[Samba] ACL rights switches back to full control with Samba +
Windows 2003 ADS integration
Bart Hendrix
hendrix at worldpilot.nl
Tue Dec 4 10:40:54 GMT 2007
Hi Samba mailinglist-users
I'm installing a Samba server for a customer who already has a Windows 2003 network. The Win 2003 server is DC, DNS and fileserver and works fine but the customer wants the Samba server for more file capacity.
In fact everything is working fine except changing the special ACL rights from users: When I logon on the Windows 2003 server and wants to change the ACL's from a share on the Linux server I can see the groups, add them and so on, but as soon as I change the special permissions from a user who has read and write access on this share and add in the advanced permissions "create folders / write data" and push the apply button the rights from this user jumps to "full control".....................(see screenshots 1-5) When I do the same actions on a share on the Windows 2003 server it's working fine as expected so It's something in the samba server.
This is my samba configuration:
[root at vmware ~]# more /etc/samba/smb.conf
[global]
workgroup = CCC
netbios name = VMWARE
realm = CCC.LOCAL
security = ads
encrypt passwords = yes
password server = 192.168.2.10
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
os level = 20
preferred master = no
max log size = 50
log file = /var/log/samba.ads/log.%m
dns proxy = no
wins server = 192.168.2.10
wins proxy = no
# separate domain and username with '/', like DOMAIN/username
winbind separator = /
# use UIDs from 10000 to 20000 for domain users
idmap uid = 10000-20000
# use GIDs from 10000 to 20000 for domain groups
idmap gid = 10000-20000
# allow enumeration of winbind users and groups
winbind enum users = yes
winbind enum groups = yes
#winbind user default domain = yes
printcap name = /etc/printcap
load printers = no
printing = no
####SHARES####
[Test]
comment = TestShare
path = /storage/Testshare
read only = no
writable = yes
admin users = @"CCC/domain admins"
browseable = yes
inherit acls = yes
inherit permissions = yes
create mask = 700
directory mask = 700
valid users = @"CCC/domain users"
This is my fstab:
[root at vmware samba.ads]# more /etc/fstab
/dev/VolGroup00/LogVol00 / ext3 defaults 1 1
LABEL=/boot /boot ext3 defaults 1 2
devpts /dev/pts devpts gid=5,mode=620 0 0
tmpfs /dev/shm tmpfs defaults 0 0
proc /proc proc defaults 0 0
sysfs /sys sysfs defaults 0 0
/dev/VolGroup00/LogVol01 swap swap defaults 0 0
/dev/sdb1 /storage ext3 defaults,acl 0 0
I'm using the following Samba version:
[root at vmware samba.ads]# rpm -q samba
samba-3.0.23c-2.el5.2.0.2
Somebody any idea what the problem could be?
Thanks in advance,
Bart Hendrix
More information about the samba
mailing list