[Samba] Userrights problem: Samba PDC + OpenLDAP
Jens Schmidt
samba.lists.samba.org at actinoide.de
Mon May 14 14:40:28 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello there,
i have a new problem with my samba :-).
i'd created a new user in the OpenLDAP. Then i joined the Domain and
tried to browse in the homedir of the new user.
Here are the rights under Linux:
[16:27:52] jens at saphira:~ > ll
total 1.8M
drwxrwx--- 7 jens Domain Users 632 May 14 16:27 .
drwxrwxrwx 15 nobody root 360 May 12 02:15 ..
- -rw------- 1 jens Domain Users 265 May 14 16:27 .Xauthority
- -rwxrwx--- 1 jens Domain Users 1.1K May 13 02:24 .bash_history
- -rwxrwx--- 1 jens Domain Users 382 May 12 02:39 .bash_logout
- -rwxrwx--- 1 jens Domain Users 333 May 9 14:29 .bash_profile
- -rwxrwx--- 1 jens Domain Users 2.4K May 12 02:36 .bashrc
- -rwxrwx--- 1 jens Domain Users 707 May 12 02:38 .inputrc
drwxrwx--- 3 jens Domain Users 144 May 9 14:14 .irssi
- -rwxrwx--- 1 jens Domain Users 35 May 10 00:17 .lesshst
- -rwxrwx--- 1 jens Domain Users 14K May 12 00:07 .linux_changelog
- -rwxrwx--- 1 jens Domain Users 5.5K May 12 15:54 .viminfo
- -rwxrwx--- 1 jens Domain Users 778 May 9 14:12 .vimrc
drwxrwx--- 2 jens Domain Users 48 May 8 20:49 .vmware
drwxrwx--- 2 jens Domain Users 48 May 9 17:06 Mail
drwxr-xr-x 2 jens Domain Users 48 May 13 01:17 Neuer Ordner
[16:27:54] jens at saphira:~ >
As you can see, only the Folder called "Neuer Ordner" is r-x for
"others". The Folder called "Mail" isnt readeble for others.
And here is my problem: I cant see the Folder Mail (because of the
Option "hide unreadable = yes" in samba) but i should read it, becaus
iam logged in as "jens". And "jens" is a user of the group "Domain Users":
[16:27:54] jens at saphira:~ > id
uid=1337(jens) gid=513(Domain Users)
groups=20(dialout),24(cdrom),25(floppy),29(audio),44(video),46(plugdev),512(Domain
Admins),513(Domain Users)
[16:30:53] jens at saphira:~ >
So, i think i should read the folder Mail. But i can only see "Neuer
Ordner", because its readable for "others".
Furthermore i created the Folder "Neuer Ordner" over Samba. So, its
created automatically as "jens" and "Domain Users".
This is my Samba Configuration:
[global]
workgroup = JJAGS
netbios name = saphira
server string = JJags Fileserver im Centuri Network
dns proxy = no
wins support = yes
interfaces = 192.168.1.0/24 eth0
bind interfaces only = true
profile acls = Yes
log file = /var/log/samba/log.%m
max log size = 3000
log level = 2
syslog = 0
panic action = /usr/share/samba/panic-action %d
passdb backend = ldapsam:ldap://localhost/
unix password sync = no
domain logons = yes
local master = yes
preferred master = yes
os level = 64
dos charset = 850
unix charset = ISO-8859-15
display charset = ISO-8859-15
time server = Yes
socket options = SO_KEEPALIVE IPTOS_LOWDELAY SO_SNDBUF=8192
SO_RCVBUF=8192
add user script = /usr/sbin/smbldap-useradd -m '%u'
delete user script = /usr/sbin/smbldap-userdel %u
add group script = /usr/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%g' '%u'
delete user from group script = /usr/sbin/smbldap-groupmod -x '%g' '%u'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
add machine script = /usr/sbin/smbldap-useradd -w '%u'
logon path = \\%L\profiles\%U
logon drive = H:
logon home = \\%L\%U
logon script = logon.cmd
socket options = TCP_NODELAY
domain master = yes
ldap suffix = dc=centuri,dc=lan
ldap admin dn = cn=manager,dc=centuri,dc=lan
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap machine suffix = ou=Machine
ldap ssl = no
ldap delete dn = Yes
admin users = root, Administrator
security = user
encrypt passwords = yes
#ntlm auth = no
#lanman auth = no
#client ntlmv2 auth = yes
null passwords = no
hide unreadable = yes
hide dot files = yes
#======================= Share Definitions =======================
[netlogon]
comment = Network Logon Service
path = /var/samba/netlogon
public = no
; guest ok = yes
writable = no
share modes = no
browseable = no
[profiles]
comment = Users profiles
path = /var/samba/profiles
; guest ok = no
guest ok = yes
writeable = yes
browseable = no
preserve case = no
case sensitive = no
create mask = 0666
directory mask = 0777
hide files = /desktop.ini/ntuser.ini/NTUSER.*/
write list = "@Domain Users" "@Domain Admins"
default case = lower
[homes]
comment = Home Directory
path = /home/%U
browseable = no
#valid users = %S
writable = yes
#guest ok = no
#inherit permissions = yes
#create mask = 0700
#directory mask = 0700
[public]
comment = Public Share
path = /mnt/public
browseable = yes
guest ok = no
I hope someone can help me. Maybe there is a option, where Samba forks a
process with USER ID of the Logged in Person (in this case: "jens"). And
with that user, the process can read my files.
Thanks a lot.
Jens.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQIVAwUBRkh024nNy9K3Yw0FAQKIVxAAg8xdDXCtKgnRznfvdnQibW3MXeYNZgV+
7wNOjd+F1EVYsnxMBupwi26Gstv5sj9OXoXqF/9FBTuEKT+tecuTlsxzJG9vNlEG
h/4YwsorjBY56SmA2wDa/3YWmyRzU3IZ/GgFsT4hsSyHv2tki2V8Rn9aVfq7tJG9
fbDT4dZpy985euHofnDDCLstp8CkuQ7nNmpuCLP1tsx8pWUSsHiVfrXj7jsswO78
0gS6oI1gTyYWhRWGammRRI8PNzS84jIBNjuSDxYr1oM2lQR5u7jfyuFJV9qcojrO
Sl301NkzpD+JXOFeJOPVnXSXsp9YAUTOl0kv7XamG5rHd/yxeXHmQbL6NBpP2LRM
9OhdI+oeQs2NVBxs4QvziKe/E+0oxaINqFVYxtJ7TPi3rSX2YhjLsd0AocJJTfOq
5veIKHoE2TI5ldztwJsgNHd3f047PdAJZSxQMgvQHd9yxxQaUwZQhVKQx2UEuU0i
3YTJKmVudIANNljpg/sa18p5CnFWfF2VX8ASbpbYYIxzJGzGa4NcBiafw7ggnc4M
8Ak4FObkbZVvRQYkkVG9Bx4I99v4FMIVye9XiXYlQJsZv7Ow5AwDxPwyP5KXbtfl
AqbD3WeOOqVbZ7fDtPGetQefgF8CLrDNSJML8Cs4UD9BNCofRNrVMG6ZkLG7aS4J
3POAr1wQKHg=
=Y6aN
-----END PGP SIGNATURE-----
More information about the samba
mailing list