Web lists-archives.com

Re: [Samba] 4.4.14 on solaris, using ads, can't read/write as user




On Thu, 29 Jun 2017 13:14:58 -0300
francis picabia via samba <samba@xxxxxxxxxxxxxxx> wrote:

> On production, we have Samba share on Solaris and ADS config
> working already using 3.6.25
> 
> On a dev box used to test patches, I've spent a day and
> some time on a Oracle support ticket trying to get
> this working again under 4.4.14
> 
> The same problem happens whether I'm testing with homes or a share
> with /tmp.
> 
> The user isn't matching expectations, so it won't allow copying a 700
> file in /tmp
> or [homes] to Windows.  It's like my samba connected user has rights
> as "other".
> 
> I thought it could be useful to copy a file from Windows to the /tmp
> share and see who owns it.
> 
> ls -l shows it is the user configured as under "valid users".  So
> everything seems to be working as designed, except the UID isn't
> really the same, or something like that.
> 
> Within ls -l /tmp :
> -rwxr--r--   1 fpicabia    domain users     242 Apr  2  2015 debug.log
> 
> # getfacl /tmp/debug.log
> 
> # file: /tmp/debug.log
> # owner: fpicabia
> # group: domain users
> user::rwx
> group::r--              #effective:r--
> mask:rwx
> other:r--
> 
> 
> I'm wondering if there is any way to see how I'm connected when I
> test with smbclient.
> 
> smbstatus shows the user connected as expected.  Nothing I can find
> shows an error or difference.
> 
> Here is a snippet showing how /tmp was set up last
> 
> [tmp]
>         path = /tmp
>         browseable = No
>         force user = %U
>         read only = No
>         valid users = fpicabia
> 
> One significant difference from 3.6.25 was winbind was added to
> nsswitch.conf for passwd and group before we could get authentication
> working for 4.4.14.
> 
> Another bit that might help understand the workings: ssh allows
> authentication with the AD password under the current 4.4.14 set up.
> 
> So it is just file ownership matching the UID of the connected user
> that is the problem.

Can you post your entire smb.conf (you can sanitise it if you like) and
can you also tell us what your AD DC is running

Rowland


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba