[Samba] Windows ACL modify ability?

Louis van Belle louis at van-belle.nl
Tue Jan 3 13:15:45 GMT 2006 

does your kernel support ACL and Extended Attributes.

Also  you can set the following settings

inherit acls = (yes/no)
nt acl support = 
map hidden = no
map system = no
map achieve = no
store dos attributes = yes
ea support = yes

u combine above settings for your enviroment.
Als dit you set the privileges for the samba server
or do you set the rights as root 

Louis


>-----Oorspronkelijk bericht-----
>Van: Mike Partyka [mailto:mpartyka at gmail.com] 
>Verzonden: dinsdag 3 januari 2006 13:56
>Aan: Louis van Belle
>CC: samba at lists.samba.org
>Onderwerp: Re: [Samba] Windows ACL modify ability?
>
>Samba 3.0.14a server which is a domain member server of a 2003 
>Active Directory and Domain Controller.
> 
>There are no errors that appear in the windows servers event 
>log, and my smb.conf is pretty simple:
>
>[global]
>        unix charset = LOCALE
>        workgroup = mrpartyka
>        realm = MRPARTYKA.DOMAIN
>        server string = SMBv3.0.14a/MS ADS/winbindd
>        security = ads
>        log level = 1
>        syslog = 0
>        log file = /var/log/samba/%m
>        max log size = 50
>        printcap name = CUPS
>        ldap ssl = No
>        idmap uid = 10000-40000000
>        idmap gid = 10000-40000000
>        template primary group = "Domain Users"
>        template shell = /bin/bash
>        nt acl support = Yes
>        printing = cups
>        # winbind trusted domains only = Yes
>        winbind separator = \#
>
>[ftp]
>        comment = All users share
>        path = /ftproot
>        valid users = @"MRPARTYKA\Domain Users"
>        writeable = Yes
>        browseable = Yes
>
>As i said originally, my goal here is to manage 
>permissions's/ACL's from the server 2003 MMC, but any time i 
>try to add or remove groups for access on either the Security 
>tab or the Permissions tab, i get the message "changes could 
>not be saved, access is denied". Also, though the message 
>indicates the changes are not saved, if you open the share 
>properties window again and go to the same permission you just 
>tried to adjust, the group is there, but when you selected the 
>group from the AD container, it looked like "MRPARTYA\Domain 
>Users" and now it's liked as "SAND\Domain Users". SAND is the 
>hostname of the samba server.
>
>Is this expected behavior? Due to winbindd making AD groups 
>and users appear as though they are local groups/users of the 
>Samba server? Samba logging indicates this:
>
>[2006/01/03 06:43:18, 0] rpc_server/srv_pipe.c:api_pipe_bind_req(993)
>  api_pipe_bind_req: unknown auth type 9 requested.
>[2006/01/03 06:43:18, 1] smbd/service.c:make_connection_snum(642)
>  192.168.0.7 (192.168.0.7) connect to service ftp initially 
>as user MRPARTYKA\administrator (uid=10000, gid=10000) (pid 3343)
>[2006/01/03 06:43:18, 0] rpc_server/srv_pipe.c:api_pipe_bind_req(993)
>  api_pipe_bind_req: unknown auth type 9 requested.
>[2006/01/03 06:43:22, 0] rpc_server/srv_pipe.c:api_pipe_bind_req(993)
>  api_pipe_bind_req: unknown auth type 9 requested.
>[2006/01/03 06:43:29, 1] smbd/service.c:close_cnum(830)
>  192.168.0.7 (192.168.0.7) closed connection to service ftp
>
>I have many messages in the Samba archive asking about enties 
>like this, but i did not see any responses explaining it. 
>
>Any ideas about how i can correct this problem and manage 
>share permissions from the server MMC?
>
>TIA, 
>
>
> 
>On 1/3/06, Louis van Belle <louis at van-belle.nl > wrote: 
>
>	Hi,
>	
>	first which version of samba are you running?
>	are you running pdc or AD Member ? 
>	
>	etc etc. 
>	need more input ;-)
>	
>	Louis
>	
>	
>	
>	>-----Oorspronkelijk bericht-----
>	>Van: samba-bounces+louis= van-belle.nl at lists.samba.org 
><mailto:van-belle.nl at lists.samba.org> 
>	>[mailto: 
>samba-bounces+louis=van-belle.nl at lists.samba.org 
><mailto:samba-bounces+louis=van-belle.nl at lists.samba.org> ]
>	>Namens Mike Partyka
>	>Verzonden: maandag 2 januari 2006 23:50
>	>Aan: samba at lists.samba.org <mailto:samba at lists.samba.org> 
>	>Onderwerp: [Samba] Windows ACL modify ability? 
>	>
>	>I have posted several questions now and have ben unsuccessful
>	>in getting any
>	>responses, so i thought i would take a different tack.
>	>
>	>I know adjusting permissions on Samba shares, through the 
>	>Microsoft MMC is
>	>possible when you have POSIX ACL support compiled in your
>	>kernel. I don't
>	>think that level of control is necessary for me and short of
>	>recompiling the
>	>kernel for that support i have been unable to adjust 
>	>permissions on Samba
>	>shares through the MMC, i keep getting "Access is denied".
>	>
>	>Could someone just toss out a couple ideas about 
>whether adjustments to
>	>ACL's ar possible without kernel POSIX ACL support and 
>if so, what some 
>	>causes of the "Access is denied" could be?
>	>
>	>TIA,
>	>
>	>-MIKE
>	>--
>	>To unsubscribe from this list go to the following URL 
>and read the
>	>instructions:   
>https://lists.samba.org/mailman/listinfo/samba 
><https://lists.samba.org/mailman/listinfo/samba> 
>	>
>	
>	--
>	To unsubscribe from this list go to the following URL 
>and read the
>	instructions:   
>https://lists.samba.org/mailman/listinfo/samba 
><https://lists.samba.org/mailman/listinfo/samba> 
>	
>
>
>

More information about the samba mailing list