Hi all Samba users, For some I've got a Samba server running with the following config: Debian Sarge 2.6.8 kernel Samba 3.0.21 with winbind and LDAP as ADS member server A W2K003 PDC Samba's data partition is ext3 + ACL I've migrated my users homedirs and profiledirs from W2K003 to Samba. These each user owns his own homedir and has rwx------ permissions This seems to be working excelent. Then I made a groupshare open for everyone. The directory it points to is closed for all domain users. No one can access this share. As I add domain-user tjaco with rwx by ACL (useing share-properties-security in windows or setfacl on linux) tjaco has instant access to the share. Now I add tjaco to group mygroup useing MMC (tjaco shows up as a groupmember of mygroup doing: getent group) I remove tjaco from the ACL and add mygroup with rwx to ACL Tjaco has NO access anymore As I add group 'domain users' (which tjaco is a member of) with rwx to ACL tjaco has access again. This keeps me baffeled for some weeks now. Furthermore I recall haveing read something about the importance of the SYSTEM group that should be added to the ACL but I don't understand how. SYSTEM is not a normal or builtin ADS group. Who can help? Thanks in advance, Tjaco
Is this an AD group? If so, what type? -----Original Message----- From: samba-bounces+ronald.trimble=unisys.com@lists.samba.org [mailto:samba-bounces+ronald.trimble=unisys.com@lists.samba.org] On Behalf Of Tjaco Mast Sent: Tuesday, March 28, 2006 10:57 AM To: samba@lists.samba.org Subject: [Samba] ACL on groups working half Hi all Samba users, For some I've got a Samba server running with the following config: Debian Sarge 2.6.8 kernel Samba 3.0.21 with winbind and LDAP as ADS member server A W2K003 PDC Samba's data partition is ext3 + ACL I've migrated my users homedirs and profiledirs from W2K003 to Samba. These each user owns his own homedir and has rwx------ permissions This seems to be working excelent. Then I made a groupshare open for everyone. The directory it points to is closed for all domain users. No one can access this share. As I add domain-user tjaco with rwx by ACL (useing share-properties-security in windows or setfacl on linux) tjaco has instant access to the share. Now I add tjaco to group mygroup useing MMC (tjaco shows up as a groupmember of mygroup doing: getent group) I remove tjaco from the ACL and add mygroup with rwx to ACL Tjaco has NO access anymore As I add group 'domain users' (which tjaco is a member of) with rwx to ACL tjaco has access again. This keeps me baffeled for some weeks now. Furthermore I recall haveing read something about the importance of the SYSTEM group that should be added to the ACL but I don't understand how. SYSTEM is not a normal or builtin ADS group. Who can help? Thanks in advance, Tjaco -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
>Is this an AD group? If so, what type?mygroup is a global group in this example: mygroup is kantoorautomatisering tjaco is mastt it shows up by getent group as: ARCRDM+kantoorautomatisering:x:10077:ARCRDM+mastt: reading the logs it seems to authenticate correctly but seems to bail out at: chdir [2006/03/29 12:34:30, 3] smbd/process.c:switch_message(886) switch message SMBtrans2 (pid 18809) conn 0x8380258 [2006/03/29 12:34:30, 0] smbd/service.c:set_current_service(51) chdir (/mnt/sdb1/data/shares/KantoorAutomatisering/) failed [2006/03/29 12:34:30, 3] smbd/error.c:error_packet(105) error string = Permission denied [2006/03/29 12:34:30, 3] smbd/error.c:error_packet(129) error packet at smbd/process.c(959) cmd=50 (SMBtrans2) NT_STATUS_NETWORK_ACCESS_DENIED