[Samba] Strange behaviour with "force user" parameter
Bruno MACADRÉ
bruno.macadre at univ-rouen.fr
Tue Aug 12 07:11:41 MDT 2014
Le 12/08/2014 15:07, steve a écrit :
> On Tue, 2014-08-12 at 14:58 +0200, Bruno MACADRÉ wrote:
>> Hi,
>>
>> I'm in trouble with a share, I found that the problem comes from the
>> "force user" parameter in my smb.conf.
>>
>> This is my smb.conf :
>> [global]
>> netbios name = filserv
>> workgroup = SAMDOM
>> security = ADS
>> realm = SAMDOM.FR
>> encrypt passwords = yes
>>
>> log level = 8
>> log file = /var/log/samba/log.%m
>>
>> idmap config *:backend = tdb
>> idmap config *:range = 70000-80000
>> idmap config DPTINFO:backend = ad
>> idmap config DPTINFO:schema = rfc2307
>> idmap config DPTINFO:range = 10000-60000
>>
>> winbind nss info = rfc2307
>> winbind trusted domains only = no
>> winbind use default domain = yes
>> winbind enum users = yes
>> winbind enum groups = yes
>>
>> # Tunning
>> strict locking = No
>> strict sync = No
>> sync always = No
>> socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
>> SO_RCVBUF=8192 SO_SNDBUF=8192
>> lanman auth = No
>> lm announce = No
>>
>> kernel oplocks = yes
>> read raw = yes
>> write raw = yes
>>
>> max xmit = 65535
>> dead time = 15
>> getwd cache = yes
>>
>> invalid users = root
>>
>> case sensitive = yes
>>
>> [Admins]
>> comment = Admins Share
>> path = /Shares/Admins
>> force user = administrator
>> force group = "domain admins"
>> read only = no
>> valid users = +"domain admins"
>> create mask = 0640
>> directory mask = 0750
>> oplocks = Yes
>>
>>
>> On my workstation, logged with root user, I do : "mount -t cifs -o
>> user=administrator //filserv/Admins foo" the mount works.
>>
>> I do an 'ls -l foo' :
>> total 4
>> drwxr-x--- 5 10500 50512 0 août 12 14:32 .
>> drwx------ 5 root root 4096 août 4 09:18 ..
>> drwxr-x--- 4 10500 50512 0 août 12 14:33 Linux
>> drwxr-x--- 6 10500 50512 0 août 7 17:27 Windows
>>
>> Where 10500 is the UID of user administrator and 50512 is the GID of
>> group "Domain Admins".
>>
>> I enter into 'foo' and do 'touch bar' I get a "Permission Denied"....
>>
>> If I comment the "force group" parameter (and restart smbd) :
>>
>> 'touch bar' => works
>> 'ls -al':
>> total 4
>> drwxr-x--- 5 10500 50512 0 août 12 14:45 ./
>> drwx------ 5 root root 4096 août 4 09:18 ../
>> -rw-r----- 1 10500 50512 0 août 12 14:45 bar
>> drwxr-x--- 4 10500 50512 0 août 12 14:33 Linux/
>> drwxr-x--- 6 10500 50512 0 août 7 17:27 Windows/
>>
>> The file bar is here with good permissions, owner and groups.... and is
>> editable
>>
>> If I uncomment again the 'force user' parameter (and restart samba), if
>> I want to remove file, I get a "Permission Denied"
>>
>> I don't understand.... In my memories this parameter worked in 4.1.9....
> Hi
> So you've not started winbind? What does /etc/nsswitch.conf have and
> what is the output of getfacl /Shares/Admins
>
>
Yes winbind works on server but not on the client ('cause the client
will never be a domain member)
And the 'getfacl Shares/Admins' returns :
# file: Shares/Admins/
# owner: administrator
# group: domain\040admins
user::rwx
group::r-x
other::---
--
Bruno MACADRE
-------------------------------------------------------------------
Ingénieur Systèmes et Réseau | Systems and Network Engineer
Département Informatique | Department of computer science
Responsable Info SER | SER IT Manager
Université de Rouen | University of Rouen
-------------------------------------------------------------------
Coordonnées / Contact :
Université de Rouen
Faculté des Sciences et Techniques - Madrillet
Avenue de l'Université
CS 70012
76801 St Etienne du Rouvray CEDEX
FRANCE
Tél : +33 (0)2-32-95-51-86
Mob : +33 (0)6-74-71-45-64
-------------------------------------------------------------------
More information about the samba
mailing list