All, I am currently running Samba 3.0.2a on a RHEL3 server. I would like to use the extended file systems permissions through windows, but I haven't had much luck. Here is how I am set up.... My linux box is joined to my AD domain and appears to be functioning correctly. I also have winbind set up, and functioning, although I still have some tweaking to do, it is assigning user and group ids as I would expect it to. I can create a share ok via Samba or active directory users and computers with out a problem. However, once I create this share, and I mount it on a windows client, I can't do anything as far as setting or deligating permissions. When I look at the folder properties, it says the folder it owned by root on my linux server. It will not let me change the ownership to any other user. I get a error that says something to the effect that I don't have the rights to change the permissions. Has anyone had this issue, and do you know what I can do to get around this. I really don't want to go to a windows platform for my fileservices..... --John
I have had similar problems. I was able to set permissions on shares from Windows by adding: admin users = "DOMAIN_Domain Admins" to my smb.conf file. ( "_" is my Winbind separator character). The problem is that once they are set and the everyone group is removed, the users cannot connect to the share with kerberos authentication. (They can connect via ip address, which causes samba to use NTLM? authentication). I always get Access Denied. Setting logging to 10 I can see the authentication checks in the log, but the user sid captured does not match the user's actual sid so it doesn't match the sid in the acl. Hopefully you do not have the same problem. I have had this problem for over two weeks and haven't been able to solve it. Even on a totally clean install of everything in my lab including the W2K AD server and the Samba server. Steve Aden Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Opinions, conclusions and other information contained in this message that do not relate to official business shall be understood as neither given nor endorsed by ITS -----Original Message----- From: John Petro [mailto:jxpsys@rit.edu] Sent: Thursday, March 18, 2004 12:13 PM To: samba@lists.samba.org Subject: [Samba] Samba and Active Directory Permissions All, I am currently running Samba 3.0.2a on a RHEL3 server. I would like to use the extended file systems permissions through windows, but I haven't had much luck. Here is how I am set up.... My linux box is joined to my AD domain and appears to be functioning correctly. I also have winbind set up, and functioning, although I still have some tweaking to do, it is assigning user and group ids as I would expect it to. I can create a share ok via Samba or active directory users and computers with out a problem. However, once I create this share, and I mount it on a windows client, I can't do anything as far as setting or deligating permissions. When I look at the folder properties, it says the folder it owned by root on my linux server. It will not let me change the ownership to any other user. I get a error that says something to the effect that I don't have the rights to change the permissions. Has anyone had this issue, and do you know what I can do to get around this. I really don't want to go to a windows platform for my fileservices..... --John -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba _____________________________________________________ This message was content-scanned by IXC Shield Powered by GatewayDefender - BH08999c2f.00000001.mml
alaslavic@havertys.com
2004-Mar-18 19:15 UTC
[Samba] Samba and Active Directory Permissions
"John Petro" <jxpsys@rit.edu> wrote on 03/18/2004 12:13:08 PM:> All, > > I am currently running Samba 3.0.2a on a RHEL3 server. I would like > to use the extended file systems permissions through windows, but I > haven't had much luck. Here is how I am set up.... > > > > My linux box is joined to my AD domain and appears to be functioning > correctly. I also have winbind set up, and functioning, although I > still have some tweaking to do, it is assigning user and group ids as I > would expect it to. I can create a share ok via Samba or active > directory users and computers with out a problem. However, once I > create this share, and I mount it on a windows client, I can't do > anything as far as setting or deligating permissions. When I look at > the folder properties, it says the folder it owned by root on my linux > server. It will not let me change the ownership to any other user. I > get a error that says something to the effect that I don't have the > rights to change the permissions. >If the files and folders are owned by root, only root can change the ownership. One way around this is to add admin users = <your domain username or groupname> to your smb.conf for that share. This will give your user root permissions.> > > Has anyone had this issue, and do you know what I can do to get around > this. I really don't want to go to a windows platform for my > fileservices..... > > > > --John > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >
Yeah.... I tried that.. I get an error that says that it can't save permissions on the folder (or file) in this case. Any other ideas? --John -----Original Message----- From: alaslavic@havertys.com [mailto:alaslavic@havertys.com] Sent: Thursday, March 18, 2004 2:12 PM To: John Petro Cc: samba@lists.samba.org Subject: Re: [Samba] Samba and Active Directory Permissions "John Petro" <jxpsys@rit.edu> wrote on 03/18/2004 12:13:08 PM:> All, > > I am currently running Samba 3.0.2a on a RHEL3 server. I would like > to use the extended file systems permissions through windows, but I > haven't had much luck. Here is how I am set up.... > > > > My linux box is joined to my AD domain and appears to be functioning > correctly. I also have winbind set up, and functioning, although I > still have some tweaking to do, it is assigning user and group ids asI> would expect it to. I can create a share ok via Samba or active > directory users and computers with out a problem. However, once I > create this share, and I mount it on a windows client, I can't do > anything as far as setting or deligating permissions. When I look at > the folder properties, it says the folder it owned by root on my linux > server. It will not let me change the ownership to any other user. I > get a error that says something to the effect that I don't have the > rights to change the permissions. >If the files and folders are owned by root, only root can change the ownership. One way around this is to add admin users = <your domain username or groupname> to your smb.conf for that share. This will give your user root permissions.> > > Has anyone had this issue, and do you know what I can do to get around > this. I really don't want to go to a windows platform for my > fileservices..... > > > > --John > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >
daniel.jarboe@custserv.com
2004-Mar-18 20:54 UTC
[Samba] Samba and Active Directory Permissions
> > server. It will not let me change the ownership to any other user.I> > get a error that says something to the effect that I don't have the > > rights to change the permissions.Do you have ACL's enabled on the filesystem with the shared files? http://www.bluelightning.org/linux/samba_acl_howto/ ~ Daniel ----------------------------------------------------------------------- This message is the property of Time Inc. or its affiliates. It may be legally privileged and/or confidential and is intended only for the use of the addressee(s). No addressee should forward, print, copy, or otherwise reproduce this message in any manner that would allow it to be viewed by any individual not originally listed as a recipient. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized disclosure, dissemination, distribution, copying or the taking of any action in reliance on the information herein is strictly prohibited. If you have received this communication in error, please immediately notify the sender and delete this message. Thank you.
