ACLs permissions. I compiled version 3.0.20, with the following options:
./configure \
--prefix=/usr/local/samba \
--localstatedir=/var \
--with-configdir=/etc/samba \
--with-privatedir=/etc/samba \
--with-fhs \
--with-quotas \
--with-smbmount \
--enable-cups \
--with-pam \
--with-pam_smbpass \
--with-syslog \
--with-utmp \
--with-sambabook=/usr/local/samba/share/swat/using_samba \
--with-swatdir=/usr/local/samba/share/swat \
--with-shared-modules=idmap_rid \
--with-libsmbclient \
--with-acl-support \
--with-winbind \
--with-ads \
--with-krb5=/usr/kerberos
Below mine smb.conf:
[global]
workgroup = ECPNET
netbios name = PINHEIROS_BETA
# unix charset = iso8859-1
display charset = cp850
realm = ECP.ORG.BR
server string = Samba Server
security = ADS
auth methods = winbind
client schannel = No
password server = *
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *
passwd:*all*authentication*tokens*updated*successfully*
#username map = /usr/local/samba/etc/smbusers
password level = 8
username level = 8
log file = /var/log/samba/%m.log
log level = 3 auth:3 winbind:3
max log size = 50
nt acl support = Yes
domain admin group = admins
acl compatibility = win2k
acl map full control = yes
acl check permissions = no
acl group control = yes
inherit acls = Yes
profile acls = Yes
map acl inherit = Yes
name resolve order = host wins bcast
server signing = auto
client use spnego = Yes
socket options = TCP_NODELAY SO_RCVBUF=131072 SO_SNDBUF=131072
addprinter command = addprinter
deleteprinter command = delprinter
add machine script = /usr/sbin/useradd -d /dev/null -g 504 -c
local master = No
dns proxy = No
wins server = 10.0.0.5, 10.0.0.4
ldap ssl = no
add share command = /usr/local/samba/share/modify_samba_config.pl
change share command = /usr/local/samba/share/modify_samba_config.pl
delete share command = /usr/local/samba/share/modify_samba_config.pl
idmap uid = 10000-20000
idmap gid = 10000-20000
template homedir = /data/users/%U
template shell = /bin/ksh
winbind use default domain = Yes
admin users = corniani, administrator, henrique
read only = No
force unknown acl user = Yes
guest ok = Yes
[Teste1]
comment = Teste de ACL Linux
path = /data/teste
browseable = Yes
admin users = ECPNET\henrique
read only = No
With this configuration the users of the PDC (windows 2003) are authenticantion way telnet without problem. However, the ACL do not function. They see the exit with command getfacl teste.txt:
[root at redfree teste]# getfacl teste.txt
# file: teste.txt
# owner: root
# group: Domain Users
user::rwx
user:henrique:rw-
group::r--
mask::rw-
other::r--
The user henrique appears in linux, but he does not appear in windows. When I try to add permissions through windows appears a message of "denied access".
Somebody can help me
Luís Henrique
Departamento de Tecnologia
Esporte Clube Pinheiros
Tel: 55 11 3817 3071
henrique at ecp.org.br
More information about the samba
mailing list