[Samba] Problems with Privileges
Harry Jede
walk2sun at arcor.de
Wed Dec 31 17:08:37 GMT 2008
Hi all,
I am using samba 3.2.6 on Debian lenny
I can create user and groups with the UserManger for NT. It is also possible to add users to groups.
But if I then try to open the group again with the UserManger for NT, I get an ACCESS DENIED ERROR.
However the user has all rights, which I am able to set:
net rpc rights list ytom SeMachineAccountPrivilege
SeTakeOwnershipPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeRemoteShutdownPrivilege
SePrintOperatorPrivilege
SeAddUsersPrivilege
SeDiskOperatorPrivilege
tail -f /var/log/samba/log.ytom
[2008/12/31 17:42:54, 2] rpc_server/srv_samr_nt.c:_samr_LookupDomain(3571)
Returning domain sid for domain SCHULE -> S-1-5-21-2462391502-1360153102-2655098952
[2008/12/31 17:42:54, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344)
init_group_from_ldap: Entry found for group: 9018
[2008/12/31 17:42:54, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344)
init_group_from_ldap: Entry found for group: 9018
[2008/12/31 17:42:54, 2] passdb/pdb_ldap.c:init_group_from_ldap(2344)
init_group_from_ldap: Entry found for group: 9018
[2008/12/31 17:42:55, 2] rpc_server/srv_samr_nt.c:access_check_samr_function(246)
_samr__LookupRids: ACCESS DENIED (granted: 0x000d067a; required: 0x00000100)
cat /etc/samba/smb.conf
[global]
unix charset = LOCALE
workgroup = SCHULE
netbios name = SERVER-1
server string = %h server
interfaces = 192.168.231.48/24, 127.0.0.1/8
bind interfaces only = Yes
security = user
name resolve order = wins bcast host
passdb backend = ldapsam
lanman auth = Yes
syslog = 0
max log size = 1000
log level = 2
log file = /var/log/samba/log.%m
log file = /var/log/samba/log.%U
add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add group script = /usr/sbin/smbldap-groupadd -p -a "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
logon script = logon.bat
logon drive = L:
logon path = \\%L\Profiles\%U
logon home = \\%L\%U
domain logons = Yes
domain master = Yes
local master = yes
preferred master =yes
os level = 254
wins support = Yes
ldap admin dn = cn=admin,dc=schule,dc=xx
ldap delete dn = Yes
ldap machine suffix = ou=ARBEITSSTATIONEN,o=SCHULE
ldap passwd sync = Yes
ldap suffix = dc=schule,dc=xx
ldap debug level = 160
panic action = /usr/share/samba/panic-action %d
template shell = /bin/bash
template homedir = /home/%g/%U
ea support = Yes
store dos attributes = Yes
[IPC$]
path = /var/log/samba/tmp
[homes]
comment = Home Directories
read only = No
create mask = 0755
browseable = No
[Profiles]
path = /home/samba/Profiles
create mask = 0600
directory mask = 0700
nt acl support = no
read only = no
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
admin users = @domainadmins
guest ok = Yes
read only = Yes
--
Gruss
Harry Jede
More information about the samba
mailing list