Samba 3.0.14a server which is a domain member server of a 2003 Active Directory and Domain Controller.
There are no errors that appear in the windows servers event log, and my smb.conf is pretty simple: [global] unix charset = LOCALE workgroup = mrpartyka realm = MRPARTYKA.DOMAIN server string = SMBv3.0.14a/MS ADS/winbindd security = ads log level = 1 syslog = 0 log file = /var/log/samba/%m max log size = 50 printcap name = CUPS ldap ssl = No idmap uid = 10000-40000000 idmap gid = 10000-40000000 template primary group = "Domain Users" template shell = /bin/bash nt acl support = Yes printing = cups # winbind trusted domains only = Yes winbind separator = \# [ftp] comment = All users share path = /ftproot valid users = @"MRPARTYKA\Domain Users" writeable = Yes browseable = Yes As i said originally, my goal here is to manage permissions's/ACL's from the server 2003 MMC, but any time i try to add or remove groups for access on either the Security tab or the Permissions tab, i get the message "changes could not be saved, access is denied". Also, though the message indicates the changes are not saved, if you open the share properties window again and go to the same permission you just tried to adjust, the group is there, but when you selected the group from the AD container, it looked like "MRPARTYA\Domain Users" and now it's liked as "SAND\Domain Users". SAND is the hostname of the samba server. Is this expected behavior? Due to winbindd making AD groups and users appear as though they are local groups/users of the Samba server? Samba logging indicates this: [2006/01/03 06:43:18, 0] rpc_server/srv_pipe.c:api_pipe_bind_req(993) api_pipe_bind_req: unknown auth type 9 requested. [2006/01/03 06:43:18, 1] smbd/service.c:make_connection_snum(642) 192.168.0.7 (192.168.0.7) connect to service ftp initially as user MRPARTYKA\administrator (uid=10000, gid=10000) (pid 3343) [2006/01/03 06:43:18, 0] rpc_server/srv_pipe.c:api_pipe_bind_req(993) api_pipe_bind_req: unknown auth type 9 requested. [2006/01/03 06:43:22, 0] rpc_server/srv_pipe.c:api_pipe_bind_req(993) api_pipe_bind_req: unknown auth type 9 requested. [2006/01/03 06:43:29, 1] smbd/service.c:close_cnum(830) 192.168.0.7 (192.168.0.7) closed connection to service ftp I have many messages in the Samba archive asking about enties like this, but i did not see any responses explaining it. Any ideas about how i can correct this problem and manage share permissions from the server MMC? TIA, On 1/3/06, Louis van Belle <[EMAIL PROTECTED]> wrote: > > Hi, > > first which version of samba are you running? > are you running pdc or AD Member ? > > etc etc. > need more input ;-) > > Louis > > > > >-----Oorspronkelijk bericht----- > >Van: [EMAIL PROTECTED] > >[mailto: [EMAIL PROTECTED] > >Namens Mike Partyka > >Verzonden: maandag 2 januari 2006 23:50 > >Aan: samba@lists.samba.org > >Onderwerp: [Samba] Windows ACL modify ability? > > > >I have posted several questions now and have ben unsuccessful > >in getting any > >responses, so i thought i would take a different tack. > > > >I know adjusting permissions on Samba shares, through the > >Microsoft MMC is > >possible when you have POSIX ACL support compiled in your > >kernel. I don't > >think that level of control is necessary for me and short of > >recompiling the > >kernel for that support i have been unable to adjust > >permissions on Samba > >shares through the MMC, i keep getting "Access is denied". > > > >Could someone just toss out a couple ideas about whether adjustments to > >ACL's ar possible without kernel POSIX ACL support and if so, what some > >causes of the "Access is denied" could be? > > > >TIA, > > > >-MIKE > >-- > >To unsubscribe from this list go to the following URL and read the > >instructions: https://lists.samba.org/mailman/listinfo/samba > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba