X-Dimension
2013-Oct-14 12:57 UTC
[Samba] File permission problems after update from Samba 4 alpha 17 to Samba 4.0.5
We had used Samba alpha 17 (included in Resara Server 1.2) for a long time and has now migrate it to Samba 4.0.5 (Ubuntu + Zentyal 3.0 PPA) with NTVFS enabled . Most things seems to work: DNS with Bind9_DLZ, domain join, user login and also GPO are still working fine :) But we have trouble with file permissions now! All domain users can't rename or delete their own files which they had created with Samba 4 alpha 17 before. It looks like they only had 'read only' access to their files. For example when the user peter at mydomain wants to rename/delete a file he had created before, then he gets an error message like "only peter at mydomain can rename this file" or "file is locked by peter at mydomain". Our global section of /etc/samba/smb.conf looks like this: -- [global] interfaces = eth0 workgroup = MYDOMAIN realm = mydomain.lan netbios name = PDC server string = PDC server role = active directory domain controller passdb backend = samba4 server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate, smb dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6, backupkey, dnsserver, winreg, srvsvc -- Because Samba 4 alpha 17 was using NTVFS, i thought it is the best idea to stay on NTVFS even on Samba 4.0.5. But it looks, like i was wrong. Thanks for any ideas that helps us to fix our permission problem.
X-Dimension
2013-Oct-16 20:52 UTC
[Samba] File permission problems after update from Samba 4 alpha 17 to Samba 4.0.5
Hi Jef! I have set xattr and acl in /etc/fstab since Samba4 alpha 17. When i set all permissions to 0777 and also directory mask = 0777 and create mask = 0777 for all shares in /etc/smb.conf i get this behavior: 1. Login as administrator - create a folder "test" - create a file "text.txt" in the folder "test" 2. Login as user - rename or delete the file "text.txt" works fine now! :) - rename or delete the folder "test" still don't work :-( getfacl shows: getfacl Test/ # file: Test/ # owner: root # group: users user::rwx group::rwx other::rwx On the Windows side the group "Domain Users" has full access to the folder "Test". Any other ideas, to fix my ACL problem? Am 15.10.2013 00:10, schrieb jef peeraer:> i am also using samba 4.x.x with NTVFS, and experienced the same > problems. Solved it with setting all directory permissions to 0777, > and also > > directory mask = 0777 > create mask = 0777 > > I know it looks terrible, but it works. NTVFS still has a lot of > mysteries for me and doesn't get a lot of attention in the newsgroup.... > I suppose you already enabled xattr and acl in the file system. > > Jef Peeraer > > Op 10/14/2013 02:57 PM, X-Dimension schreef: >> We had used Samba alpha 17 (included in Resara Server 1.2) for a long >> time and >> has now migrate it to Samba 4.0.5 (Ubuntu + Zentyal 3.0 PPA) with NTVFS >> enabled . >> >> Most things seems to work: DNS with Bind9_DLZ, domain join, user login >> and also GPO are still working fine :) >> But we have trouble with file permissions now! >> All domain users can't rename or delete their own files which they had >> created with Samba 4 alpha 17 before. >> It looks like they only had 'read only' access to their files. >> For example when the user peter at mydomain wants to rename/delete a file >> he had created before, then he >> gets an error message like "only peter at mydomain can rename this file" or >> "file is locked by peter at mydomain". >> >> Our global section of /etc/samba/smb.conf looks like this: >> -- >> [global] >> interfaces = eth0 >> workgroup = MYDOMAIN >> realm = mydomain.lan >> netbios name = PDC >> server string = PDC >> server role = active directory domain controller >> passdb backend = samba4 >> server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl, >> winbind, ntp_signd, kcc, dnsupdate, smb >> dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr, >> netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, >> eventlog6, backupkey, dnsserver, winreg, srvsvc >> -- >> Because Samba 4 alpha 17 was using NTVFS, i thought it is the best idea >> to stay on NTVFS even on Samba 4.0.5. >> But it looks, like i was wrong. >> >> Thanks for any ideas that helps us to fix our permission problem. >>