Hi - We have been using a samba configuration file similar to that listed below for some years without issue. However when carrying it over to a new server running Samba 3.4.0 (-3ubuntu5.1), we started experiencing problems deleting files via Windows Explorer; attempts to do so are resulting in 'Access is denied'. Similarly, attempting to change the name of a file or directory is resulting in the same 'Access is denied' message. There are otherwise no problems reading, creating, or modifying files or directories. I found that removing the 'force user' parameter appears to resolve the issue. The only obvious difference that I saw while examining level 10 logs is that without 'force user' some of the file opens were shown as performed by 'DOMAIN+user0', whereas with 'force user' they are shown as being done by 'user0' (connections to the share are logged in through the domain user0 account). I also found that changing the unix permissions of the share directory from 755 to 775, while leaving 'force user' as is, resolved the issue. However neither of these workarounds is desirable for our current setup. If anyone has any ideas on how I might solve or further diagnose this problem, I would appreciate your input. # getfacl data # file: data # owner: user0 # group: domain\040users user::rwx group::r-x other::r-x [global] workgroup = DOMAIN server string = svr2 (Samba %v) hosts allow = 10. interfaces = eth0 lo bind interfaces only = yes log level = 10 log file = /var/log/samba/%m.log max log size = 5000 syslog = 0 security = ads passdb backend = tdbsam realm = DOMAIN.COM preferred master = no encrypt passwords = yes template shell = /bin/bash template homedir = /home/%U winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind nested groups = Yes winbind separator = + allow trusted domains = No idmap backend = rid:DOMAIN=1000-20000 idmap uid = 1000-21000 idmap gid = 1000-21000 [data] comment = data (p) path = /mnt/data case sensitive = no follow symlinks = yes wide links = no read only = yes force user = DOMAIN+user0 write list = DOMAIN+user0 DOMAIN+user1 DOMAIN+user2
On Fri, Nov 27, 2009 at 04:27:24AM -0700, Jim wrote:> Hi - We have been using a samba configuration file similar to that > listed below for some years without issue. However when carrying it over > to a new server running Samba 3.4.0 (-3ubuntu5.1), we started > experiencing problems deleting files via Windows Explorer; attempts to > do so are resulting in 'Access is denied'. Similarly, attempting to > change the name of a file or directory is resulting in the same 'Access > is denied' message. There are otherwise no problems reading, creating, > or modifying files or directories. > > I found that removing the 'force user' parameter appears to resolve the > issue. The only obvious difference that I saw while examining level 10 > logs is that without 'force user' some of the file opens were shown as > performed by 'DOMAIN+user0', whereas with 'force user' they are shown as > being done by 'user0' (connections to the share are logged in through > the domain user0 account). I also found that changing the unix > permissions of the share directory from 755 to 775, while leaving 'force > user' as is, resolved the issue. However neither of these workarounds is > desirable for our current setup. > > If anyone has any ideas on how I might solve or further diagnose this > problem, I would appreciate your input.Sounds like something we fixed in later versions of 3.4.x (we're now up to 3.4.3). I'd try the later version. Jeremy.
Seemingly Similar Threads
- admin users = user0 (how force admin permission?)
- [ win32utils-Bugs-2532 ] Etc::Admin.configure_group problem
- imap-login crashes after upgrade to Dovecot 1.2.8 Linux 64-bit
- Unable to reregister samba server with Primary Domain Controller
- dovecot-0.99.9-test2 probs