Hi - We have been using a samba configuration file similar to that
listed below for some years without issue. However when carrying it over
to a new server running Samba 3.4.0 (-3ubuntu5.1), we started
experiencing problems deleting files via Windows Explorer; attempts to
do so are resulting in 'Access is denied'. Similarly, attempting to
change the name of a file or directory is resulting in the same 'Access
is denied' message. There are otherwise no problems reading, creating,
or modifying files or directories.
I found that removing the 'force user' parameter appears to resolve the
issue. The only obvious difference that I saw while examining level 10
logs is that without 'force user' some of the file opens were shown as
performed by 'DOMAIN+user0', whereas with 'force user' they are shown as
being done by 'user0' (connections to the share are logged in through
the domain user0 account). I also found that changing the unix
permissions of the share directory from 755 to 775, while leaving 'force
user' as is, resolved the issue. However neither of these workarounds is
desirable for our current setup.
If anyone has any ideas on how I might solve or further diagnose this
problem, I would appreciate your input.
# getfacl data
# file: data
# owner: user0
# group: domain\040users
user::rwx
group::r-x
other::r-x
[global]
workgroup = DOMAIN
server string = svr2 (Samba %v)
hosts allow = 10.
interfaces = eth0 lo
bind interfaces only = yes
log level = 10
log file = /var/log/samba/%m.log
max log size = 5000
syslog = 0
security = ads
passdb backend = tdbsam
realm = DOMAIN.COM
preferred master = no
encrypt passwords = yes
template shell = /bin/bash
template homedir = /home/%U
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nested groups = Yes
winbind separator = +
allow trusted domains = No
idmap backend = rid:DOMAIN=1000-20000
idmap uid = 1000-21000
idmap gid = 1000-21000
[data]
comment = data (p)
path = /mnt/data
case sensitive = no
follow symlinks = yes
wide links = no
read only = yes
force user = DOMAIN+user0
write list = DOMAIN+user0 DOMAIN+user1 DOMAIN+user2
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
