Hi,
Let's try during US office hours. ;-)
I'm sorry to nearly spam you all with this but I can't imagine I'm
the only one
having the problem. I use the simplest config: standalone server, no domain,
no AD, no ldap, no winbindd. You'll find hereafter my two previous
unanswered mails describing the problem. Please help.
Regards,
Pierre
On 28 Jun 2005 at 17:35, Pierre Dehaen wrote:> Hi,
>
> After three days of googling, searching in this list, reading parts of the
> pdf, and testing, I surrender: please help !
>
> Summary:
> I'm running 3.0.10a (binary from www.sunfreeware.com) on Solaris
> 2.6 in standalone mode (security=user). I use ACLs on files. I cannot,
> from windows (w2k, wxp pro), add a user to the permissions of a file.
>
>
> Details:
> - The binary was compiled --with-acl-support as "smbd -b|grep
ACL"
> and the sunfreeware site confirm.
>
> - Solaris UFS supports ACLs.
>
> - I don't use winbindd
>
> - This is my smb.conf:
> [global]
> workgroup = UNIX
> server string = Samba Server 3.0
> interfaces = x.x.x.x
> map to guest = Bad User
> username map = /usr/local/samba/private/users.map
> log level = 4
> log file = /usr/local/samba/var/log.%m
> max log size = 500
> deadtime = 30
> keepalive = 0
> dns proxy = No
> ldap ssl = no
> idmap uid = 10000-20000
> idmap gid = 10000-20000
>
> - The users.map did not exist at the beginning, but, as the PDF
> examples have one, I created it with:
> root = Administrator
>
> - My users do exist on Solaris and are the same as the Windows users.
>
> - The users were added on Samba with smbpasswd -a.
>
> - My groups are mapped:
> # net groupmap list | sort
> Account Operators (S-1-5-32-548) -> -1
> Administrators (S-1-5-32-544) -> -1
> Backup Operators (S-1-5-32-551) -> -1
> Domain Admins (S-1-5-21-3464024308-2102256894-3995807409-512) ->
root
> Domain Guests (S-1-5-21-3464024308-2102256894-3995807409-514) ->
nobody
> Domain Users (S-1-5-21-3464024308-2102256894-3995807409-513) ->
staff
> Engineer (S-1-5-21-3464024308-2102256894-3995807409-1305) ->
engineer
> Guests (S-1-5-32-546) -> -1
> Inter (S-1-5-21-3464024308-2102256894-3995807409-1323) -> inter
> Power Users (S-1-5-32-547) -> -1
> Print Operators (S-1-5-32-550) -> -1
> Replicators (S-1-5-32-552) -> -1
> System Operators (S-1-5-32-549) -> -1
> Users (S-1-5-32-545) -> -1
>
> - A share is defined:
> [home1]
> path = /export/home1
> read only = No
> guest ok = Yes
>
> - A file is created on the share:
> # touch /export/home1/test
> # chown vincent:engineer /export/home1/test
> # ls -l /export/home1/test
> -rw-rw-r-- 1 vincent engineer 0 Jun 28 15:50
/export/home1/test
>
> - From Windows 2K, when I right-click properties, Security, I can see
> the current permissions:
> Engineer (SERVER_NAME\Engineer)
> Everyone
> Vincent Xxxxx (SERVER_NAME\Vincent)
>
> - Clicking on Advanced shows the permissions (respectively Special,
> Read, Special). Click Cancel to come back to the Security tab.
>
> - But when I click on Add, I receive a window saying "You are logged
> with an account that does not have access to: SERVER_NAME. Enter
> the name and password of an account with permissions for this
> domain and click ok."
>
> - The equivalent test on WinNT4 (Properties, Security, Permissions,
> Add, Show users works, Click on a user, Add, Read, Ok) works very
> well: an acl is created on the file.
>
>
> What's going on ??? I raised the debug level to 3, 4, even 10 but I
can't
> catch anything useful (to me).
>
> TIA for any help,
> Pierre
>
>
> I hope this is not too long but a level 4 log gives (at the moment I click
> on the Add button):
> [2005/06/28 16:16:02, 3] smbd/process.c:process_smb(1091)
> Transaction 2072 of length 88
> [cut - see original message of June 28th for details]
On 29 Jun 2005 at 10:49, Pierre Dehaen wrote:> Hi again,
>
> FYI here are some links talking about the same problem (but no answer):
> <http://lists.samba.org/archive/samba/2003-October/075334.html>
> <http://lists.samba.org/archive/samba/2003-November/002488.html>
> <http://www.mcse.ms/message436146.html>
>
> Note that on WinNT4 I can partially add permissions to a file: I see the
users
> when I click on "Show users" and I can use them but I cannot see
the groups
> that are available on the Samba server.
>
> Note also that I see exactly the same when I try to connect a W2K to
another
> W2K (both standalone computers): although I'm connected to the share
with
> a username of the server, from the client I cannot change the permissions
on
> any file of the server !!!
>
> So I have a basic question now: Is it simply possible, from a W2K/XP, to
> change the permissions of a file on a share of a standalone server, i.e.
> without both computers being member of a domain ? I can see a possible
> commercial reason (from who you know) for this not being allowed, but is
> there also a technical reason ? Note that some of the above links show the
> same behavior within a domain... so I'm lost.
>
> Thanks for any help,
> Pierre
>
