Hi,
we've got a worse problem with our s.3.0.4 file server. The server is configured as a domain member server and is running in security=ADS mode. We use the hide unreadable parameter in conjunction with posix ACLs to ensure, that our users only see those folders, on which they have been authorized. With s.2.2.8a everything worked fine. Yesterday we migrated to s.3.0.4 and have now the following problem:
When a user connects a share by using either the NetBIOS- or DNS-Name of the samba server, the posix acls on the directory(ies) aren't interpreted correctly. A user, who normally has necessary rights to access the directories doesn't see them. The directory(ies) keep invisible. Enabling or disabling NetBIOS on the Win2k/XP-Clients didn't help. The only workaround is to connect the share, by using the ip address of the samba server instead of the server name. Then the appearance of the folders match exactly as they did under s.2.2.8a. As far as i could examine (i'm not shure) its seems that only user-acls, set on the directories, get badly interpreted. If a user is member of the domain-group, which has positive acls on the directory, he's able to see and access the directory. Sorry, but the logs didn't help to isolate the problem.
Our system is a SuSE Linux Standard Server (UnitedLinux 1.0/Kernel 2.4.21-138) running s.3.0.4 built from the s.3.0.4-6 source rpm provided by sernet. The filesystem for the user data is XFS. By now, i attach the global-section and the definition of a affected share.
Thank you all for your effort!
[global]
unix charset = ISO8859-15
display charset = ISO8859-15
workgroup = SCHARRNET
realm = SCHARRNET.DE
server string =
security = ADS
password server = maire.scharrnet.de, maitre.scharrnet.de
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
os level = 2
ldap ssl = no
idmap uid = 10000-20000
idmap gid = 10000-20000
template homedir = /data/home/%U
winbind separator = +
strict locking = No[Rechnungswesen]
comment = Abteilungslaufwerk Rechnungswesen auf %L
path = /data/abt/Rechnungswesen
valid users = 'SCHARRNET+Mandant 001 Scharr_Stuttgart_Buchhaltung', 'SCHARRNET+Mandant 001 Scharr_Stuttgart_Controlling', SCHARRNET+Ad
ministrator
read only = No
create mask = 0660
directory mask = 0770
hide unreadable = Yes
browseable = No
volume = DATA
dos filetimes = Yes
dos filetime resolution = Yes
fake directory create times = Yes
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
