[Samba] UPDATE - NT_STATUS_ACCESS_DENIED making remote directory
Thompson, Jimi
JimiT at mail.cox.smu.edu
Thu Sep 6 18:02:43 GMT 2007
Well, I've discovered something and I'm not sure how to make it stop
doing it. When a user "logs in" they get an automatically assigned
group of "domain users" which doesn't actually exist in any of the file
permissions. I've tried setting group = %G and force group = %G but
neither one is working. If anyone knows how to suppress this, I'd be
greatly appreciative.
Vital Stats - AMD 64-bit CPU, Ubuntu 7.0.4 (Feisty Fawn), Samba 3.0.24,
Win2003 AD Domain
If I've left anything out, please feel free to ask. This *was* working
yesterday until my Kerberos ticket expired. (growl) Anyway, now that
Kerberos appears to be working again, all of my users still only have
read access - no write access. The "temp" test works fine. Exactly as
expected - full access. Nothing should have changed in the last 24
hours on the AD side so I'm not sure why all of a sudden I'm getting
read only access for my user shares. Samba & the authentication seems
to be working. I get sensible and complete results when I do a wbinfo
-u and -g. When I try mapping the share and doing stuff from the actual
Ubuntu server, I see that no user is allowed write access to their own
home directory. I was hoping that one of you folk might have some
insight.
[global]
workgroup = COX
realm = ELCSB.NET
server string = bakserve2
security = DOMAIN
log level = 3
log file = /var/log/samba/%m
max log size = 50
printcap name = cups
disable spoolss = Yes
show add printer wizard = No
os level = 33
preferred master = No
local master = No
domain master = No
wins server = 129.119.81.20
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
winbind cache time = 10
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
[homes]
comment = Home Directories
path = /home/%U
user = %U
valid users = COX\%S
read only = No
create mask = 0770
directory mask = 0770
writeable = Yes
browseable = Yes
[temp]
comment = Temp Test
path = /tmp
writeable = Yes
browseable = Yes
read only = No
Thanks,
Ms. Jimi Thompson, CISSP
Manager of Web Operations
SMU Cox School of Business
"Contemplate the mangled bodies of your countrymen and then ask
yourself, What should be the reward of such sacrifices... If ye love
wealth better than freedom, the tranquility of servitude than the
animating contest of freedom, go from us in peace. We ask not your
counsels or arms. Crouch down and lick the hands that feed you. May
your chains sit lightly upon you, and may posterity forget that ye were
our countrymen." - Samuel Adams This from our founding fathers. I
wonder what they'd think of the Patriot Act & the Emergency Powers Act.
More information about the samba
mailing list