I need help understanding what is happening and trouble shooting.
I have two servers running Samba 2.3.3, one as a Domain Controller one
as a Member Server. Both are running Ubuntu 8.10. smbd, nmbd and
winbindd using the tdb back end are running on both.
I have two shares on the member server and as far as I can tell they are
identical. [Projects] works as expected but [Windows] always asks for a
login name even though the smb.conf entries for both are are the same.
If I comment out the "force group" in [Windows] users can access the
share but there are errors writing and creating files. If I create a new
share it acts as the [Windows] share.
Here are the share definitions and a list of the files in the directory;
[Projects]
Comment = Project Files
path = /files/Lucretia/Projects
writeable = yes
browseable = yes
create mask = 0764
directory mask = 0775
force group = "ATLANTA\domain users"
[Windows]
comment = Atlanta Windows Files
path = /files/Lucretia/Windows
browseable = yes
writeable = yes
create mask = 0764
directory mask = 0775
force group = "ATLANTA\domain users"
root at louise:/files/Lucretia# ls -l
total 66
drwxrwsr-x 2 root 10001 48 2008-07-17 03:17 Arris
-rw-r-Sr-- 1 root 10001 5952 2008-07-17 04:25 list
drwxrwsr-x 74 ATLANTA\rob 10001 17040 2009-12-17 15:25 Office
drwxrwsr-x 67 rob 10001 14456 1969-12-31 19:00 Office.orig
drwxrwsr-x 51 ATLANTA\trish 10001 4528 2010-01-14 14:26 Projects
drwxrwsr-x 8 ATLANTA\rob 10001 400 2009-07-10 15:52 Sigma
drwxrwsr-x 6 rob 10001 304 2008-07-17 02:50 Sigma.old
drwxrwsr-x 314 ATLANTA\trish 10001 24280 2010-01-13 09:49 Windows
Testparm shows no problems although it does rearrange the share
definitions somewhat.
The problem must be in windows permissions but I don't know how to check
them, especially since I have only ssh access because the site is
remote. I have to rely on local users for testing.
How can I get a list of ATLANTA\domain admin group users?
How can I change the permissions?
--
Robert Steinmetz, AIA
Principal
Steinmetz & Associates
On 01/21/2010 3:08 PM, Robert Steinmetz AIA wrote:> I need help understanding what is happening and trouble shooting. > > I have two servers running Samba 2.3.3, one as a Domain Controller one > as a Member Server. Both are running Ubuntu 8.10. smbd, nmbd and > winbindd using the tdb back end are running on both. > > I have two shares on the member server and as far as I can tell they > are identical. [Projects] works as expected but [Windows] always asks > for a login name even though the smb.conf entries for both are are the > same. If I comment out the "force group" in [Windows] users can access > the share but there are errors writing and creating files. If I create > a new share it acts as the [Windows] share. > > Here are the share definitions and a list of the files in the directory; > > [Projects] > Comment = Project Files > path = /files/Lucretia/Projects > writeable = yes > browseable = yes > create mask = 0764 > directory mask = 0775 > force group = "ATLANTA\domain users" > > [Windows] > comment = Atlanta Windows Files > path = /files/Lucretia/Windows > browseable = yes > writeable = yes > create mask = 0764 > directory mask = 0775 > force group = "ATLANTA\domain users" > > > root at louise:/files/Lucretia# ls -l > total 66 > drwxrwsr-x 2 root 10001 48 2008-07-17 03:17 Arris > -rw-r-Sr-- 1 root 10001 5952 2008-07-17 04:25 list > drwxrwsr-x 74 ATLANTA\rob 10001 17040 2009-12-17 15:25 Office > drwxrwsr-x 67 rob 10001 14456 1969-12-31 19:00 Office.orig > drwxrwsr-x 51 ATLANTA\trish 10001 4528 2010-01-14 14:26 Projects > drwxrwsr-x 8 ATLANTA\rob 10001 400 2009-07-10 15:52 Sigma > drwxrwsr-x 6 rob 10001 304 2008-07-17 02:50 Sigma.old > drwxrwsr-x 314 ATLANTA\trish 10001 24280 2010-01-13 09:49 Windows > > Testparm shows no problems although it does rearrange the share > definitions somewhat. > > The problem must be in windows permissions but I don't know how to > check them, especially since I have only ssh access because the site > is remote. I have to rely on local users for testing. > > How can I get a list of ATLANTA\domain admin group users? > > How can I change the permissions?Any possibility of acl's, especially default acl's? getfacl /files/Lucretia/Projects getfacl /files/Lucretia/Windows
