[Samba] Samba Secondary Groups

David van Laatum david at vanlaatum.id.au
Fri Apr 23 02:11:51 MDT 2010 

Thanks for the reply. After spending 2 days trying to get 3.5.2 compiled and 
working right I went back to the old version for a bit and discovered that 
writable = yes on the share fixed it..... little confused why I could write to 
some shares even though I didn't have it but all seems to work properly now.

Only thing Ive noticed is that I can't seem to change permissions from windows 
on a file/directory unless I personally own the file but not sure if that's a 
samba problem or a file system thing?

On Tuesday 20 April 2010 03:41:57 grant little wrote:
> I had that problem with samba 3.4.X on ubuntu 9.10,  the only way I could
> get it to work was to use 777 folder permissions as you describe. The fix
> for me was to go to samba 3.5.X which fixed that and several other problems
> like not being able to login to samba from OS X.
>  Tried the same on a CENTOS 5.4 install as well and it works for SAMBA
> 3.0.33 with 770 folder permissions. Maybe a samba upgrade might fix what
> ails you but be careful what you upgrade to...
> 
> On Sun, Apr 18, 2010 at 10:19 PM, David van Laatum 
<david at vanlaatum.id.au>wrote:
> > This has been bugging me for years but never got around to spending a lot
> > of time on it until I now want/need to use it for work stuff.
> >
> > Problem is simple I get access denied when trying to create a file in a
> > directory that is not owned by me or my primary group that doesn't have
> > world writable permissions. Ive also had similar issues with NFS mounts
> > where I can't move/create/delete files via
> > nfs but works fine if I do it on the local machine even though I am the
> > same user in the same groups. All relevant info I can think of follows
> > let me know if anything else is needed. Spent all morning looking for an
> > answer but only found hints of similar but not
> > applicable problems.
> >
> > [14:14:36 root at adl-nas-01 filestore]# smbd -V
> > Version 3.2.5
> > [14:28:42 root at adl-nas-01 filestore]# uname -a
> > Linux adl-nas-01 2.6.26-2-amd64 #1 SMP Tue Mar 9 22:29:32 UTC 2010 x86_64
> > GNU/Linux
> > [14:28:42 root at adl-nas-01 filestore]# cat /etc/debian_version
> > 5.0.4
> >
> > [global]
> >   security = ads
> >   workgroup = VALEX
> >   server string = File Store
> >   realm = VALEX.LOCAL
> >   password server = ldap.valex.local
> >   wins server = 172.16.0.150
> >   dns proxy = no
> >   log file = /var/log/samba/log.%m
> >   max log size = 100
> >   log level = 3
> >   syslog = 1
> >   panic action = /usr/share/samba/panic-action %d
> >   encrypt passwords = yes
> >   printing = bsd
> >   printcap name = /etc/printcap
> >   idmap backend = ad
> >   passdb backend = tdbsam
> >   idmap uid = 100-90000
> >   idmap gid = 100-900000
> >   winbind cache time = 300
> >   winbind nss info = rfc2307
> >   winbind enum groups = yes
> >   winbind enum users = yes
> >   winbind use default domain = yes
> >   winbind separator = /
> >   winbind nested groups = yes
> >   template homedir = /home/%U/homedir
> >   template shell = /bin/bash
> >   debug uid = yes
> >
> > [Accounts]
> >  comment = Accounts Stuff
> >  path = /filestore/accounts
> >  guest ok = no
> >  browseable = yes
> > ;  valid users = @VALEX/vxAccounts @VALEX/vxSystems
> >  create mask = 0660
> >  directory mask = 0770
> >  fstype = EXT3
> > ;  force group = + at VALEX/vxAccounts
> >
> > [14:32:58 root at adl-nas-01 filestore]# id dvanlaatum
> > uid=10440(dvanlaatum) gid=20000(vxsystems)
> > groups=20000(vxsystems),20002(domain admins),20003(domain
> > users),20001(vxallusers),5006(BUILTIN/administrators),5007(BUILTIN/users)
> >
> > [14:35:02 root at adl-nas-01 filestore]# ls -ald /filestore/accounts/
> > drwxrwxr-x 3 root vxallusers 4096 2010-04-19 11:32 /filestore/accounts/
> >
> > [14:37:54 david at L00018 ~]# smbclient -U dvanlaatum //adl-nas-01/Accounts
> > Password:
> > Domain=[VALEX] OS=[Unix] Server=[Samba 3.2.5]
> > smb: \> mkdir test
> > NT_STATUS_MEDIA_WRITE_PROTECTED making remote directory \test
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list