Thread: Samba + acl
View Single Post
  #1   (View Single Post)  
Old 30th June 2008
bichumo bichumo is offline
Port Guard
 
Join Date: May 2008
Posts: 21
Default Samba + acl

Hi,

I have a question, regarding to Samba + ACL.

I have configured samba, shares and permissions. But strange thing happens, I can add users through security tab, but I cannot remove them, when I remove user and pres "Apply", the user appears again. Also I cannot see anymore such entries in security tab like "S-1-5-21-1142104244-1849291314-4058548512-513".

In my logs I can see:

Code:
Jun 30 12:36:47 acl smbd[568]:   create_builtin_users: Failed to create Users
Jun 30 12:37:28 acl smbd[725]: [2008/06/30 12:37:28, 0] auth/auth_util.c:create_builtin_administrators(792)
Jun 30 12:37:28 acl smbd[725]:   create_builtin_administrators: Failed to create Administrators
Jun 30 12:37:28 acl smbd[725]: [2008/06/30 12:37:28, 0] auth/auth_util.c:create_builtin_users(758)
Jun 30 12:37:28 acl smbd[725]:   create_builtin_users: Failed to create Users
Jun 30 12:37:28 acl smbd[726]: [2008/06/30 12:37:28, 0] auth/auth_util.c:create_builtin_administrators(792)
Jun 30 12:37:28 acl smbd[726]:   create_builtin_administrators: Failed to create Administrators
Jun 30 12:37:28 acl smbd[726]: [2008/06/30 12:37:28, 0] auth/auth_util.c:create_builtin_users(758)
Jun 30 12:37:28 acl smbd[726]:   create_builtin_users: Failed to create Users
My smb.conf looks like this:

Code:
#======================= Global Settings =====================================
[global]
workgroup = AG
realm = AG.LOCAL
server string = acl
security = ADS
use kerberos keytab = Yes
wins server = 192.168.0.253
ldap ssl = no
#idmap backend = idmap_rid:AG.LOCAL=500-40000000

idmap domains = AG.LOCAL
idmap config AG.LOCAL:backend = rid
idmap config AG.LOCAL:range = 500-40000000


#idmap backend = rid:AG.LOCAL=500-40000000
#idmap uid = 500-40000000
#idmap gid = 500-40000000

template shell = /bin/tcsh
allow trusted domains = No
log level = 3
encrypt passwords = Yes
password server = 192.168.0.253
#syslog only = Yes
#winbind separator = /

winbind use default domain = Yes
winbind uid = 500-40000000
winbind gid = 500-40000000

winbind cache time = 3600
winbind enum users = Yes
winbind enum groups = Yes
winbind nested groups = Yes
#winbind nss info = sfu
winbind offline logon = Yes
winbind refresh tickets = True
#winbind use default domain = Yes
local master = No
load printers = no
log file = /var/log/samba/log.%m
max log size = 500
domain master = No
preferred master = No
create mode = 0644
directory mode = 0755
dns proxy = no
;   display charset = koi8-r
;   unix charset = koi8-r
;   dos charset = cp866
# Use inherited ACLs for directories
    nt acl support = yes
    nt acl support = true
#    inherit acls = yes
#    map acl inherit = yes
#============================ Share Definitions ==============================

[AGS]
   comment = AG Service
   path = /data/AGS
   valid users = AG\user1, AG\user2
   admin users = AG\admin, root, Administrator
   browseable = yes
   writeable = yes
   inherit permissions = Yes
   inherit acls = yes
   create mask = 0644
   guest ok = no
   security mask = 0777
   nt acl support = yes
My groupmap list looks like this:

Domain Users (S-1-5-21-1142104244-1849291314-4058548512-513) -> ntusers
Domain Computers (S-1-5-21-1142104244-1849291314-4058548512-20107) -> computers
Domain Admins (S-1-5-21-1142104244-1849291314-4058548512-512) -> ntadmins
Domain Guests (S-1-5-21-1142104244-1849291314-4058548512-514) -> nobody

I can see all domain users and groups by wbinfo -u and wbinfo -g also by pw user show -a and pw user show -g. With smbclient -L //acl -U .... I can connect and see shares.

What else I am missing?

BTW: pkg_info | grep samba
samba-3.0.28,1 A free SMB and CIFS client and server for UNIX
Reply With Quote