On 1/22/2010 4:23 PM, Dale Schroeder wrote:> On 01/22/2010 3:25 PM, Robert Steinmetz AIA wrote: >> Dale Schroeder wrote: >>> On 01/21/2010 3:08 PM, Robert Steinmetz AIA wrote: >>>> I need help understanding what is happening and trouble shooting. >>>> >>>> I have two servers running Samba 2.3.3, one as a Domain Controller >>>> one as a Member Server. Both are running Ubuntu 8.10. smbd, nmbd >>>> and winbindd using the tdb back end are running on both. >>>> >>>> I have two shares on the member server and as far as I can tell >>>> they are identical. [Projects] works as expected but [Windows] >>>> always asks for a login name even though the smb.conf entries for >>>> both are are the same. If I comment out the "force group" in >>>> [Windows] users can access the share but there are errors writing >>>> and creating files. If I create a new share it acts as the >>>> [Windows] share. >>>> >>>> Here are the share definitions and a list of the files in the >>>> directory; >>>> >>>> [Projects] >>>> Comment = Project Files >>>> path = /files/Lucretia/Projects >>>> writeable = yes >>>> browseable = yes >>>> create mask = 0764 >>>> directory mask = 0775 >>>> force group = "ATLANTA\domain users" >>>> >>>> [Windows] >>>> comment = Atlanta Windows Files >>>> path = /files/Lucretia/Windows >>>> browseable = yes >>>> writeable = yes >>>> create mask = 0764 >>>> directory mask = 0775 >>>> force group = "ATLANTA\domain users" >>>> >>>> >>>> root at louise:/files/Lucretia# ls -l >>>> total 66 >>>> drwxrwsr-x 2 root 10001 48 2008-07-17 03:17 Arris >>>> -rw-r-Sr-- 1 root 10001 5952 2008-07-17 04:25 list >>>> drwxrwsr-x 74 ATLANTA\rob 10001 17040 2009-12-17 15:25 Office >>>> drwxrwsr-x 67 rob 10001 14456 1969-12-31 19:00 Office.orig >>>> drwxrwsr-x 51 ATLANTA\trish 10001 4528 2010-01-14 14:26 Projects >>>> drwxrwsr-x 8 ATLANTA\rob 10001 400 2009-07-10 15:52 Sigma >>>> drwxrwsr-x 6 rob 10001 304 2008-07-17 02:50 Sigma.old >>>> drwxrws*r-x* 314 ATLANTA\trish 10001 24280 2010-01-13 09:49 Windows >>>> >>>> Testparm shows no problems although it does rearrange the share >>>> definitions somewhat. >>>> >>>> The problem must be in windows permissions but I don't know how to >>>> check them, especially since I have only ssh access because the >>>> site is remote. I have to rely on local users for testing. >>>> >>>> How can I get a list of ATLANTA\domain admin group users? >>>> >>>> How can I change the permissions? >>> >>> Any possibility of acl's, especially default acl's? >>> >>> getfacl /files/Lucretia/Projects >>> getfacl /files/Lucretia/Windows >>> >> Looks like not; >> >> root at louise:/etc/samba# getfacl /files/Lucretia/Projects >> getfacl: Removing leading '/' from absolute path names >> # file: files/Lucretia/Projects >> # owner: ATLANTA\134trish >> # group: 10001 >> user::rwx >> group::rwx >> other::r-x >> >> root at louise:/etc/samba# getfacl /files/Lucretia/Windows >> getfacl: Removing leading '/' from absolute path names >> # file: files/Lucretia/Windows >> # owner: ATLANTA\134trish >> # group: 10001 >> user::rwx >> group::rwx >> *other::rwx * > If it's not a typo, it is odd that ls and getfacl return different > results for "other" in the "Windows" share > ls = r-x > getfacl = rwx > > Even if it's not a typo, it makes no sense that the share with the > most permissions is the one that's inaccessible. > This is a strange one. > > Dale > >I apparently changed the permissions between the two listings it is rwx for other now when I list the files in the directory. drwxrwsrwx 290 ATLANTA\trish 10001 23576 2010-01-20 15:51 Windows -- *Robert Steinmetz, AIA* Principal *Steinmetz & Associates*