Hi list !
I have found someone having a similar problem back in 2007
(http://lists.samba.org/archive/samba/2007-April/131574.html), but as I
understand it, this problem is fixed for a long time now.
So basically, I am trying to give "Authenticated Users" some
permissions
on a folder in a samba share, but when I wheck back either with my
windows GUI or via getfacl, the permission has just been dismissed and
nothing ahas changed.
The serveur is running samba version 3.2.7 on OpenSuse 11.
Here is the result of testparm :
[global]
workgroup = dom
realm = dom.ext
server string = Samba Server
security = ADS
password server = pdc1.dom.ext pdc2.dom.ext
idmap uid = 1200-20000
idmap gid = 1200-20000
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind expand groups = 3
And for the share where the folder is stored :
[data]
comment = data
path = /srv/samba/data
valid users = "@LOCAL+Domain Users"
admin users = "@LOCAL+Domain Admins"
read only = no
browseable = no
map acl inherit = yes
inherit acls = yes
create mask = 0600
directory mask = 0700
store dos attributes = yes
csc policy = disable
What should I change to be able to attribute permissions to the
"Authenticated Users" group ?
Thanks a lot for your help !
Arnaud
Does the file system your working with support ACL? IS it set to use acls in the /etc/fstab? On 04/29/2011 06:24 AM, Arnaud Lesauvage wrote:> Hi list ! > > I have found someone having a similar problem back in 2007 > (http://lists.samba.org/archive/samba/2007-April/131574.html), but as I > understand it, this problem is fixed for a long time now. > > So basically, I am trying to give "Authenticated Users" some permissions > on a folder in a samba share, but when I wheck back either with my > windows GUI or via getfacl, the permission has just been dismissed and > nothing ahas changed. > > The serveur is running samba version 3.2.7 on OpenSuse 11. > > Here is the result of testparm : > [global] > workgroup = dom > realm = dom.ext > server string = Samba Server > security = ADS > password server = pdc1.dom.ext pdc2.dom.ext > idmap uid = 1200-20000 > idmap gid = 1200-20000 > winbind separator = + > winbind enum users = Yes > winbind enum groups = Yes > winbind use default domain = Yes > winbind expand groups = 3 > > And for the share where the folder is stored : > [data] > comment = data > path = /srv/samba/data > valid users = "@LOCAL+Domain Users" > admin users = "@LOCAL+Domain Admins" > read only = no > browseable = no > map acl inherit = yes > inherit acls = yes > create mask = 0600 > directory mask = 0700 > store dos attributes = yes > csc policy = disable > > What should I change to be able to attribute permissions to the > "Authenticated Users" group ? > > > Thanks a lot for your help ! > > Arnaud
Le 29/04/2011 14:45, Aaron E. a ?crit :> Does the file system your working with support ACL? IS it set to use > acls in the /etc/fstab?Hi Aaron, thanks for your answer. Yes, it is set to use ACL and usr_xattr. Both work well. But "Authenticated Users" seem to be not mappable to a gid.> On 04/29/2011 06:24 AM, Arnaud Lesauvage wrote: >> Hi list ! >> >> I have found someone having a similar problem back in 2007 >> (http://lists.samba.org/archive/samba/2007-April/131574.html), but as I >> understand it, this problem is fixed for a long time now. >> >> So basically, I am trying to give "Authenticated Users" some permissions >> on a folder in a samba share, but when I wheck back either with my >> windows GUI or via getfacl, the permission has just been dismissed and >> nothing ahas changed. >> >> The serveur is running samba version 3.2.7 on OpenSuse 11. >> >> Here is the result of testparm : >> [global] >> workgroup = dom >> realm = dom.ext >> server string = Samba Server >> security = ADS >> password server = pdc1.dom.ext pdc2.dom.ext >> idmap uid = 1200-20000 >> idmap gid = 1200-20000 >> winbind separator = + >> winbind enum users = Yes >> winbind enum groups = Yes >> winbind use default domain = Yes >> winbind expand groups = 3 >> >> And for the share where the folder is stored : >> [data] >> comment = data >> path = /srv/samba/data >> valid users = "@LOCAL+Domain Users" >> admin users = "@LOCAL+Domain Admins" >> read only = no >> browseable = no >> map acl inherit = yes >> inherit acls = yes >> create mask = 0600 >> directory mask = 0700 >> store dos attributes = yes >> csc policy = disable >> >> What should I change to be able to attribute permissions to the >> "Authenticated Users" group ? >> >> >> Thanks a lot for your help ! >> >> Arnaud >-- Arnaud Lesauvage IT Executive Codata Belgium SA 143-145, Avenue bourgmestre Jean Materne - 5100 Namur - Belgium Tel : +32 81 21 53 48 - Fax : +32 81 21 54 24 Mel : arnaud.lesauvage at codata.eu Web : http://www.codata.eu/
Le 29/04/2011 14:45, Aaron E. a ?crit :> Does the file system your working with support ACL? IS it set to use > acls in the /etc/fstab?Hi Aaron, thanks for your answer. Yes, it is set to use ACL and usr_xattr. Both work well. But "Authenticated Users" seem to be not mappable to a gid.> On 04/29/2011 06:24 AM, Arnaud Lesauvage wrote: >> Hi list ! >> >> I have found someone having a similar problem back in 2007 >> (http://lists.samba.org/archive/samba/2007-April/131574.html), but as I >> understand it, this problem is fixed for a long time now. >> >> So basically, I am trying to give "Authenticated Users" some permissions >> on a folder in a samba share, but when I wheck back either with my >> windows GUI or via getfacl, the permission has just been dismissed and >> nothing ahas changed. >> >> The serveur is running samba version 3.2.7 on OpenSuse 11. >> >> Here is the result of testparm : >> [global] >> workgroup = dom >> realm = dom.ext >> server string = Samba Server >> security = ADS >> password server = pdc1.dom.ext pdc2.dom.ext >> idmap uid = 1200-20000 >> idmap gid = 1200-20000 >> winbind separator = + >> winbind enum users = Yes >> winbind enum groups = Yes >> winbind use default domain = Yes >> winbind expand groups = 3 >> >> And for the share where the folder is stored : >> [data] >> comment = data >> path = /srv/samba/data >> valid users = "@LOCAL+Domain Users" >> admin users = "@LOCAL+Domain Admins" >> read only = no >> browseable = no >> map acl inherit = yes >> inherit acls = yes >> create mask = 0600 >> directory mask = 0700 >> store dos attributes = yes >> csc policy = disable >> >> What should I change to be able to attribute permissions to the >> "Authenticated Users" group ? >> >> >> Thanks a lot for your help ! >> >> Arnaud >
Windows PDC? Does wbinfo -u return a list of domain users? On 04/29/2011 09:44 AM, Arnaud Lesauvage wrote:> Le 29/04/2011 14:45, Aaron E. a ?crit : >> Does the file system your working with support ACL? IS it set to use >> acls in the /etc/fstab? > > Hi Aaron, thanks for your answer. > Yes, it is set to use ACL and usr_xattr. Both work well. > But "Authenticated Users" seem to be not mappable to a gid. > > > > >> On 04/29/2011 06:24 AM, Arnaud Lesauvage wrote: >>> Hi list ! >>> >>> I have found someone having a similar problem back in 2007 >>> (http://lists.samba.org/archive/samba/2007-April/131574.html), but as I >>> understand it, this problem is fixed for a long time now. >>> >>> So basically, I am trying to give "Authenticated Users" some permissions >>> on a folder in a samba share, but when I wheck back either with my >>> windows GUI or via getfacl, the permission has just been dismissed and >>> nothing ahas changed. >>> >>> The serveur is running samba version 3.2.7 on OpenSuse 11. >>> >>> Here is the result of testparm : >>> [global] >>> workgroup = dom >>> realm = dom.ext >>> server string = Samba Server >>> security = ADS >>> password server = pdc1.dom.ext pdc2.dom.ext >>> idmap uid = 1200-20000 >>> idmap