2012-08-17 11:44 keltez?ssel, steve ?rta:> Hi
> S4 DC with S3 fileserver.
>
> smb.conf on the fileserver:
> [global]
> workgroup = ALTEA
> realm = HH3.SITE
> security = ADS
> kerberos method = secrets and keytab
> winbind enum users = Yes
> winbind enum groups = Yes
> idmap config *:backend = tdb
> idmap config *:range = 3000-4000
> idmap config ALTEA:backend = ad
> idmap config ALTEA:range = 20000-40000000
> idmap config ALTEA:schema_mode = rfc2307
> winbind nss info = rfc2307
> winbind expand groups = 2
> winbind nested groups = yes
> usershare allow guests = No
> winbind refresh tickets = yes
>
> [home]
> path = /home2/home
> read only = No
>
> [staff]
> path = /home2/staff
> read only = No
>
> [profiles]
> path = /home2/profiles
> read only = No
> store dos attributes = Yes
> create mask = 0600
> directory mask = 0700
>
> [dropbox]
> path = /home2/dropbox
> force create mode = 0660
> force directory mode = 0770
> read only = No
>
> wbinfo -u lists Administrator but getent passwd lists only those users
> with a uidNumber and gidNumber. The latter users can login to xp and
> enter the shares fine. Administrator can login but gets a password
> prompt each time he hits a share. Giving the correct password results
> in XP stating the he has no permission to access the share.
>
> How do I get Administrator to enter and manipulate the shares. I
> thought that that was his purpose.
>
> Cheers,
> Steve
First: the Windows in the security model Administrator=root from the
Unix world it is just a predefined account memeber of the Administrators
or in a domain of the Domain Admins group and that gives access , so you
could do all the management operation from any other user account member
of the Domain Admins group.
Second: samba3 smbd and thus s3fs (I think ntvfs not, but I could be
wrong) needs that the connected user have a valid uid/gidnumber in order
to be able to check the posix acl permissions, so if you want to connect
to a Samba3 box with Administrator, first give it all the posix
attributes you've give to the other user accounts (however it doesn't
need a unixHomedirectory or loginshell if you won't login e.g. via ssh
as Administrator)
Regards
Geza Gemes