samba - Nov 2009 - Problem deleting/renaming files

Hi - We have been using a samba configuration file similar to that 
listed below for some years without issue. However when carrying it over 
to a new server running Samba 3.4.0 (-3ubuntu5.1), we started 
experiencing problems deleting files via Windows Explorer; attempts to 
do so are resulting in 'Access is denied'. Similarly, attempting to 
change the name of a file or directory is resulting in the same 'Access 
is denied' message. There are otherwise no problems reading, creating, 
or modifying files or directories.

I found that removing the 'force user' parameter appears to resolve the 
issue. The only obvious difference that I saw while examining level 10 
logs is that without 'force user' some of the file opens were shown as 
performed by 'DOMAIN+user0', whereas with 'force user' they are
shown as
being done by 'user0' (connections to the share are logged in through 
the domain user0 account). I also found that changing the unix 
permissions of the share directory from 755 to 775, while leaving 'force 
user' as is, resolved the issue. However neither of these workarounds is 
desirable for our current setup.

If anyone has any ideas on how I might solve or further diagnose this 
problem, I would appreciate your input.


# getfacl data
# file: data
# owner: user0
# group: domain\040users
user::rwx
group::r-x
other::r-x


[global]
   workgroup = DOMAIN
   server string = svr2 (Samba %v)

   hosts allow = 10.

   interfaces = eth0 lo
   bind interfaces only = yes

   log level = 10
   log file = /var/log/samba/%m.log
   max log size = 5000
   syslog = 0

   security = ads
   passdb backend = tdbsam
   realm = DOMAIN.COM

   preferred master = no

   encrypt passwords = yes

   template shell = /bin/bash
   template homedir = /home/%U

   winbind enum users = Yes
   winbind enum groups = Yes
   winbind use default domain = Yes
   winbind nested groups = Yes
   winbind separator = +

   allow trusted domains = No
   idmap backend = rid:DOMAIN=1000-20000
   idmap uid = 1000-21000
   idmap gid = 1000-21000

[data]
   comment = data (p)
   path = /mnt/data
   case sensitive = no
   follow symlinks = yes
   wide links = no
   read only = yes
   force user = DOMAIN+user0
   write list = DOMAIN+user0 DOMAIN+user1 DOMAIN+user2

On Fri, Nov 27, 2009 at 04:27:24AM -0700, Jim wrote:
> Hi - We have been using a samba configuration file similar to that  
> listed below for some years without issue. However when carrying it over  
> to a new server running Samba 3.4.0 (-3ubuntu5.1), we started  
> experiencing problems deleting files via Windows Explorer; attempts to  
> do so are resulting in 'Access is denied'. Similarly, attempting to
> change the name of a file or directory is resulting in the same 'Access
> is denied' message. There are otherwise no problems reading, creating,
> or modifying files or directories.
>
> I found that removing the 'force user' parameter appears to resolve
the
> issue. The only obvious difference that I saw while examining level 10  
> logs is that without 'force user' some of the file opens were shown
as
> performed by 'DOMAIN+user0', whereas with 'force user' they
are shown as
> being done by 'user0' (connections to the share are logged in
through
> the domain user0 account). I also found that changing the unix  
> permissions of the share directory from 755 to 775, while leaving
'force
> user' as is, resolved the issue. However neither of these workarounds
is
> desirable for our current setup.
>
> If anyone has any ideas on how I might solve or further diagnose this  
> problem, I would appreciate your input.
Sounds like something we fixed in later versions of 3.4.x (we're now
up to 3.4.3). I'd try the later version.

Jeremy.