Thank you very much for your reply. I'm trying to change permissions on a folder underneath. Basically I create a folder in /acl and then I try to change permissions. I will try to have a local unix user to be admin and I'll post back if it's the answer. Once again thanks for your help Simone ----- Original Message ----- From: "John Petro" <jxpsys@rit.edu> To: "Simone" <simone72@email.it> Sent: Saturday, March 20, 2004 5:13 PM Subject: RE: [Samba] Samba and Active Directory Permissions RESOLUTION Are you setting the permissions on the /acl directory? Or a folder underneath. It sounds like a permission problem. I ended up having a local unix user be the "admin" user and so I haven't seen the same issue you are having. --John -----Original Message----- From: samba-bounces+jxpsys=rit.edu@lists.samba.org [mailto:samba-bounces+jxpsys=rit.edu@lists.samba.org] On Behalf Of Simone Sent: Saturday, March 20, 2004 7:07 AM To: samba@lists.samba.org Subject: Re: [Samba] Samba and Active Directory Permissions RESOLUTION Hi everyone. I'm running into the same problem. I've set up slackware 9.1 with kernel 2.6.4 to have acl support for ext3 (tried also to work with kernel 2.4.25 + patch acl), samba 3.0.2a. Joined the domain as a member and followed instructions in the acl howto. Samba is working and I can set up shares using winbind authentication, just fine. The problem is with acl if I try to set from a win2k box. I can change permissions only on files and not on folders, and only on the already present users (can't add or remove anyone). I've been testing many options (security mask, directory security mask, create mask/directory) and I have set admin users '@DOMAIN\Domain Admins' but still no success. Here's my share conf: [acl] path = /samba/acl the folder is owned by user simone that is part of the Domain Admin group valid users = DOMAIN\simone read only = no browseable = yes admin users = DOMAIN\simone create mask = 0770 directory mask = 0770 directory security mask = 0700 What am I missing? I can get into the share and create new folders, but when I try to change permissions I get error unable to save permissions. I've been searching through the last 6158 messages on the list and followed hints but unsuccessful. Any help would be greatly appreciated since I am lost at the moment. PS I have not created any local samba user, not even root, users are only from domain Thanks Simone ----- Original Message ----- From: "John Petro" <jxpsys@rit.edu> To: <samba@lists.samba.org> Sent: Friday, March 19, 2004 8:58 PM Subject: RE: [Samba] Samba and Active Directory Permissions RESOLUTION All, Thanks for the responses. There were two things I had to do to get this to work. The first thing was I had to change the readonly attribute in the smb.conf to NO. I also noticed that there was an error in my /etc/fstab so that the options were not read in for some reason. Once I fixed this and re-mounted the filesystem with the ACL option, I was able to do what I needed to do. Thanks again for all your responses. --John -----Original Message----- From: samba-bounces+jxpsys=rit.edu@lists.samba.org [mailto:samba-bounces+jxpsys=rit.edu@lists.samba.org] On Behalf Of John Petro Sent: Thursday, March 18, 2004 12:13 PM To: samba@lists.samba.org Subject: [Samba] Samba and Active Directory Permissions All, I am currently running Samba 3.0.2a on a RHEL3 server. I would like to use the extended file systems permissions through windows, but I haven't had much luck. Here is how I am set up.... My linux box is joined to my AD domain and appears to be functioning correctly. I also have winbind set up, and functioning, although I still have some tweaking to do, it is assigning user and group ids as I would expect it to. I can create a share ok via Samba or active directory users and computers with out a problem. However, once I create this share, and I mount it on a windows client, I can't do anything as far as setting or deligating permissions. When I look at the folder properties, it says the folder it owned by root on my linux server. It will not let me change the ownership to any other user. I get a error that says something to the effect that I don't have the rights to change the permissions. Has anyone had this issue, and do you know what I can do to get around this. I really don't want to go to a windows platform for my fileservices..... --John -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.631 / Virus Database: 404 - Release Date: 18/03/2004 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba