This is worse than I thought!
Another user has now complained to me that he does not have rights to
something he should have rights to!
I have a printer shared out, to use it you must be in the DOMAIN+ColorPrint_
group. He is a member, and yet it won't let him even access it to install
it! An authentication box pops up asking for username and passwd.
[phaser8400]
path = /var/spool/samba
valid users = @Domain+ColorPrint_
printable = Yes
printer name = phaser8400
browseable = No
root preexec = echo Connect :%T U.G=%U.%G u.g=%u.%g
>> /root/.info/p8400.log
root postexec = echo Disconnect:%T U.G=%U.%G u.g=%u.%g
>> /root/.info/p8400.log
printer admin = @"DOMAIN+Domain Admins"
Nothing has changed... I haven't messed with any of the configuration
files
or added any new software. This just started happening spontaneously it
seems.
my wbinfo -t/-u/-g all look good.
Is the tdb corrupted or something? What can I do to fix this?
Chris
On Thursday 09 September 2004 02:29 pm, Chris wrote:> Hello.
>
> I am running samba 3.0.5 in an ADS environment. I have a win2k3 server as
> the DC and my samba machine (running on Gentoo Linux) is a member of that
> domain. I am using winbind.
>
> I have three users, for this example I will call them Larry, Curly and Moe.
> All three have RW access to a share on the server called
"stooges". The
> linux perms on this directory look like this:
>
> drwxrwx--- root DOMAIN+stooges_ stooges
>
> There are other users who are members of the DOMAIN+stooges group, but
> these three are in charge and need access to a more restricted subdirectory
> of stooges. So I made a stooges_CIA directory under the stooges share.
>
> Its linux perms look like this:
>
> drwxrwx--- root DOMAIN+stooges_CIA_ stooges_CIA
>
> Larry, Curly and Moe are all members of both the DOMAIN+stooges_CIA_ (only
> those three) and the DOMAIN+stooges_ groups (those 3 plus other users in
> the dept).
>
> Now here is the strange part:
>
> Larry and curly can access everything in the share stooges and the
> subdirectory stooges_CIA. Moe, can access everyting in the stooges share
> but NOT anything in the stooges_CIA subdir.
>
> This makes absolutely no sense to me! Moe is a group member of
> DOMAIN+stooges_CIA. He shows up thusly when I do a 'getent group'
or when
> I do a 'groups DOMAIN+moe'. Likewise, he shows up on the domain
controller
> as being part of that group. *BOTH* systems have him listed in that group
> -- but for some reason he has no access!
>
> He gets this error:
>
> "\\server\stooges\stooges_CIA is not accessible. You might not have
> permission to use this network resource. Contact the administrator of this
> server to find out if you have access permissions."
>
> What the heck is going on here?
>
> Thanks!
>
> Chris