[Samba] "force user" option with NT4 domain
Rowland Penny
rowlandpenny at googlemail.com
Fri Oct 17 13:07:19 MDT 2014
On 17/10/14 19:51, Bowie Bailey wrote:
> On 10/17/2014 2:39 PM, Rowland Penny wrote:
>> On 17/10/14 19:32, Bowie Bailey wrote:
>>> On 10/17/2014 2:25 PM, steve wrote:
>>>> On 17/10/14 20:14, Bowie Bailey wrote:
>>>>> On 10/17/2014 1:02 PM, steve wrote:
>>>>>> On 17/10/14 18:20, Bowie Bailey wrote:
>>>>>> it doesn't make them readable by
>>>>>>> whichever user happens to connect unless I also change the
>>>>>>> permissions
>>>>>>> to 777.
>>>>>> What is the acl on the share?
>>>>> I have not intentionally set any acls.
>>>>>
>>>> Sorry mate. We can't guess.
>>> Let me be a bit clearer. I have not set any acls on the files and I
>>> do not know how to either set the acls or list them. If you give me
>>> the command to show the acls, I'll take a look.
>>>
>>> Since I was the one who set up the original file share, there should
>>> not be any acls unless they were created automatically in some way.
>>>
>> OK, make sure that you have the 'attr' package installed and then run
>> 'getfacl /home/shares/public/public' , post the output of this command.
>
> # getfacl /home/shares/public/public
> getfacl: Removing leading '/' from absolute path names
> # file: home/shares/public/public
> # owner: pcguest
> # group: pcguest
> user::rwx
> group::r-x
> other::r-x
>
> I also created a brand new share as a test case with the exact same
> results:
>
> [test]
> path = /home/shares/test
> public = yes
> writeable = yes
> browseable = yes
> force user = pcguest
>
> # getfacl /home/shares/test
> getfacl: Removing leading '/' from absolute path names
> # file: home/shares/test
> # owner: pcguest
> # group: pcguest
> user::rwx
> group::rwx
> other::rwx
>
> It doesn't seem to be related to file permissions. If the permissions
> are wrong, I get "access denied". I only see the error about the
> security ID structure when the I add the "force user" option to the
> share.
>
Can you please post your smb.conf so that we can see what you are
authenticating to and how.
Rowland
More information about the samba
mailing list