Hi all,
I am testing samba3 joined to a samba 4 domain controller.
Most things appear to be working okay - just not printer drivers and
file permissions.
Machines can join the domain and use resources on the Samba 3 server, etc.
I can change permissions to my hearts content on the Samba4 shares, just
not Samba3.
I cannot however set any permissions on shares or add printer drivers to
the Samba 3 server.
Winbind appears to be working fine and getent group,passwd lists users
and groups from the S4 server.
Samba 3 config is at the end of this email, the Samba 4 config is what I
got in the provisioning step, with a test share added only.
The printer issue appears odd to me... I can browse to \\server\print$
and write to the folders there.
The typical folders: W32X86, IA64, etc etc. are all there and I can
write to those as well.
When I look in the 'printers and faxes' share the printers are all
listed there.
If i right-click in that share and go to server properties - > drivers
tab the 4 buttons on the bottom are greyed out
as well as everything in the advanced tab.
If I right-click one of the printers a question is asked "the '' print
driver is not installed.... would you like to add it"
There is a single quote in between 'the' and 'print' as above, which
seemed strange.
If I answer 'no' I get the properties screen.
Answering yes appears to go thru the motions of moving files around once
I select the driver.
No files are ever moved to the server, but to \windows\system32
someplace on the workstation.
I can manipulate settings on the advanced tab without it complaining and
it appears to save them EXCEPT the 'new driver' button which is greyed out.
Now, the file permissions on shares might be related to this, but I
don't know.
I don't see anything in the logs that looks fatal when trying to
manipulate printer settings or when opening the properties of a printer.
Now, setting file/folder permissions on shares does yield some
complaints in the log.
(Excerpt is at the bottom)
It seems to be complaining about acl stuff.
I checked the mount options and remounted it as such:
/dev/drbd0 on /srv type ext3 (rw,user_xattr,acl)
(I don't know if it's supposed to be 'user_xttr' OR 'acl' - I tried one,
then the other then both but no change)
Using 'getfacl' on the directory returns:
# file: files
# owner: mark
# group: domain\040users
# flags: ss-
user::rwx
group::rwx
group:domain\040admins:rwx
mask::rwx
other::rwx
I don't know if this is a good test or not....
Here is the log excerpt when changing permissions:
[2010/10/23 22:57:04, 3] smbd/process.c:1459(process_smb)
Transaction 46157 of length 112 (0 toread)
[2010/10/23 22:57:04, 3] smbd/process.c:1273(switch_message)
switch message SMBntcreateX (pid 2814) conn 0x7f618f683c60
[2010/10/23 22:57:04, 3] smbd/vfs.c:865(check_reduced_name)
reduce_name [files/test] [/srv/servroot]
[2010/10/23 22:57:04, 3] smbd/vfs.c:974(check_reduced_name)
reduce_name: files/test reduced to /srv/servroot/files/test
[2010/10/23 22:57:04, 3] smbd/dosmode.c:149(unix_mode)
unix_mode(files/test) returning 0766
[2010/10/23 22:57:04, 3] smbd/vfs.c:865(check_reduced_name)
reduce_name [files/test] [/srv/servroot]
[2010/10/23 22:57:04, 3] smbd/vfs.c:974(check_reduced_name)
reduce_name: files/test reduced to /srv/servroot/files/test
[2010/10/23 22:57:04, 3] smbd/process.c:1459(process_smb)
Transaction 46158 of length 172 (0 toread)
[2010/10/23 22:57:04, 3] smbd/process.c:1273(switch_message)
switch message SMBnttrans (pid 2814) conn 0x7f618f683c60
[2010/10/23 22:57:04, 3]
smbd/nttrans.c:1818(call_nt_transact_set_security_desc)
call_nt_transact_set_security_desc: file = files/test, sent 0x4
[2010/10/23 22:57:04, 3] smbd/dosmode.c:149(unix_mode)
unix_mode(files/test) returning 0766
[2010/10/23 22:57:04, 2] smbd/posix_acls.c:2796(set_canon_ace_list)
set_canon_ace_list: sys_acl_set_file type file failed for file
files/test (Operation not permitted).
[2010/10/23 22:57:04, 3] smbd/posix_acls.c:3846(set_nt_acl)
set_nt_acl: failed to set file acl on file files/test (Operation not
permitted).
[2010/10/23 22:57:04, 3] smbd/error.c:60(error_packet_set)
error packet at smbd/nttrans.c(1828) cmd=160 (SMBnttrans)
NT_STATUS_ACCESS_DENIED
[2010/10/23 22:57:04, 3] smbd/process.c:1459(process_smb)
Transaction 46159 of length 45 (0 toread)
[2010/10/23 22:57:04, 3] smbd/process.c:1273(switch_message)
switch message SMBclose (pid 2814) conn 0x7f618f683c60
[2010/10/23 22:57:04, 3] smbd/reply.c:4478(reply_close)
close directory fnum=10795
Samba3 smb.conf:
[global]
workgroup = TEST
netbios name = test
realm = TEST.REALM.COM
preferred master = no
security = ADS
encrypt passwords = yes
log level = 3
log file = /var/log/samba/%m
winbind separator = +
printcap name = cups
printing = cups
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum groups = yes
winbind enum users = yes
winbind use default domain = yes
[homes]
comment = Home Directories
read only = No
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = yes
use client driver = yes
write list = administrator, @"domain admins"
[printers]
printable = yes
writable = no
path = /var/spool/samba
comment = All Printers
public = yes
create mode = 0700
printer admin = @"domain admins"
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
