Further to my e-mails below: I am running Samba 3.0.14a-Debian.
My garydale account owns all the directories I am sharing. The group is set to "users" for all of them also. All of the user's linux accounts are members of the Linux "users" group.
However, I suspect the root of the problem is to be found in my inability to change passwords through XP Pro.
Further to my e-mail below: I just tried to change some share permissions from an XP Pro workstation by right-clicking on the share | properties | security. The security window shows me the existing permissions which seem correct. Because it takes a second to translate the SIDs into names, I can also see that the SID is the same as reported below from pdbedit. However, even though I have write access to the share (yes, I can write to it), the permissions all show empty (unchecked). Nor can I change them. I can change the boxes when I click "apply", they revert to the old values. I note that when I click on the Add button then the advanced button I can get a full listing of the groups from Samba. Clearly my XP Pro workstation is talking to Samba, but I can't get it to change my password or recognize my "right" to change file permissions. Surely someone must have a clue as to how I can track down the cause of this problem? ------------------------------------------------------------------ I've set up NT domains from scratch and things work. However, in this case I vampired the old settings over to my new Samba PDC from a W2K server which I then removed from the network. Everything almost works, except ... The main thing is that I can't seem to change the domain passwords from the XP Pro workstations. Normally you do Ctrl-Alt-Del and select change password, then fill in the blanks, hit enter and the password gets changed. However, when I try, I get a long wait - about 5 minutes - then "the system cannot change your password now because the domain RAHIM-DALE is unavailable" (where RAHIM-DALE is my domain name). This happens on whatever XP Pro workstation I try. I've even tried removing a domain account and recreating it, but the same thing happens. If I change the passwords through SWAT, XP sees the new passwords and stops bugging me to change them. I looked at the tdb entries using the pdbedit program and can't see anything wrong. The home directories get mapped properly. However, only my account, which is in the Domain Admins group, seems to be able to write to the shares! Another oddity is that I can't seem to copy a file larger than 2G to the server. Any ideas anyone? BTW: the server is running plain vanilla Debian 3.1 (Sarge) with ReiserFS. Here's a pdbedit -Lv of my account: Unix username: garydale NT username: Account Flags: [U ] User SID: S-1-5-21-1715567821-789336058-854245398-3000 Primary Group SID: S-1-5-21-1715567821-789336058-854245398-3001 Full Name: Gary Dale Home Directory: \\semper\garydale HomeDir Drive: M: Logon Script: scripts\logon.bat Profile Path: \\semper\Profiles\garydale Domain: RAHIM-DALE Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Mon, 18 Jan 2038 22:14:07 GMT Kickoff time: Mon, 18 Jan 2038 22:14:07 GMT Password last set: Sun, 14 Aug 2005 22:44:09 GMT Password can change: Mon, 15 Aug 2005 22:44:09 GMT Password must change: Mon, 26 Sep 2005 21:31:41 GMT Last bad password : 0 Bad password count : 0 Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF Here's my smb.conf: Samba config file created using SWAT # from 127.0.0.1 (127.0.0.1) # Date: 2005/09/14 21:34:51 # Global parameters [global] workgroup = RAHIM-DALE server string = %h PDC (Samba %v) passdb backend = tdbsam, guest passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 printcap name = cups add user script = /usr/sbin/useradd -g samba -c %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/usermod -G `/usr/bin/id -G %g %u add machine script = /usr/sbin/useradd -g machines -c Machine -d /dev/null -s /bin/false %u logon script = scripts\logon.bat logon path = \\%L\Profiles\%U logon drive = M: logon home = \\%L\%U domain logons = Yes os level = 35 preferred master = Yes domain master = Yes wins support = Yes ldap ssl = no panic action = /usr/share/samba/panic-action %d idmap uid = 10000-20000 idmap gid = 10000-20000 invalid users = root admin users = garydale, root hosts allow = 192.168.2. printing = cups print command = lpq command = %p lprm command = [netlogon] comment = Logon Server Share path = /home/samba/netlogon read only = No [profiles] path = /home/samba/profiles read only = No profile acls = Yes [printers] comment = All Printers path = /var/spool/samba printer admin = root, garydale create mask = 0600 guest ok = Yes printable = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/printers printer admin = root, garydale [archives] path = /home/shares/archives write list = +Users, +users read only = No create mask = 0770 directory mask = 0770 [communications] path = /home/shares/communications read only = No create mask = 0770 directory mask = 0770 [dosstuff] path = /home/shares/dosstuff read only = No create mask = 0770 directory mask = 0770 [games] path = /home/shares/games read only = No create mask = 0770 directory mask = 0770 [graphics] path = /home/shares/graphics read only = No create mask = 0770 directory mask = 0770 [hardware] path = /home/shares/hardware read only = No create mask = 0770 directory mask = 0770 [install] path = /home/shares/install read only = No create mask = 0770 directory mask = 0770 [office] path = /home/shares/office read only = No create mask = 0770 directory mask = 0770 [tools] path = /home/shares/tools read only = No create mask = 0770 directory mask = 0770 [utility] path = /home/shares/utility read only = No create mask = 0770 directory mask = 0770 [media$] path = /home/secure/media valid users = garydale read only = No create mask = 0770 directory mask = 0770 [webpages$] path = /home/secure/webpages valid users = garydale read only = No create mask = 0770 directory mask = 0770 [ML-1210] comment = Samsung ML-1210 laser printer path = /tmp printer admin = root, garydale read only = No create mask = 0600 guest ok = Yes printable = Yes printer name = ML-1210 oplocks = No share modes = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
