[Samba] samba menber of AD domain and ACL support question
Eric Belhomme
{gmane}+no/spam at ricospirit.net
Tue Jan 17 09:32:56 GMT 2006
Hi,
I'm running a file server on a Debian Sarge Server with official packaged
samba packages from debian (3.0.14a-Debian).
This server is a member of an AD Windows 2000 domain, so kerberos and
winbind are well configured on this computer (AD members can log on and
so on...)
Samba shares a volumes formatted with xfs from stock debian kernel
(2.6.8-2-386) with acl extentions activated :
[impressions]
path = /var/smbspool/pdf/nobody
browseable = yes
create mode = 666
writable = yes
nt acl support = yes
I put some basic acls ont his share :
srvpdf:/var/smbspool/pdf# getfacl ./nobody
# file: nobody
# owner: nobody
# group: nogroup
user::rwx
user:ICSB2K+administrateur:rwx
group::rwx
group:ICSB2K+utilisa.\040du\040domaine:r-x
group:ICSB2K+technique:rwx
mask::rwx
other::rwx
So ACLs on this share reports some members should get all privileges on
this directory.
Now let's go on a Win2k workstation an logon at Administrator... If I
browse the share and open properties/security options :
- users are well listed, for eatch user, there absolutly no privilege
cases marked (all cases are blank)
- if I open advanced privileges, i can see users have rights (for example
nobody and icsb2k/administrator have all privileges activated,
icsb/domain users have only some)
- if i try to modify privileges (i'm logged a icsb2k\administrator) I get
a message "Unable to save privileges on this share\n access forbidden"
(axproximate translation, my windows is in french...)
my questions are :
- why get I a strange display on security option ?
- why can't I able to modify privileges via windows ?
regards,
--
Rico
More information about the samba
mailing list