gid = 1200-20000 >>> winbind separator = + >>> winbind enum users = Yes >>> winbind enum groups = Yes >>> winbind use default domain = Yes >>> winbind expand groups = 3 >>> >>> And for the share where the folder is stored : >>> [data] >>> comment = data >>> path = /srv/samba/data >>> valid users = "@LOCAL+Domain Users" >>> admin users = "@LOCAL+Domain Admins" >>> read only = no >>> browseable = no >>> map acl inherit = yes >>> inherit acls = yes >>> create mask = 0600 >>> directory mask = 0700 >>> store dos attributes = yes >>> csc policy = disable >>> >>> What should I change to be able to attribute permissions to the >>> "Authenticated Users" group ? >>> >>> >>> Thanks a lot for your help ! >>> >>> Arnaud >> >
Yes, windows PDC running Windows 2003 R2 (NO unix extensions). wbinfo -u works fine. But "wbinfo -Y S-1-5-11" returns "Could not convert sid S-1-5-11 to gid" And that is exactly what happened to the OP of the discussion I quoted in my original message. Le 29/04/2011 16:00, Aaron E. a ?crit :> Windows PDC? > > Does wbinfo -u return a list of domain users? > > On 04/29/2011 09:44 AM, Arnaud Lesauvage wrote: >> Le 29/04/2011 14:45, Aaron E. a ?crit : >>> Does the file system your working with support ACL? IS it set to use >>> acls in the /etc/fstab? >> >> Hi Aaron, thanks for your answer. >> Yes, it is set to use ACL and usr_xattr. Both work well. >> But "Authenticated Users" seem to be not mappable to a gid. >> >> >> >> >>> On 04/29/2011 06:24 AM, Arnaud Lesauvage wrote: >>>> Hi list ! >>>> >>>> I have found someone having a similar problem back in 2007 >>>> (http://lists.samba.org/archive/samba/2007-April/131574.html), but as I >>>> understand it, this problem is fixed for a long time now. >>>> >>>> So basically, I am trying to give "Authenticated Users" some permissions >>>> on a folder in a samba share, but when I wheck back either with my >>>> windows GUI or via getfacl, the permission has just been dismissed and >>>> nothing ahas changed. >>>> >>>> The serveur is running samba version 3.2.7 on OpenSuse 11. >>>> >>>> Here is the result of testparm : >>>> [global] >>>> workgroup = dom >>>> realm = dom.ext >>>> server string = Samba Server >>>> security = ADS >>>> password server = pdc1.dom.ext pdc2.dom.ext >>>> idmap uid = 1200-20000 >>>> idmap gid = 1200-20000 >>>> winbind separator = + >>>> winbind enum users = Yes >>>> winbind enum groups = Yes >>>> winbind use default domain = Yes >>>> winbind expand groups = 3 >>>> >>>> And for the share where the folder is stored : >>>> [data] >>>> comment = data >>>> path = /srv/samba/data >>>> valid users = "@LOCAL+Domain Users" >>>> admin users = "@LOCAL+Domain Admins" >>>> read only = no >>>> browseable = no >>>> map acl inherit = yes >>>> inherit acls = yes >>>> create mask = 0600 >>>> directory mask = 0700 >>>> store dos attributes = yes >>>> csc policy = disable >>>> >>>> What should I change to be able to attribute permissions to the >>>> "Authenticated Users" group ? >>>> >>>> >>>> Thanks a lot for your help ! >>>> >>>> Arnaud >>> >> >
On Fri, Apr 29, 2011 at 04:11:34PM +0200, Arnaud Lesauvage wrote:> Yes, windows PDC running Windows 2003 R2 (NO unix extensions). > wbinfo -u works fine. > > But "wbinfo -Y S-1-5-11" returns "Could not convert sid S-1-5-11 to gid" > And that is exactly what happened to the OP of the discussion I > quoted in my original message.Try "force unknown acl user = yes"
Hi Jeremy, thanks for your answer. Le 29/04/2011 20:00, Jeremy Allison a ?crit :> On Fri, Apr 29, 2011 at 04:11:34PM +0200, Arnaud Lesauvage wrote: >> Yes, windows PDC running Windows 2003 R2 (NO unix extensions). >> wbinfo -u works fine. >> >> But "wbinfo -Y S-1-5-11" returns "Could not convert sid S-1-5-11 to gid" >> And that is exactly what happened to the OP of the discussion I >> quoted in my original message. > > Try "force unknown acl user = yes"Nope, no better.