Your running with ldap? Did you made a group mapping. You do not need that with samba/ldap. Besides the two sids and group mangeling. Can you make a directrory on your linux-box and a chown user:"Domain Group" without error? Then the rights are ok. With Office 2007, I had a similar problem. I solved it like this: Set the stiky bit for the group on the share Ex: drwxrws--- 115 root Personal 4096 Aug 17 15:31 personal
[share] comment = yourcomment path = /yourpath/toshare force create mode = 0660 force directory mode = 0770 force group = yourgroup browseable = no valid users = @"Domain Admins" @yourgroup write list = @yourgroup @"Domain Admins" ----------------------------------------------- EDV Daniel Müller Leitung EDV Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24 72076 Tübingen Tel.: 07071/206-463, Fax: 07071/206-499 eMail: muel...@tropenklinik.de Internet: www.tropenklinik.de ----------------------------------------------- -----Ursprüngliche Nachricht----- Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im Auftrag von Karsten Hoffmann Gesendet: Dienstag, 24. August 2010 17:08 An: 'samba' Betreff: Re: [Samba] Word/Excel documents cannot be saved after Samba Upgrade Thanks for your advice, but no change ... I actually noticed some strange in net groupmap To me it looks like we have two different sambaSID, Could the problem be a false mapping of unix group "users"? fileserver:~# net getlocalsid WORKGROUP SID for domain WORKGROUP is: S-1-5-21-2486266552-4179740748-4022069874 fileserver:~# net groupmap list Domain Admins (S-1-5-21-2486266552-4179740748-4022069874-512) -> Domain Admins Domain Users (S-1-5-21-2486266552-4179740748-4022069874-513) -> Domain Users Domain Guests (S-1-5-21-2486266552-4179740748-4022069874-514) -> Domain Guests Domain Computers (S-1-5-21-2486266552-4179740748-4022069874-515) -> Domain Computers Administrators (S-1-5-32-544) -> Administrators Account Operators (S-1-5-32-548) -> Account Operators Print Operators (S-1-5-32-550) -> Print Operators Backup Operators (S-1-5-32-551) -> Backup Operators Replicators (S-1-5-32-552) -> Replicators users (S-1-5-21-3588677525-3898198964-4119851206-1201) -> users ak (S-1-5-21-2486266552-4179740748-4022069874-3001) -> ak fa (S-1-5-21-3588677525-3898198964-4119851206-3003) -> fa im (S-1-5-21-3588677525-3898198964-4119851206-3005) -> im am (S-1-5-21-3588677525-3898198964-4119851206-3011) -> am friend (S-1-5-21-3588677525-3898198964-4119851206-3013) -> friend tg (S-1-5-21-3588677525-3898198964-4119851206-3015) -> tg hn (S-1-5-21-3588677525-3898198964-4119851206-3017) -> hn kontakt (S-1-5-21-3588677525-3898198964-4119851206-3021) -> kontakt ct (S-1-5-21-3588677525-3898198964-4119851206-3023) -> ct mm (S-1-5-21-3588677525-3898198964-4119851206-3019) -> mm sso (S-1-5-21-3588677525-3898198964-4119851206-3025) -> sso nk (S-1-5-21-3588677525-3898198964-4119851206-3007) -> nk sp (S-1-5-21-3588677525-3898198964-4119851206-3009) -> sp ck (S-1-5-21-3588677525-3898198964-4119851206-3049) -> ck gs (S-1-5-21-3588677525-3898198964-4119851206-3051) -> gs sr (S-1-5-21-3588677525-3898198964-4119851206-3053) -> sr friend2 (S-1-5-21-3588677525-3898198964-4119851206-3055) -> friend2 cv (S-1-5-21-3588677525-3898198964-4119851206-3057) -> cv ts (S-1-5-21-3588677525-3898198964-4119851206-3059) -> ts om (S-1-5-21-3588677525-3898198964-4119851206-3065) -> om mg (S-1-5-21-3588677525-3898198964-4119851206-3067) -> mg dw (S-1-5-21-2486266552-4179740748-4022069874-3069) -> dw vm (S-1-5-21-3588677525-3898198964-4119851206-3071) -> vm GF (S-1-5-21-2486266552-4179740748-4022069874-3027) -> jb Berater (S-1-5-21-2486266552-4179740748-4022069874-3029) -> Berater Team1 (S-1-5-21-2486266552-4179740748-4022069874-3031) -> Team1 Team2 (S-1-5-21-2486266552-4179740748-4022069874-3033) -> Team2 Team3 (S-1-5-21-2486266552-4179740748-4022069874-3035) -> Team3 Officemanagement (S-1-5-21-2486266552-4179740748-4022069874-3037) -> Officemanagement vw (S-1-5-21-2486266552-4179740748-4022069874-3039) -> vw jo (S-1-5-21-2486266552-4179740748-4022069874-3041) -> jo Regards Karsten > Try your: nt acl support = Yes > IN nt acl support = NO > > ----------------------------------------------- > EDV Daniel Müller > > Leitung EDV > Tropenklinik Paul-Lechler-Krankenhaus > Paul-Lechler-Str. 24 > 72076 Tübingen > > Tel.: 07071/206-463, Fax: 07071/206-499 > eMail: muel...@tropenklinik.de > Internet: www.tropenklinik.de > ----------------------------------------------- > > -----Ursprüngliche Nachricht----- > Von: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] Im > Auftrag von Karsten Hoffmann > Gesendet: Dienstag, 24. August 2010 14:16 > An: samba > Betreff: [Samba] Word/Excel documents cannot be saved after Samba Upgrade > > Hi, > > after upgrading Samba 3.0.24 to Samba 3.5.4 a strange problem occurs: > > Users cannot anymore save files in MS Office (Word/Excel) on Samba > shares. More precisely: > Save as Office 2007 documents or RTF-Files works fine, but *.doc ist > avoided with Error Message "Not enough memory". > Of course there are lots of memory/space and ACL/Permissions should be > ok since other file operations are working as expected. > > I found some posts reporting this problem before, but nothing really > solved the issue. > > As I understand that this problem is well known, and should be solved. > I would appreciate any hint. > > testparam -vvv > [global] > dos charset = CP850 > unix charset = UTF-8 > display charset = LOCALE > workgroup = WORKGROUP > realm = > netbios name = FILESERVER > netbios aliases = > netbios scope = > server string = %h (Samba %v) > interfaces = > bind interfaces only = Yes > security = USER > auth methods = > encrypt passwords = Yes > update encrypted = No > client schannel = Auto > server schannel = Auto > allow trusted domains = Yes > map to guest = Never > null passwords = No > obey pam restrictions = Yes > password server = * > smb passwd file = /etc/samba/smbpasswd > private dir = /etc/samba > passdb backend = ldapsam > algorithmic rid base = 1000 > root directory = > guest account = nobody > enable privileges = Yes > pam password change = No > passwd program = /usr/bin/passwd %u > passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX > \spassword:* %n\n *password\supdated\ssuccessfully* . > passwd chat debug = No > passwd chat timeout = 2 > check password script = > username map = > password level = 0 > username level = 0 > unix password sync = No > restrict anonymous = 0 > lanman auth = No > ntlm auth = Yes > client NTLMv2 auth = No > client lanman auth = No > client plaintext auth = No > preload modules = > dedicated keytab file = > kerberos method = default > map untrusted to domain = No > log level = 3 > syslog = 0 > syslog only = No > log file = /var/log/samba/log.%m > max log size = 1000 > debug timestamp = Yes > debug prefix timestamp = No > debug hires timestamp = Yes > debug pid = No > debug uid = No > debug class = No > enable core files = Yes > smb ports = 445 139 > large readwrite = Yes > max protocol = NT1 > min protocol = CORE > min receivefile size = 0 > read raw = Yes > write raw = Yes > disable netbios = No > reset on zero vc = No > acl compatibility = auto > defer sharing violations = Yes > nt pipe support = Yes > nt status support = Yes > announce version = 4.9 > announce as = NT > max mux = 50 > max xmit = 16644 > name resolve order = lmhosts wins host bcast > max ttl = 259200 > max wins ttl = 518400 > min wins ttl = 21600 > time server = No > unix extensions = Yes > use spnego = Yes > client signing = auto > server signing = No > client use spnego = Yes > client ldap sasl wrapping = plain > enable asu support = No > svcctl list = > deadtime = 0 > getwd cache = Yes > keepalive = 300 > lpq cache time = 30 > max smbd processes = 0 > paranoid server security = Yes > max disk size = 0 > max open files = 16384 > socket options = TCP_NODELAY > use mmap = Yes > hostname lookups = No > name cache timeout = 660 > ctdbd socket = > cluster addresses = > clustering = No > ctdb timeout = 0 > load printers = Yes > printcap cache time = 750 > printcap name = > cups server = > cups encrypt = No > cups connection timeout = 30 > iprint server = > disable spoolss = No > addport command = > enumports command = > addprinter command = > deleteprinter command = > show add printer wizard = Yes > os2 driver map = > mangling method = hash2 > mangle prefix = 1 > max stat cache size = 256 > stat cache = Yes > machine password timeout = 604800 > add user script = > rename user script = > delete user script = > add group script = > delete group script = > add user to group script = > delete user from group script = > set primary group script = > add machine script = /usr/sbin/smbldap-useradd -w "%u" > shutdown script = > abort shutdown script = > username map script = > logon script = logon.cmd > logon path = \\%L\profiles\%U > logon drive = > logon home = \\%N\%U > domain logons = Yes > init logon delayed hosts = > init logon delay = 100 > os level = 20 > lm announce = Auto > lm interval = 60 > preferred master = No > local master = Yes > domain master = Auto > browse list = Yes > enhanced browsing = Yes > dns proxy = No > wins proxy = No > wins server = > wins support = Yes > wins hook = > kernel oplocks = Yes > lock spin time = 200 > oplock break wait time = 0 > ldap admin dn = "cn=admin,dc=menyesch,dc=de" > ldap delete dn = No > ldap group suffix = ou=Groups > ldap idmap suffix = > ldap machine suffix = ou=Computers > ldap passwd sync = no > ldap replication sleep = 1000 > ldap suffix = dc=menyesch,dc=de > ldap ssl = no > ldap ssl ads = No > ldap deref = auto > ldap follow referral = Auto > ldap timeout = 15 > ldap connection timeout = 2 > ldap page size = 1024 > ldap user suffix = ou=People > ldap debug level = 0 > ldap debug threshold = 10 > eventlog list = > add share command = > change share command = > delete share command = > preload = > lock directory = /var/lib/samba > state directory = /var/lib/samba > cache directory = /var/lib/samba > pid directory = /var/run/samba > utmp directory = > wtmp directory = > utmp = No > default service = > message command = > get quota command = > set quota command = > remote announce = > remote browse sync = > socket address = 0.0.0.0 > nmbd bind explicit broadcast = Yes > homedir map = auto.home > afs username map = > afs token lifetime = 604800 > log nt token command = > time offset = 0 > NIS homedir = No > registry shares = No > usershare allow guests = No > usershare max shares = 0 > usershare owner only = Yes > usershare path = /var/lib/samba/usershares > usershare prefix allow list = > usershare prefix deny list = > usershare template share = > panic action = /usr/share/samba/panic-action %d > perfcount module = > host msdfs = Yes > passdb expand explicit = No > idmap backend = tdb > idmap alloc backend = > idmap cache time = 604800 > idmap negative cache time = 120 > idmap uid = > idmap gid = > template homedir = /home/%D/%U > template shell = /bin/false > winbind separator = \ > winbind cache time = 300 > winbind reconnect delay = 30 > winbind enum users = No > winbind enum groups = No > winbind use default domain = No > winbind trusted domains only = No > winbind nested groups = Yes > winbind expand groups = 1 > winbind nss info = template > winbind refresh tickets = No > winbind offline logon = No > winbind normalize names = No > winbind rpc only = No > create krb5 conf = Yes > comment = > path = > username = > invalid users = > valid users = > admin users = > read list = > write list = > printer admin = > force user = > force group = > read only = Yes > acl check permissions = Yes > acl group control = No > acl map full control = Yes > create mask = 0744 > force create mode = 00 > security mask = 0777 > force security mode = 00 > directory mask = 0755 > force directory mode = 00 > directory security mask = 0777 > force directory security mode = 00 > force unknown acl user = No > inherit permissions = No > inherit acls = No > inherit owner = No > guest only = No > administrative share = No > guest ok = No > only user = No > hosts allow = > hosts deny = > allocation roundup size = 1048576 > aio read size = 0 > aio write size = 0 > aio write behind = > ea support = No > nt acl support = Yes > profile acls = No > map acl inherit = No > afs share = No > smb encrypt = auto > block size = 1024 > change notify = Yes > directory name cache size = 100 > kernel change notify = Yes > max connections = 0 > min print space = 0 > strict allocate = No > strict sync = No > sync always = No > use sendfile = No > write cache size = 0 > max reported print jobs = 0 > max print jobs = 1000 > printable = No > printing = cups > cups options = > print command = > lpq command = %p > lprm command = > lppause command = > lpresume command = > queuepause command = > queueresume command = > printer name = > use client driver = No > default devmode = Yes > force printername = No > printjob username = %U > default case = lower > case sensitive = Auto > preserve case = Yes > short preserve case = Yes > mangling char = ~ > hide dot files = Yes > hide special files = No > hide unreadable = No > hide unwriteable files = No > delete veto files = No > veto files = > hide files = > veto oplock files = > map archive = Yes > map hidden = No > map system = No > map readonly = yes > mangled names = Yes > store dos attributes = No > dmapi support = No > browseable = Yes > access based share enum = No > blocking locks = Yes > csc policy = manual > fake oplocks = No > locking = Yes > oplocks = Yes > level2 oplocks = Yes > oplock contention limit = 2 > posix locking = Yes > strict locking = Auto > share modes = Yes > dfree cache time = 0 > dfree command = > copy = > preexec = > preexec close = No > postexec = > root preexec = > root preexec close = No > root postexec = > available = Yes > volume = > fstype = NTFS > set directory = No > wide links = No > follow symlinks = Yes > dont descend = > magic script = > magic output = > delete readonly = No > dos filemode = No > dos filetimes = Yes > dos filetime resolution = No > fake directory create times = No > vfs objects = > msdfs root = No > msdfs proxy = > > > [Public] > comment = Die Freigabe fuer alle > path = /srv/public > read only = No > create mask = 0777 > force create mode = 0777 > directory mask = 0777 > force directory mode = 0777 > > Thanks > Karsten -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba