[Samba] access rights for unix groups unreliable
Klaus Hartnegg
hartnegg at gmx.de
Tue Jun 24 07:35:01 MDT 2014
Hello,
Please help me with this.
Access rights granted with acl to unix groups work only
on about 2 out of 10 logins, otherwise I get access denied.
Directories with rights granted to everybody are always accessible.
Rights were granted from within Windows 7 to a unix-group named "g_all".
Samba is 4.1.6 of Ubuntu 14.04
Output of testparm:
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
[global]
workgroup = AAA
server string = BBB
server role = classic primary domain controller
map to guest = Bad User
obey pam restrictions = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
unix password sync = Yes
lanman auth = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
load printers = No
printcap name = /dev/null
disable spoolss = Yes
show add printer wizard = No
mangle prefix = 5
add machine script = /usr/sbin/useradd -g machines -c "%u machine
account" -d /var/lib/samba -s /bin/false %u
logon script = logon.cmd
logon path =
logon drive = H:
logon home = \\%L\S\usr\%U
domain logons = Yes
dns proxy = No
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
recycle:maxsixe = 0
recycle:versions = Yes
recycle:touch = Yes
recycle:keeptree = Yes
recycle:repository = .recyclebin
idmap config * : backend = tdb
inherit permissions = Yes
inherit acls = Yes
map acl inherit = Yes
printing = bsd
print command = lpr -r -P'%p' %s
lpq command = lpq -P'%p'
lprm command = lprm -P'%p' %j
case sensitive = No
short preserve case = No
delete veto files = Yes
map archive = No
map readonly = no
store dos attributes = Yes
strict locking = Yes
fstype = Samba
vfs objects = acl_xattr
[netlogon]
comment = Network Logon Service
path = /srv/samba/netlogon
guest ok = Yes
[G]
path = /srv/samba/files/G
valid users = +g_all, admin, guest
admin users = admin
read only = No
veto files = /.rights/
vfs objects = recycle, acl_xattr
[S]
path = /srv/samba/files/S
valid users = +g_all, admin, guest
admin users = admin
read only = No
veto files = /.rights/
vfs objects = recycle, acl_xattr
More information about the samba
mailing list