Hi All,
I am with problem with the permissions of windows.
The samba is not getting the ACLs permissions. I compiled version 3.0.20, with
the following options:
./configure \
--prefix=/usr/local/samba \
--localstatedir=/var \
--with-configdir=/etc/samba \
--with-privatedir=/etc/samba \
--with-fhs \
--with-quotas \
--with-smbmount \
--enable-cups \
--with-pam \
--with-pam_smbpass \
--with-syslog \
--with-utmp \
--with-sambabook=/usr/local/samba/share/swat/using_samba \
--with-swatdir=/usr/local/samba/share/swat \
--with-shared-modules=idmap_rid \
--with-libsmbclient \
--with-acl-support \
--with-winbind \
--with-ads \
--with-krb5=/usr/kerberos
Below mine smb.conf:
[global]
workgroup = ECPNET
netbios name = PINHEIROS_BETA
# unix charset = iso8859-1
display charset = cp850
realm = ECP.ORG.BR
server string = Samba Server
security = ADS
auth methods = winbind
client schannel = No
password server = *
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *
passwd:*all*authentication*tokens*updated*successfully*
#username map = /usr/local/samba/etc/smbusers
password level = 8
username level = 8
log file = /var/log/samba/%m.log
log level = 3 auth:3 winbind:3
max log size = 50
nt acl support = Yes
domain admin group = admins
acl compatibility = win2k
acl map full control = yes
acl check permissions = no
acl group control = yes
inherit acls = Yes
profile acls = Yes
map acl inherit = Yes
name resolve order = host wins bcast
server signing = auto
client use spnego = Yes
socket options = TCP_NODELAY SO_RCVBUF=131072 SO_SNDBUF=131072
addprinter command = addprinter
deleteprinter command = delprinter
add machine script = /usr/sbin/useradd -d /dev/null -g 504 -c
local master = No
dns proxy = No
wins server = 10.0.0.5, 10.0.0.4
ldap ssl = no
add share command = /usr/local/samba/share/modify_samba_config.pl
change share command = /usr/local/samba/share/modify_samba_config.pl
delete share command = /usr/local/samba/share/modify_samba_config.pl
idmap uid = 10000-20000
idmap gid = 10000-20000
template homedir = /data/users/%U
template shell = /bin/ksh
winbind use default domain = Yes
admin users = corniani, administrator, henrique
read only = No
force unknown acl user = Yes
guest ok = Yes
[Teste1]
comment = Teste de ACL Linux
path = /data/teste
browseable = Yes
admin users = ECPNET\henrique
read only = No
With this configuration the users of the PDC (windows 2003) are authenticantion
way telnet without problem. However, the ACL do not function. They see the
exit with command getfacl teste.txt:
[root@redfree teste]# getfacl teste.txt
# file: teste.txt
# owner: root
# group: Domain Users
user::rwx
user:henrique:rw-
group::r--
mask::rw-
other::r--
The user henrique appears in linux, but he does not appear in windows. When I
try to add permissions through windows appears a message of "denied
access".
Somebody can help me
Lu?s Henrique
Departamento de Tecnologia
Esporte Clube Pinheiros
Tel: 55 11 3817 3071
henrique@ecp.org.br
Luis Henrique de Faria Guimar?es wrote:> With this configuration the users of the PDC (windows 2003) are authenticantion way telnet > without problem. However, the ACL do not function. They see the exit with command getfacl teste.txt: > > [root@redfree teste]# getfacl teste.txt > # file: teste.txt > # owner: root > # group: Domain Users > user::rwx > user:henrique:rw- > group::r-- > mask::rw- > other::r--Can you please describe what you expected to see here and why?> > The user henrique appears in linux, but he does not appear in windows.Then I'd say he's a linux user and not from AD via winbind right?> When I try to add permissions through windows appears a message of "denied access".If that is a "correct" result largely depends which user is logged in to the windows workstation. It would be helpful if you set samba to a moderate debug level, and provide the relevant logs generated when the desired operation(s) fail. hth Paul
On Thu, 2005-09-22 at 11:43 -0300, Luis Henrique de Faria Guimar?es wrote:> Hi All, > > I am with problem with the permissions of windows. > The samba is not getting the ACLs permissions. I compiled version > 3.0.20, with the following options: >[...] Well the first thin we need to know, is the filesystem that you are sharing via samba mounted with the acl option in the /etc/fstab? Here is what mine looks like and I get the ACLs just fine: /dev/datavg/examplelv /lf/db ext3 rw,suid,nodev,exec,auto,nouser,async,acl,errors=remount-ro 1 1 I guess, I could have done "defaults,acl,nodev" and be-equivalent... but hey I guess I am a bit retentive.> # file: teste.txt > # owner: root > # group: Domain Users > user::rwx > user:henrique:rw- > group::r-- > mask::rw- > other::r-- > > The user henrique appears in linux, but he does not appear in windows. > When I try to add permissions through windows appears a message of > "denied access". > Somebody can help meWell, as long as you have the filesystem mounted (assuming it is ext3 with acl support compiled in) with the ACLs turned on... then things should work. -- greg, greg@gregfolkert.net The technology that is Stronger, Better, Faster: Linux Use Debian GNU/Linux, its a bazaar thing. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20050922/d2b4bd1c/attachment.bin
I forgive me Paul, not wise person. Well, the samba was compiled with support ACL, look out command: [root@redfree source]# strings $(which smbd) | grep HAVE_POSIX_ACLS HAVE_POSIX_ACLS I didn't find no fail when I compiled the samba. I go to send for you my file configure.log Thanks, Lu?s Henrique Departamento de Tecnologia Esporte Clube Pinheiros Tel: 55 11 3817 3071 henrique@ecp.org.br <<warning.htm>>