Re: [Samba] 4.4.14 on solaris, using ads, can't read/write as user
- Date: Thu, 29 Jun 2017 17:30:04 +0100
- From: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] 4.4.14 on solaris, using ads, can't read/write as user
On Thu, 29 Jun 2017 13:14:58 -0300
francis picabia via samba <samba@xxxxxxxxxxxxxxx> wrote:
> On production, we have Samba share on Solaris and ADS config
> working already using 3.6.25
> On a dev box used to test patches, I've spent a day and
> some time on a Oracle support ticket trying to get
> this working again under 4.4.14
> The same problem happens whether I'm testing with homes or a share
> with /tmp.
> The user isn't matching expectations, so it won't allow copying a 700
> file in /tmp
> or [homes] to Windows. It's like my samba connected user has rights
> as "other".
> I thought it could be useful to copy a file from Windows to the /tmp
> share and see who owns it.
> ls -l shows it is the user configured as under "valid users". So
> everything seems to be working as designed, except the UID isn't
> really the same, or something like that.
> Within ls -l /tmp :
> -rwxr--r-- 1 fpicabia domain users 242 Apr 2 2015 debug.log
> # getfacl /tmp/debug.log
> # file: /tmp/debug.log
> # owner: fpicabia
> # group: domain users
> group::r-- #effective:r--
> I'm wondering if there is any way to see how I'm connected when I
> test with smbclient.
> smbstatus shows the user connected as expected. Nothing I can find
> shows an error or difference.
> Here is a snippet showing how /tmp was set up last
> path = /tmp
> browseable = No
> force user = %U
> read only = No
> valid users = fpicabia
> One significant difference from 3.6.25 was winbind was added to
> nsswitch.conf for passwd and group before we could get authentication
> working for 4.4.14.
> Another bit that might help understand the workings: ssh allows
> authentication with the AD password under the current 4.4.14 set up.
> So it is just file ownership matching the UID of the connected user
> that is the problem.
Can you post your entire smb.conf (you can sanitise it if you like) and
can you also tell us what your AD DC is running
To unsubscribe from this list go to the following URL and read the