Felipe Augusto van de Wiel <[EMAIL PROTECTED]> writes: >> Harry is a member of the Administrators group and user accounts on the >> windows xp pro machine. I see nothing called >> `Domain Administrators' in the windows dialog for users and groups. > > Domain Adminitrators is a group on networks that has a > domain properly configured. > > >> Harry has no account on the linux machine. Hence the need to map to a >> unix user account. > > "admin users" and "root" (usermap) parameters has a > special combination according to your security parameter, > it is documented in the smb.conf the different situations.
The only mentions so `root' in my smb.conf.example are in regards to setting up some kind of ldap situtaion or in regards to printing. Neither is what I'm attempting to do. What do you mean by `your security parameter' above? >> It is not at all clear what I would need to do with `net groupmap'. > > 'net groupmap' is the recommended way to have Domain > Administrators working on a Domain Network, but looks like it > is not your case. > > >> Can you be a bit more specific? > > It is not clear why do you want a root/Admin user in > a network that looks like to have share as security parameter. > Anyway, we probably need your smb.conf and a relevant part of > the log with loglevel/debuglevel increased. What do you mean by `have share as security parameter' here? As posted in OP, security is not much of a factor here since I am the only user of either windows or unix machines on the network. It is a home network where I am the sole user and environmental security factors are nearly non-existent. I want my windows user to have root access to anything on the linux machine. The whole machine is shared thru samba, starting at `/'. The whole of the windows machines are shared on the hard drive level. My linux user has complete access to the windows machines. I want my windows user to have complete access to linux machines. ================= Partial smb.conf: [global] workgroup = HOME server string = "" printcap name = cups load printers = yes printing = cups printer admin = @adm log file = /var/log/samba/log.%m max log size = 50 log level = 7 map to guest = bad user security = user encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no [homes] comment = Home Directories browseable = no writable = yes [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = yes writable = no printable = yes create mode = 0700 print command = lpr-cups -P %p -o raw %s -r # using client side printer drivers. [print$] path = /var/lib/samba/printers browseable = yes read only = yes write list = @adm root guest ok = yes [smWinBk] comment = "" valid users = reader Harry path = /anex2/win_bk/ writeable = yes guest ok = yes [smUsrLocal] comment = "" valid users = reader Harry path = /usr/local writeable = yes guest ok = yes [smRootHome] comment = "" valid users = reader Harry path = /root writeable = yes guest ok = yes [smRoot] comment = "" valid users = reader Harry path = / writeable = yes guest ok = yes [smReader] comment = "" valid users = reader Harry path = /home/reader writeable = yes guest ok = yes [smPub] comment = "" valid users = reader harry path = /pub writeable = yes guest ok = yes ============================== smbusers: root = administrator admin harry Harry reader nobody = guest pcguest smbguest reader = harry Harry ============================= log extract: I hope this is the relevant part. I cranked log level up to 7 and its hard to tell what might be usefull. I've posted a small snippet below but have put the entire ouput of one failure at: http://www.jtan.com/~reader/smb.log To try to give you a head start, what I did was try to access /root on the linux box from a windows machine, logged in there as user harry. I started by rm -f /var/log/samba/log.chub. Then made my attempt from chub (a windows machine). The log produced by that one attempt is what is posted on line at above address. A partial extract is posted here: ================================== [...] [2006/09/12 11:11:39, 3] smbd/process.c:switch_message(914) switch message SMBtrans2 (pid 3652) conn 0x803f2198 [2006/09/12 11:11:39, 4] smbd/uid.c:change_to_user(176) change_to_user: Skipping user change - already user [2006/09/12 11:11:39, 3] smbd/trans2.c:call_trans2findfirst(1662) call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=0, close_if_end = 2 requires_resume_key = 4 level = 0x104, max_data_bytes = 16384 [2006/09/12 11:11:39, 10] smbd/msdfs.c:parse_processed_dfs_path(91) temp in parse_processed_dfs_path: .Reader/smRoot/root/*. after trimming \'s [2006/09/12 11:11:39, 10] smbd/msdfs.c:parse_processed_dfs_path(101) parse_processed_dfs_path: hostname: Reader [2006/09/12 11:11:39, 10] smbd/msdfs.c:parse_processed_dfs_path(113) parse_processed_dfs_path: servicename: smRoot [2006/09/12 11:11:39, 10] smbd/msdfs.c:parse_processed_dfs_path(123) parse_processed_dfs_path: rest of the path: root/* [2006/09/12 11:11:39, 10] smbd/msdfs.c:resolve_dfs_path(337) resolve_dfs_path: Conn path = / req_path = root/* [2006/09/12 11:11:39, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "root/*" [2006/09/12 11:11:39, 10] smbd/statcache.c:stat_cache_lookup(215) stat_cache_lookup: lookup failed for name [ROOT/*] [2006/09/12 11:11:39, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [ROOT] -> [root] [2006/09/12 11:11:39, 5] smbd/filename.c:unix_convert(185) unix_convert begin: name = root/*, dirpath = root, start = * [2006/09/12 11:11:39, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled * ? [2006/09/12 11:11:39, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component * (len 1) ? [2006/09/12 11:11:39, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled * ? [2006/09/12 11:11:39, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component * (len 1) ? [2006/09/12 11:11:39, 5] smbd/filename.c:unix_convert(335) New file * [2006/09/12 11:11:39, 5] smbd/msdfs.c:is_msdfs_link(269) is_msdfs_link: root/* does not exist. [2006/09/12 11:11:39, 3] smbd/msdfs.c:dfs_redirect(435) dfs_redirect: Not redirecting Reader/smRoot/root/*. [2006/09/12 11:11:39, 3] smbd/msdfs.c:dfs_redirect(439) dfs_redirect: Path converted to non-dfs path root/* [2006/09/12 11:11:39, 5] smbd/filename.c:unix_convert(108) unix_convert called on file "root/*" [2006/09/12 11:11:39, 10] smbd/statcache.c:stat_cache_lookup(215) stat_cache_lookup: lookup failed for name [ROOT/*] [2006/09/12 11:11:39, 10] smbd/statcache.c:stat_cache_lookup(248) stat_cache_lookup: lookup succeeded for name [ROOT] -> [root] [2006/09/12 11:11:39, 5] smbd/filename.c:unix_convert(185) unix_convert begin: name = root/*, dirpath = root, start = * [2006/09/12 11:11:39, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled * ? [2006/09/12 11:11:39, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component * (len 1) ? [2006/09/12 11:11:39, 10] smbd/mangle_hash2.c:is_mangled(276) is_mangled * ? [2006/09/12 11:11:39, 10] smbd/mangle_hash2.c:is_mangled_component(215) is_mangled_component * (len 1) ? [2006/09/12 11:11:39, 5] smbd/filename.c:unix_convert(335) New file * [2006/09/12 11:11:39, 5] smbd/trans2.c:call_trans2findfirst(1719) dir=root, mask = * [2006/09/12 11:11:39, 5] smbd/dir.c:dptr_create(391) dptr_create dir=root [2006/09/12 11:11:39, 5] smbd/dir.c:OpenDir(1045) OpenDir: Can't open root. Permission denied [2006/09/12 11:11:39, 3] smbd/error.c:unix_error_packet(90) unix_error_packet: error string = Permission denied [2006/09/12 11:11:39, 3] smbd/error.c:error_packet(146) error packet at smbd/trans2.c(1772) cmd=50 (SMBtrans2) NT_STATUS_ACCESS_DENIED [2006/09/12 11:11:39, 5] lib/util.c:show_msg(478) [2006/09/12 11:11:39, 5] lib/util.c:show_msg(488) [...] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba