Package: samba Version: 2:3.3.2-1 Severity: normal Hi,
I have a samba pdc that uses an ldapsam backend. Everything seems to work, with the expection of the following share: [store] path = /store hide unreadable = yes csc policy = disable force group = +Power Users inherit acls = true volume = STORE create mask = 0666 directory mask = 0777 When I connect to this share from either smbclient or Windows on a domain workstation, the connection is denied and samba logs "make_connection: connection to store denied due to security descriptor." If I comment out "force group", connections succeed. The users I tested with were members of "power users", but I also tested with just "force group = username" (the name of the actual user), which should have had no effect for that user as his primary gid was already his own usergroup. But the connection was denied even so. The [global] section of my smb.conf reads as follows: [global] dos charset = CP852 display charset = UTF-8 workgroup = KORN netbios name = PDC server string = PDC auth methods = guest sam update encrypted = Yes obey pam restrictions = Yes passdb backend = ldapsam:ldap://192.168.0.99/ pam password change = Yes passwd chat debug = Yes log level = 1 debug class = yes debug prefix timestamp = yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 min protocol = LANMAN1 announce version = 9.9 name resolve order = lmhosts host wins bcast time server = Yes deadtime = 1440 max smbd processes = 30 socket options = SO_KEEPALIVE IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 hostname lookups = Yes add machine script = /usr/local/sbin/add-machine "%u" logon script = %u.cmd logon path = logon drive = N: logon home = \\%L\%u\profile domain logons = Yes os level = 255 preferred master = Yes domain master = Yes ldap admin dn = cn=admin,dc=intra ldap group suffix = ou=Group ldap idmap suffix = ou=idmap ldap machine suffix = ou=Computers ldap passwd sync = Yes ldap user suffix = ou=People ldap suffix = dc=intra,dc=guy ldap ssl = no panic action = /usr/share/samba/panic-action %d ldapsam:trusted = yes ldapsam:editposix = yes admin users = root, Administrator hosts allow = 192.168.0.0/24, 127.0.0.0/8 profile acls = Yes use sendfile = Yes hide dot files = No map archive = No algorithmic rid base = 100000 unix password sync = yes client ntlmv2 auth = yes acl group control = yes force unknown acl user = yes smb ports = 445 139 min receivefile size = 32k disable netbios = no reset on zero vc = yes ea support = yes map acl inherit = yes server signing = auto printcap name = cups printing = cups cups options = "raw" mangle prefix = 3 hide special files = yes map read only = permissions wins support = yes preload = guy utmp = yes delete readonly = yes dos filemode = yes Andras -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.28.5-vs2.3.0.36.7 Locale: LANG=C, LC_CTYPE=hu_HU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- Andras Korn <korn at chardonnay.math.bme.hu> <http://chardonnay.math.bme.hu/~korn/> QOTD: He who laughs, lasts. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org