Pawel Jaworski
2007-Dec-03 16:10 UTC
[Samba] How to make "Add permission" for folder in system with ntacl support? Part 2
Hello. Sorry I didn't post it under the "how to make..." email - I didn't received it - I only found it in archives. But I think we both mean the same. All this below regards samba on debian etch: 3.0.24-6etch4 I have a share on partition mounted with acl (options=acl,...). As you know I can locally on server add another ACL entries on files in that folder. When I connect with windows 2000 to that share there are some ACEs in there (all visible with username, not sid). 1) When I try to add another user It asks for username again and then says "The credentials supplied conflict with an existing set of credentials" and it doesn't show any users which I could add. I cannot also add any username I know. 2) When I try to add another user in Windows XP it simply asks me for username and then doesn't allow any username to be added to ACL (the same as in 2K) 3) When I run under linux net rpc users -Uusername - it shows me ALL users from server 4) Finally when I run windows on my other machine (where I never intended to use acls) which is debian sarge (samba 3.0.14a-3sarge) it ALL WORKS. I can add users, chose them from list (it was only tested under windows 2000) 5) I tried to install pure samba sarge on clean vm (with etch) and it also didn't work. It appears to me that windows somehow cannot get userlist from samba server, but I don't know why, because net rpc does it well. I also tried to copy whole smb.conf from that server where all is working - it didn't help. Many tries I've done with no result. Please - anybody has it configured? It would be my salvation (in terms of job and servers and administration also ;) )... It would solve half of my problems. Help meee! Pawel -- ------------------------------------------ Pawe? Jaworski administrator
Pawel Jaworski
2007-Dec-06 16:25 UTC
[Samba] Re: How to make "Add permission" for folder in system with ntacl support? Part 2
Pawel Jaworski pisze:> Hello. > > Sorry I didn't post it under the "how to make..." email - I didn't > received it - I only found it in archives. But I think we both mean the > same. > > All this below regards samba on debian etch: 3.0.24-6etch4 > > I have a share on partition mounted with acl (options=acl,...). As you > know I can locally on server add another ACL entries on files in that > folder. When I connect with windows 2000 to that share there are some > ACEs in there (all visible with username, not sid). > > 1) When I try to add another user It asks for username again and then > says "The credentials supplied conflict with an existing set of > credentials" and it doesn't show any users which I could add. I cannot > also add any username I know. > 2) When I try to add another user in Windows XP it simply asks me for > username and then doesn't allow any username to be added to ACL (the > same as in 2K) > 3) When I run under linux net rpc users -Uusername - it shows me ALL > users from server > 4) Finally when I run windows on my other machine (where I never > intended to use acls) which is debian sarge (samba 3.0.14a-3sarge) it > ALL WORKS. I can add users, chose them from list (it was only tested > under windows 2000) > 5) I tried to install pure samba sarge on clean vm (with etch) and it > also didn't work. > > It appears to me that windows somehow cannot get userlist from samba > server, but I don't know why, because net rpc does it well. I also tried > to copy whole smb.conf from that server where all is working - it didn't > help. Many tries I've done with no result. > > Please - anybody has it configured? It would be my salvation (in terms > of job and servers and administration also ;) )... It would solve half > of my problems. Help meee! > > Pawel >I've just read here: http://techxworld.com/community/blogs/features/archive/2007/05/21/acls-on-samba.aspx that samba can be somewhat problematic when it comes to standalone server, not connected to any domain - with fetching users list. But one my server alredy does it well. And in my work there is no possibility to connect the server to PDC because there is no PDC (we only have 2 windowses). Have anybody met such problem? Have anybody overcome it? Pawel Jaworski