Roger Crom
2005-Feb-15 23:00 UTC
[Samba] Domain Users Group Effective Permissions on Workstation files after upgrade from 3.0.4 to 3.0.11
I have had a running 3.0.4 server running for quite some time with no problem. I built a new server with Fedora core 3 & ending up with SAMBA 3.0.11 running. Workstation running windows xp pro with sp2 applied Things are generally ok, but I am finding that group permissions at the workstation are not being carried to the user, specifically for Domain Users. Domain Admins appear to be progating properly users/group authentication is through NIS with local smbpasswd file Group is the primary group for user NO LDAP involved file permissions on the samba server appear to be working just fine The only problem is effective permissions at the directory level on the local workstation Example: directory has permssions assigned of full control to "Domain Users" A user tammy is in unix group CCC which is mapped to "Domain Users" net groupmap list : System Operators (S-1-5-32-549) -> -1 Replicators (S-1-5-32-552) -> -1 Guests (S-1-5-32-546) -> -1 Domain Admins (S-1-5-21-892218768-3045639999-384985677-512) -> systems Power Users (S-1-5-32-547) -> -1 Print Operators (S-1-5-32-550) -> -1 Administrators (S-1-5-32-544) -> -1 Print Operators (S-1-5-21-892218768-3045639999-384985677-550) -> CCC Domain Users (S-1-5-21-892218768-3045639999-384985677-513) -> CCC Account Operators (S-1-5-32-548) -> -1 Domain Guests (S-1-5-21-892218768-3045639999-384985677-514) -> nobody Backup Operators (S-1-5-32-551) -> -1 Users (S-1-5-32-545) -> CCC when we check effective permissions at the xp workstation user is not being assigned the permissions associated with "Domain Users" smb.conf file follows: print from testparm -s [global] workgroup = CCCDISTRICT server string = Freelog interfaces = 172.16.1.16/24 update encrypted = Yes null passwords = Yes passwd program = /usr/bin/passwd %u passwd chat = *password* %n\n *password* %n\n * unix password sync = Yes log level = 9 log file = /var/log/samba/log.%m max log size = 500 name resolve order = host wins bcast socket options = TCP_NODELAY SO_RCVBUF=8192 IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 logon script = scripts\%U.bat logon path logon drive = g: logon home = \\%L\%U domain logons = Yes os level = 255 preferred master = Yes domain master = Yes wins proxy = Yes wins support = Yes ldap ssl = no invalid users = bin, daemon, adm, sync, shutdown, halt, mail, news admin users = crom hosts allow = 172.16.1.0/24, 127.0.0.1[homes] comment = Home Directory path = /shares/users/%u force group = users read only = No create mask = 0700 directory mask = 0700 default case = upper browseable = No hosts deny = all profile acls = Yes preserve case = No short preserve case = No [Software] comment = Software path = /shares/software valid users = @CCC write list = @CCC force group = CCC read only = No create mask = 0770 directory mask = 0770 default case = upper [netlogon] comment = Network Logon Service path = /shares/netlogon browseable = No locking = No share modes = No [profile] path = /shares/profile read only = No create mask = 0600 directory mask = 0700 csc policy = disable [accounting] comment = Printer in Steve White's Office path = /tmp printer admin = @CCC printable = Yes More printer shares below Any questions help would be greatly appreciated -- Roger A. Crom Director of Systems Custom Computing Corporation (402) 341-2197
Apparently Analagous Threads
- Samba 3.0.2a printing to Laserjet5 from access 2002 or higher
- Samba-2.07pre2 still crashes under Linux and HP-UX
- 3.0.11 + idealx 0.8.7 joining workstation to domain not working -see why
- nexthop: free service to pstn via fwd/iaxtel
- Porting PDC 3.0.4 to 3.0.11 on different Hardware