Permission issues with domain and Win2000 - Home shares displayed - SMB

This is a discussion on Permission issues with domain and Win2000 - Home shares displayed - SMB ; Hi Guys, I am desperately in trouble with Samba version 3.02 and permissions with Win2000. I have also got a problem with display of home shares. Problem 1: 1. Save a file (EXCEL spreadsheet with some macros) 2. Owner of ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Permission issues with domain and Win2000 - Home shares displayed

  1. Permission issues with domain and Win2000 - Home shares displayed


    Hi Guys,

    I am desperately in trouble with Samba version 3.02 and permissions
    with Win2000.

    I have also got a problem with display of home shares.

    Problem 1:

    1. Save a file (EXCEL spreadsheet with some macros)
    2. Owner of file is the one who saves it.
    3. Group ownership of file is forced to "software".
    4. When other user tries to save/edit file, permission is denied
    sometimes (Inconsistent) and macros that call other files
    in the same share fail to find the files.

    Looking at the properties for the file shows that permissions are "Special"
    when in fact I expected "Full Control".

    This is causing all sorts of headaches when trying to share the
    files.

    I guess one could make all users "Administrator" but that is not
    quite what I want.

    Problem 2:

    When "browsing" the home directory shows up correctly with the
    connecting user name but going into the share shows all the other
    users configured, including the user connected. Clicking on
    the correct user shows the files contained. What could be wrong?


    My setup is like this:

    A group called "software" has been created.
    All users needing access to this share have been added to the group.
    All users have been created as "Domain Users" (GID 513) as part
    of joining the domain.


    The million $$$ question is how does one acheive a config where
    the users can have full read/write/edit/delete control of files
    saved by other users? It seems that Samba simply does not
    allow this. Or there are some mapping problems.

    Note that my LDAP works fine.

    All runs on version 3.0.2-7.FC1 (Fedora Core 1)

    Some pointers or help would be a God send...

    Thanks Tony



    I am including my "smb.conf" (Cut down).

    [global]
    workgroup = WORKGROUP
    server string = Server on %h
    passdb backend = ldapsam:ldap://127.0.0.1
    passwd program = /usr/local/sbin/smbldap-passwd %u
    passwd chat = Long string...
    username map = /etc/samba/smbusers
    printcap name = cups
    add user script = /usr/local/sbin/smbldap-useradd -m %u
    add group script = /usr/local/sbin/smbldap-groupadd -p %g
    add user to group script = /usr/local/sbin/smbldap-groupmod -m %g %u
    delete user from group script = /usr/local/sbin/smbldap-groupmod -x %g %u
    set primary group script = /usr/local/sbin/smbldap-usermod -g %g %u
    add machine script = /usr/local/sbin/smbldap-useradd -w %u
    logon script = scripts\logon.bat
    logon path = \\%L\Profiles\%U
    logon drive = H:
    logon home = \\%L\%U
    domain logons = Yes
    os level = 35
    preferred master = Yes
    domain master = Yes
    ldap suffix = dc=domain,dc=com
    ldap machine suffix = ou=Computers
    ldap user suffix = ou=Users
    ldap group suffix = ou=Groups
    ldap idmap suffix = ou=Users
    ldap admin dn = uid=samba,ou=Users,dc=domain,dc=com
    ldap ssl = no
    ldap passwd sync = Yes
    ldap delete dn = Yes
    idmap uid = 15000-20000
    idmap gid = 15000-20000
    winbind separator = +
    hosts allow = 192.168.1.
    printing = cups

    [homes]
    comment = Home Directories
    path = /pub/homes
    valid users = %S
    read only = No
    create mask = 0700
    directory mask = 0700
    map archive = No
    browseable = No

    [printers]
    comment = All Printers
    path = /var/spool/samba
    printer admin = admin
    create mask = 0600
    guest ok = Yes
    printable = Yes
    browseable = No

    [print$]
    comment = Printer Drivers Share
    path = /pub/samba/drivers
    write list = admin
    printer admin = admin

    [netlogon]
    comment = Network Logon Service
    path = /pub/samba/netlogon
    admin users = admin
    guest ok = Yes
    browseable = No

    [Profiles]
    comment = Roaming Profile Share
    path = /pub/samba/profiles
    read only = No
    create mask = 0600
    directory mask = 0700
    profile acls = Yes

    [software]
    comment = Software
    path = /pub/samba/data/software
    valid users = +software
    force group = software
    read only = No
    create mask = 0770
    force create mode = 0660
    directory mask = 0775
    force directory mode = 0770
    map archive = No


  2. Re: Permission issues with domain and Win2000 - Home shares displayed

    On Wed, 19 May 2004 13:21:52 +1000, Tony wrote:

    >
    > Hi Guys,
    >
    > I am desperately in trouble with Samba version 3.02 and permissions
    > with Win2000.
    >
    > I have also got a problem with display of home shares.



    As always, once a post has been made you find the problem, well
    one of them...

    To get the home share working correctly the following needs to
    be set: path = /pub/homes/%u

    That still leaves the other problem which I have done some
    more testing on.

    2 machines in the domain can share the files, no problems.
    The 3rd machine has problems with permissions when
    logging into the domain but it works fine when logging
    in locally and accessing the share that way.

    I have looked at the 3 machine accounts and they all look
    alike (Apart SID and some other bits)

    All 3 are in the "software" group.

    Note that I have not created a UID for each group, should
    not be needed as each user is mapped to "user" in Linux
    and "Domain User" in Samba via LDAP.

    Hope someone can help out with this extra info.

    Tony

    > Problem 1:
    >
    > 1. Save a file (EXCEL spreadsheet with some macros)
    > 2. Owner of file is the one who saves it.
    > 3. Group ownership of file is forced to "software".
    > 4. When other user tries to save/edit file, permission is denied
    > sometimes (Inconsistent) and macros that call other files
    > in the same share fail to find the files.
    >
    > Looking at the properties for the file shows that permissions are "Special"
    > when in fact I expected "Full Control".
    >
    > This is causing all sorts of headaches when trying to share the
    > files.
    >
    > I guess one could make all users "Administrator" but that is not
    > quite what I want.

    [...snip..]

    >
    > [software]
    > comment = Software
    > path = /pub/samba/data/software
    > valid users = +software
    > force group = software
    > read only = No
    > create mask = 0770
    > force create mode = 0660
    > directory mask = 0775
    > force directory mode = 0770
    > map archive = No



+ Reply to Thread