Re: [Samba] XP Administrator has no access to shares

Fri, 17 Aug 2012 04:17:54 -0700 

2012-08-17 11:44 keltezéssel, steve írta:

Hi
S4 DC with S3 fileserver.

smb.conf on the fileserver:
[global]
    workgroup = ALTEA
    realm = HH3.SITE
    security = ADS
    kerberos method = secrets and keytab
    winbind enum users = Yes
    winbind enum groups = Yes
    idmap config *:backend = tdb
    idmap config *:range = 3000-4000
    idmap config ALTEA:backend = ad
    idmap config ALTEA:range = 20000-40000000
    idmap config ALTEA:schema_mode = rfc2307
    winbind nss info = rfc2307
    winbind expand groups = 2
    winbind nested groups = yes
    usershare allow guests = No
    winbind refresh tickets = yes

[home]
    path = /home2/home
    read only = No

[staff]
    path = /home2/staff
    read only = No

[profiles]
    path = /home2/profiles
    read only = No
    store dos attributes = Yes
    create mask = 0600
    directory mask = 0700

[dropbox]
    path = /home2/dropbox
    force create mode = 0660
    force directory mode = 0770
    read only = No
wbinfo -u lists Administrator but getent passwd lists only those users with a uidNumber and gidNumber. The latter users can login to xp and enter the shares fine. Administrator can login but gets a password prompt each time he hits a share. Giving the correct password results in XP stating the he has no permission to access the share.
How do I get Administrator to enter and manipulate the shares. I thought that that was his purpose. 

Cheers,
Steve
First: the Windows in the security model Administrator=root from the Unix world it is just a predefined account memeber of the Administrators or in a domain of the Domain Admins group and that gives access , so you could do all the management operation from any other user account member of the Domain Admins group. Second: samba3 smbd and thus s3fs (I think ntvfs not, but I could be wrong) needs that the connected user have a valid uid/gidnumber in order to be able to check the posix acl permissions, so if you want to connect to a Samba3 box with Administrator, first give it all the posix attributes you've give to the other user accounts (however it doesn't need a unixHomedirectory or loginshell if you won't login e.g. via ssh as Administrator) 

Regards

Geza Gemes
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Reply via email to