[Samba] Permission denied errors when accessing shares on
second DC after upgrade to 3.0.23c
Marc Muehlfeld
Marc.Muehlfeld at medizinische-genetik.de
Fri Nov 17 20:15:20 GMT 2006
Nobody have a hint for me? :-(
--
Marc Muehlfeld (Leitung Systemadministration)
Zentrum fuer Humangenetik und Laboratoriumsmedizin Dr. Klein und Dr. Rost
Lochhamer Str. 29 - D-82152 Martinsried
Telefon: +49(0)89/895578-0 - Fax: +49(0)89/895578-78
http://www.medizinische-genetik.de
Marc Muehlfeld schrieb:
> Hello,
>
>
> since updating Samba from 3.0.22 to 3.0.23c I have trouble accessing
> shares on my first DC from computers out of my second domain.
>
> I have two DomainControllers (MUC, PASING). On both DC I have a
> domaingroup "zyto" (mapped name is "Zytogenetik") with gid=202 and a user
> muehlfeld with uid=1061. Passdb are different ldap subtrees. The SIDs of
> the group and the user differs, because of the different Domain-SID. Both
> domains trust each other.
>
> I have a share "MetaSetup" on my DC of domain MUC. From any workstation
> on MUC I can access it like before I updated to 3.0.23c, but from
> workstations out of domain PASING, I get a "Permission denied" error.
>
> The logfile now shows me at debug level 10:
> chdir (/shares/MetaSystems/MetaSetup) failed
>
> But im able to enter this directory, because my user is in group zyto:
>
>
> # la -d /shares/MetaSystems/MetaSetup
> drwxrws--- 25 zytogenetik zyto 736 Nov 7 13:05
> /shares/MetaSystems/MetaSetup
>
>
> This is the section for this share:
>
>
> [MetaSetup]
> path = /shares/MetaSystems/MetaSetup browseable = yes force create mode =
> 0660
> force directory mode = 2770 guest ok = no #valid users = +"MUC\Zytogenetik"
> +"PASING\Zytogenetik"
> #invalid users =
>
>
> When I enable "in/valid users", like it was before, i don`t get the
> permission denied error, I get a request window for username and password.
> If I logon there with PASING\muehlfeld, I can enter the share. But I
> need the automatic mapping again, because the share is mapped in
> logonscript.
>
> Yesterday I tried out some different settings (set sambaGroupType from 2
> to 4) and changed valid users to "+Zytogenetik", and it worked after a
> reload. Then I did a restart without changing anything else, and it quit
> working again. I tried to reproduce this, and got the same after many
> retries again. But happens very sporadically.
>
>
> Best regards Marc
>
>
>
> PS: I think winbind could be a better way to do, but I tried and was only
> able to get users and groups from the other domain, not from the own,
> when I run it on my DC. Is this planed for future releases?
>
>
>
>
> --
> Marc Muehlfeld
> Zentrum fuer Humangenetik und Laboratoriumsmedizin Dr. Klein und Dr. Rost
> Lochhamer Str. 29 - D-82152 Martinsried
> Telefon: +49(0)89/895578-0 - Fax: +49(0)89/895578-78
> http://www.medizinische-genetik.de
>
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
>
>
More information about the samba
mailing list