[Samba] "force user" option with NT4 domain
Bowie Bailey
Bowie_Bailey at BUC.com
Fri Oct 17 13:15:13 MDT 2014
On 10/17/2014 3:07 PM, Rowland Penny wrote:
> On 17/10/14 19:51, Bowie Bailey wrote:
>> On 10/17/2014 2:39 PM, Rowland Penny wrote:
>>> On 17/10/14 19:32, Bowie Bailey wrote:
>>>> On 10/17/2014 2:25 PM, steve wrote:
>>>>> On 17/10/14 20:14, Bowie Bailey wrote:
>>>>>> On 10/17/2014 1:02 PM, steve wrote:
>>>>>>> On 17/10/14 18:20, Bowie Bailey wrote:
>>>>>>> it doesn't make them readable by
>>>>>>>> whichever user happens to connect unless I also change the
>>>>>>>> permissions
>>>>>>>> to 777.
>>>>>>> What is the acl on the share?
>>>>>> I have not intentionally set any acls.
>>>>>>
>>>>> Sorry mate. We can't guess.
>>>> Let me be a bit clearer. I have not set any acls on the files and I
>>>> do not know how to either set the acls or list them. If you give me
>>>> the command to show the acls, I'll take a look.
>>>>
>>>> Since I was the one who set up the original file share, there should
>>>> not be any acls unless they were created automatically in some way.
>>>>
>>> OK, make sure that you have the 'attr' package installed and then run
>>> 'getfacl /home/shares/public/public' , post the output of this command.
>> # getfacl /home/shares/public/public
>> getfacl: Removing leading '/' from absolute path names
>> # file: home/shares/public/public
>> # owner: pcguest
>> # group: pcguest
>> user::rwx
>> group::r-x
>> other::r-x
>>
>> I also created a brand new share as a test case with the exact same
>> results:
>>
>> [test]
>> path = /home/shares/test
>> public = yes
>> writeable = yes
>> browseable = yes
>> force user = pcguest
>>
>> # getfacl /home/shares/test
>> getfacl: Removing leading '/' from absolute path names
>> # file: home/shares/test
>> # owner: pcguest
>> # group: pcguest
>> user::rwx
>> group::rwx
>> other::rwx
>>
>> It doesn't seem to be related to file permissions. If the permissions
>> are wrong, I get "access denied". I only see the error about the
>> security ID structure when the I add the "force user" option to the
>> share.
>>
> Can you please post your smb.conf so that we can see what you are
> authenticating to and how.
I noticed that there were some fixes for "force user" problems in Samba
4.1.6. CentOS 7 is still providing 4.1.1. Could that be the issue? I
am investigating alternate sources for a newer package.
--
Bowie
More information about the samba
mailing list