Jonathan Adams
2009-Nov-02 12:56 UTC
[Samba] Windows clients connecting to Samba with OpenLDAP password backend
I am having real troubles with one of our servers. Background: We have been using samba in our company for more than 11 years now, since version 1.9.16 ... We run Sun Solaris on our servers. We used to run NIS+ as our password system, but due to it's almost impossibility to manage (basically only I knew how) we've moved to LDAP ... We have now decided to centralize all our Samba passwords into the LDAP. On the one machine configured to use LDAP for passwords we have a mysterious problem, If we access the machine via a Windows computer (XP, Vista, etc) we can create files and folders we can even rename and delete folders, but we cannot rename or delete files. If we access the machine via a Solaris or Linux machine using smbclient we can do everything. I originally wondered if it was due to the Sun compiled Samba 3.0.35 server that is installed, so i removed it and compiled in 3.4.2 with OpenLDAP support, but it has exactly the same issues. This problem does not occur on our other machines (that run ldap as their naming service in all but samba) ... I'm happy to show all relevant information and logs/debugs if necessary. I have seen some people talk about this before on the internet, but there doesn't appear to be any answer. Thanks in advance. Jon PS. Sorry for posting to more than one section (Posted to smb-clients as well)
Adam Tauno Williams
2009-Nov-02 13:38 UTC
[Samba] Windows clients connecting to Samba with OpenLDAP password backend
On Mon, 2009-11-02 at 12:56 +0000, Jonathan Adams wrote:> I am having real troubles with one of our servers. > Background: > We have been using samba in our company for more than 11 years now, since > version 1.9.16 ... > We run Sun Solaris on our servers. > We used to run NIS+ as our password system, but due to it's almost > impossibility to manage (basically only I knew how) we've moved to LDAP ... > We have now decided to centralize all our Samba passwords into the LDAP.Because LDAP is easier to manage! :) I've been an OpenLDAP admin for 10 + years... that really illustrates how horrible NIS was.> On the one machine configured to use LDAP for passwords we have a mysterious > problem, If we access the machine via a Windows computer (XP, Vista, etc) we > can create files and folders we can even rename and delete folders, but we > cannot rename or delete files.This sounds like a basic permissions problem. If NSS is working, and you've authenticated, it pretty much has to be a permissions problem.> If we access the machine via a Solaris or Linux machine using smbclient we > can do everything.Maybe those are invoking "unix extensions". I've got no clue how that specifically would effect permission handling.> I originally wondered if it was due to the Sun compiled Samba 3.0.35 server > that is installed, so i removed it and compiled in 3.4.2 with OpenLDAP > support, but it has exactly the same issues.Which even more strongly points to a permissions issue.> This problem does not occur on our other machines (that run ldap as their > naming service in all but samba) ...I'm not sure what this means.> I'm happy to show all relevant information and logs/debugs if > necessary > I have seen some people talk about this before on the internet, but there > doesn't appear to be any answer.
Jonathan Adams
2009-Nov-03 10:13 UTC
[Samba] Windows clients connecting to Samba with OpenLDAP password backend
I was wrong ... the issue in this case was caused 100% by the line "profile acls = Yes" in the global section rather than the profiles section, it had nothing to do with our OpenLDAP setup (thankfully), and nothing to do with the ZFS partitions/NFS partitions ... moving the "profile acl" line from the global to the profiles section fixed all the issues, on all versions. thanks, you have no idea how many days I've been staring at this thing :) Jon