[Samba] ACL rights switches back to full control with Samba + Windows 2003 ADS integration

Bart Hendrix hendrix at worldpilot.nl
Tue Dec 4 10:40:54 GMT 2007 

Hi Samba mailinglist-users

I'm installing a Samba server for a customer who already has a Windows 2003 network. The Win 2003 server is DC, DNS and fileserver and works fine but the customer wants the Samba server for more file capacity. 

In fact everything is working fine except changing the special ACL rights from users: When I logon on the Windows 2003 server and wants to change the ACL's from a share on the Linux server I can see the groups, add them and so on, but as soon as I change the special permissions from a user who has read and write access on this share and add in the advanced permissions "create folders / write data" and push the apply button the rights from this user jumps to "full control".....................(see screenshots 1-5) When I do the same actions on a share on the Windows 2003 server it's working fine as expected so It's something in the samba server. 

This is my samba configuration:

         
[root at vmware ~]# more /etc/samba/smb.conf
[global]
        workgroup = CCC
        netbios name = VMWARE 
        realm = CCC.LOCAL
        security = ads
        encrypt passwords = yes
        password server = 192.168.2.10
        socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
        os level = 20
        preferred master = no
 
        max log size = 50
        log file = /var/log/samba.ads/log.%m
 
        dns proxy = no
 
        wins server = 192.168.2.10
        wins proxy = no 
 
        # separate domain and username with '/', like DOMAIN/username
        winbind separator = /
 
        # use UIDs from 10000 to 20000 for domain users
        idmap uid = 10000-20000
        # use GIDs from 10000 to 20000 for domain groups
        idmap gid = 10000-20000
 
        # allow enumeration of winbind users and groups
        winbind enum users = yes
        winbind enum groups = yes
        #winbind user default domain = yes
 
        printcap name = /etc/printcap
        load printers = no
        printing = no

####SHARES####

[Test]
        comment = TestShare
        path = /storage/Testshare   
        read only = no
        writable = yes
        admin users = @"CCC/domain admins"
        browseable = yes         
        inherit acls = yes         
        inherit permissions = yes         
        create mask = 700         
        directory mask = 700         
        valid users = @"CCC/domain users"           

This is my fstab:
[root at vmware samba.ads]# more /etc/fstab 
/dev/VolGroup00/LogVol00 /                       ext3    defaults        1 1
LABEL=/boot             /boot                   ext3    defaults        1 2
devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
tmpfs                   /dev/shm                tmpfs   defaults        0 0
proc                    /proc                   proc    defaults        0 0
sysfs                   /sys                    sysfs   defaults        0 0
/dev/VolGroup00/LogVol01 swap                    swap    defaults        0 0
/dev/sdb1               /storage                ext3    defaults,acl    0 0 

I'm using the following Samba version: 
[root at vmware samba.ads]# rpm -q samba
samba-3.0.23c-2.el5.2.0.2

Somebody any idea what the problem could be? 

Thanks in advance, 

Bart Hendrix

More information about the samba mailing list