Hello everyone,
I have a strange problem with my samba server ...
First, the situation :
I'm running a Samba 2.2.7a-8.9.0 (the latest fom redhat 9.0) compiled from
an "src.rpm" with modifications in the SPECS file (--with-winbind &
--with-acl-support) on a linux redhat 9.0 (Kernel 2.4.20-20.9.1 with Acl
patches ...). I have added my linux box into the windows domain (smbpasswd
-j DomainName ...) without any problem. The "wbinfo -u" command give me a
complete account list from the domain and from all the trusted domains ...
Well !
The problem :
I have defined a samba share named "france" based on the following path
"/www/france" and I have applied an ACL on this directory to restrict write
access to a specific Windows Domain Global Group named FRANCE. This group
only contain 4 accounts : PIGNOL PIGNOLTST USERA USERB
Please find bellow the ACL :
__________________________________
# file: france
# owner: france
# group: intranet
#
user::rwx
group::r-x
group:MyDomain\FRANCE:rwx
mask::rwx
other::r-x
#
default:user::rwx
default:group::r-x
default:group:MyDomain\FRANCE:rwx
default:mask::rwx
default:other::r-x
_________________________________
>From a windows workstation, I'm able to connect this Samba Share with a "NET
USE F: \\fruxts06\france" command without any problem.
It works fine for all accounts I use (In Read Only mode of course ...).
BUT, I'm only able to create / update / delete files on this share from
windows using the "MyDomain\PIGNOL" account ! When I use another account
(member or not of the "MyDomain\FRANCE" group) I obtain an error window :
"
Unable to create the file 'mydocument.txt'
Access is denied.
"
BUT ... Locally on the linux system I have a "PIGNOL" account ... Ambiguous
situation !
So ... I have tried to rename my local linux account from PIGNOL to
PIGNOLADM (Stop Smb/Winbind - clear the "/var/cache/samba" directory - Start
Winbind/Smb) and to create a file from windows using the MyDomain\PIGNOL
account ... And ... It already works fine !
Gloups Gloups !
Please help.
Thanks a lot and regards
Christian PIGNOL
My "smb.conf" -----------------------------------------------
# Global parameters
[global]
workgroup = MyDomain
netbios name = FRUXTS06
netbios aliases = fruxts06
server string = fruxts06 / RH 9 / Proto Intranet
security = DOMAIN
encrypt passwords = Yes
obey pam restrictions = Yes
password server = *
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retyp ... Etc ...
unix password sync = Yes
log file = /var/log/samba/%m.log
max log size = 100
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
add user script = /usr/sbin/useradd %u -g smbusers
delete user script = /usr/sbin/userdel %u
os level = 33
preferred master = No
local master = No
domain master = No
dns proxy = No
wins server = 54.101.54.238
winbind uid = 10000-20000
winbind gid = 10000-20000
template shell = /bin/bash
printing = lprng
[france]
comment = fruxts06 - france
path = /www/france
read only = No
inherit permissions = Yes
inherit acls = Yes
case sensitive = Yes
dos filemode = Yes
dos filetimes = Yes
dos filetime resolution = Yes
fake directory create times = Yes
------------------------------------------------------------------------------
Notice: This e-mail message, together with any attachments, contains
information of Merck & Co., Inc. (One Merck Drive, Whitehouse Station, New
Jersey, USA 08889), and/or its affiliates (which may be known outside the
United States as Merck Frosst, Merck Sharp & Dohme or MSD) that may be
confidential, proprietary copyrighted and/or legally privileged, and is
intended solely for the use of the individual or entity named on this message.
If you are not the intended recipient, and have received this message in
error, please immediately return this by e-mail and then delete it.
------------------------------------------------------------------------------
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
