does your kernel support ACL and Extended Attributes. Also you can set the following settings
inherit acls = (yes/no) nt acl support = map hidden = no map system = no map achieve = no store dos attributes = yes ea support = yes u combine above settings for your enviroment. Als dit you set the privileges for the samba server or do you set the rights as root Louis >-----Oorspronkelijk bericht----- >Van: Mike Partyka [mailto:[EMAIL PROTECTED] >Verzonden: dinsdag 3 januari 2006 13:56 >Aan: Louis van Belle >CC: [email protected] >Onderwerp: Re: [Samba] Windows ACL modify ability? > >Samba 3.0.14a server which is a domain member server of a 2003 >Active Directory and Domain Controller. > >There are no errors that appear in the windows servers event >log, and my smb.conf is pretty simple: > >[global] > unix charset = LOCALE > workgroup = mrpartyka > realm = MRPARTYKA.DOMAIN > server string = SMBv3.0.14a/MS ADS/winbindd > security = ads > log level = 1 > syslog = 0 > log file = /var/log/samba/%m > max log size = 50 > printcap name = CUPS > ldap ssl = No > idmap uid = 10000-40000000 > idmap gid = 10000-40000000 > template primary group = "Domain Users" > template shell = /bin/bash > nt acl support = Yes > printing = cups > # winbind trusted domains only = Yes > winbind separator = \# > >[ftp] > comment = All users share > path = /ftproot > valid users = @"MRPARTYKA\Domain Users" > writeable = Yes > browseable = Yes > >As i said originally, my goal here is to manage >permissions's/ACL's from the server 2003 MMC, but any time i >try to add or remove groups for access on either the Security >tab or the Permissions tab, i get the message "changes could >not be saved, access is denied". Also, though the message >indicates the changes are not saved, if you open the share >properties window again and go to the same permission you just >tried to adjust, the group is there, but when you selected the >group from the AD container, it looked like "MRPARTYA\Domain >Users" and now it's liked as "SAND\Domain Users". SAND is the >hostname of the samba server. > >Is this expected behavior? Due to winbindd making AD groups >and users appear as though they are local groups/users of the >Samba server? Samba logging indicates this: > >[2006/01/03 06:43:18, 0] rpc_server/srv_pipe.c:api_pipe_bind_req(993) > api_pipe_bind_req: unknown auth type 9 requested. >[2006/01/03 06:43:18, 1] smbd/service.c:make_connection_snum(642) > 192.168.0.7 (192.168.0.7) connect to service ftp initially >as user MRPARTYKA\administrator (uid=10000, gid=10000) (pid 3343) >[2006/01/03 06:43:18, 0] rpc_server/srv_pipe.c:api_pipe_bind_req(993) > api_pipe_bind_req: unknown auth type 9 requested. >[2006/01/03 06:43:22, 0] rpc_server/srv_pipe.c:api_pipe_bind_req(993) > api_pipe_bind_req: unknown auth type 9 requested. >[2006/01/03 06:43:29, 1] smbd/service.c:close_cnum(830) > 192.168.0.7 (192.168.0.7) closed connection to service ftp > >I have many messages in the Samba archive asking about enties >like this, but i did not see any responses explaining it. > >Any ideas about how i can correct this problem and manage >share permissions from the server MMC? > >TIA, > > > >On 1/3/06, Louis van Belle <[EMAIL PROTECTED] > wrote: > > Hi, > > first which version of samba are you running? > are you running pdc or AD Member ? > > etc etc. > need more input ;-) > > Louis > > > > >-----Oorspronkelijk bericht----- > >Van: samba-bounces+louis= [EMAIL PROTECTED] ><mailto:[EMAIL PROTECTED]> > >[mailto: >[EMAIL PROTECTED] ><mailto:[EMAIL PROTECTED]> ] > >Namens Mike Partyka > >Verzonden: maandag 2 januari 2006 23:50 > >Aan: [email protected] <mailto:[email protected]> > >Onderwerp: [Samba] Windows ACL modify ability? > > > >I have posted several questions now and have ben unsuccessful > >in getting any > >responses, so i thought i would take a different tack. > > > >I know adjusting permissions on Samba shares, through the > >Microsoft MMC is > >possible when you have POSIX ACL support compiled in your > >kernel. I don't > >think that level of control is necessary for me and short of > >recompiling the > >kernel for that support i have been unable to adjust > >permissions on Samba > >shares through the MMC, i keep getting "Access is denied". > > > >Could someone just toss out a couple ideas about >whether adjustments to > >ACL's ar possible without kernel POSIX ACL support and >if so, what some > >causes of the "Access is denied" could be? > > > >TIA, > > > >-MIKE > >-- > >To unsubscribe from this list go to the following URL >and read the > >instructions: >https://lists.samba.org/mailman/listinfo/samba ><https://lists.samba.org/mailman/listinfo/samba> > > > > -- > To unsubscribe from this list go to the following URL >and read the > instructions: >https://lists.samba.org/mailman/listinfo/samba ><https://lists.samba.org/mailman/listinfo/samba> > > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
