My OS Server is Linux (Centos 5.2) with kernel 2.6.21.6 On the test system I am "wbarnavon". I use Windows XP as client in a Samba domain. I create a directory /home/wbarnavon/public_html/cinq/Documents/Association Here are the acls: # file: . # owner: wbarnavon # group: users user::rwx user:apache:rwx user:wbarnavon:rwx group::--- mask::rwx other::--- default:user::rwx default:user:apache:rwx default:user:wbarnavon:rwx default:group::--- default:mask::rwx default:other::--- I create a file test.txt here is the acls: # file: test.txt # owner: wbarnavon # group: users user::rwx user:apache:rwx group::--- mask::rwx other::--- Well here is my server configuration: [global] workgroup = ON-FIRE interfaces = eth1, lo bind interfaces only = Yes null passwords = Yes passdb backend = ldapsam:ldap://phoenix.on-fire.local/ username map = /etc/samba/smbusers username level = 1 client NTLMv2 auth = Yes log level = 1 time server = Yes socket options = TCP_NODELAY, IPTOS_LOWDELAY, SO_KEEPALIVE, SO_SNDBUF=14596, SO_RCVBUF=14596 add user script = /usr/sbin/smbldap-useradd -m "%u" ; true delete user script = /usr/sbin/smbldap-userdel "%u" ; true add group script = /usr/sbin/smbldap-groupadd -p "%g" ; true delete group script = /usr/sbin/smbldap-groupdel "%g" ; true add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g" ; true delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g" ; true set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u" ; true add machine script = /usr/sbin/smbldap-useradd -w "%u" logon script = logon.bat logon path = logon drive = U: domain logons = Yes os level = 128 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap admin dn = cn=samba,ou=DSA,dc=on-fire,dc=net ldap delete dn = Yes ldap group suffix = ou=Groupes ldap idmap suffix = ou=Idmap,ou=Samba ldap machine suffix = ou=Ordinateurs ldap suffix = dc=on-fire,dc=net ldap ssl = start tls ldap user suffix = ou=Utilisateurs idmap backend = ldap:ldap://phoenix.on-fire.local idmap uid = 1000-2000000 idmap gid = 1000-2000000 winbind separator = / winbind use default domain = Yes winbind trusted domains only = Yes ldapsam:trusted = yes ea support = Yes map readonly = no store dos attributes = Yes [netlogon] path = /var/spool/samba/netlogon browseable = No root preexec = /etc/samba/scripts/DomainGroupinLocalGroup.sh %m "Utilisateurs avec pouvoir" "Domain Users" [homes] read only = No inherit permissions = Yes inherit acls = Yes map acl inherit = Yes browseable = No [dfs] path = /var/spool/samba/dfs msdfs root = Yes [root$] path = / valid users = administrateur, "@Domain Admins" read only = No browseable = No [home$] path = /home valid users = administrateur, "@Domain Admins" read only = No inherit permissions = Yes inherit acls = Yes map acl inherit = Yes browseable = No [doc] path = /usr/share/doc [packs] path = /usr/local/packs Now the bug ! I can create and delete the test.txt file, but I can't apply modification. I get "Access Refused Error". If I downgrade Samba to 3.2.7, I have not this issue. Here is the log in log.smbd: [2009/02/02 20:25:26, 1] smbd/dosmode.c:get_ea_dos_attribute(208) get_ea_dos_attributes: Cannot get attribute from EA on file .: Error = Opération non supportée [2009/02/02 20:26:50, 0] smbd/service.c:make_connection_snum(740) create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
Please provide a level 10 log file of the whole operation including the session setup if possible. Please note that sensible data may be included.
I have similar problems with profiles share. I gave full rights to everyone, but windows still says that there is too few rights to access file (it greates prf*.tmp file, but isn't able to rename it). and in half cases it ends with Segfault All other shares work as they did before. 3.3.0-SerNet-Debian 0xb794f424 in __kernel_vsyscall () #0 0xb794f424 in __kernel_vsyscall () #1 0xb75b46f3 in ?? () #2 0xb766fff4 in ?? () #3 0xb755246b in ?? () #4 0x00002d4b in ?? () #5 0xbfd7ab58 in ?? () #6 0x00000000 in ?? () [global] passdb backend = tdbsam guest account = ftp name resolve order = lmhosts host wins bcast hostname lookups = Yes logon script = start.bat logon path = \\WWW\profile\%U logon drive = H: logon home = \\WWW\%U domain logons = Yes os level = 65 preferred master = Yes domain master = Yes nt acl support = No [profile] path = /samba/profiles read only = No create mask = 0666 directory mask = 0777 guest ok = Yes profile acls = Yes case sensitive = No preserve case = No short preserve case = No hide files = /desktop.ini/ntuser.ini/NTUSER.*/ browseable = No csc policy = disable locking = No [netlogon] comment = Network Logon Service path = /samba/netlogon write list = @sysop read only = No create mask = 0644 guest ok = Yes csc policy = disable root preexec = /etc/samba/logi.sh %u sisse %T %m %I root postexec = /etc/samba/logi.sh %u valja %T %m %I
Created attachment 3955 [details] debug at level 10 Computer started, started wpkg service to install updates user tamme7 logged in (no profile on samba share) user tamme7 logged out and ended with error that can't copy tamme7/start menu/programs/outlook express.lnk Rest of profile seems to be on place tamme7/start menu/programs/ drwxr-xr-x 3 tamme7 arvutid 4096 2009-02-25 11:18 accessories/ -rw-rw-rw- 1 tamme7 arvutid 738 2009-02-25 11:18 prf90.tmp -rw-rw-rw- 1 tamme7 arvutid 788 2009-02-25 11:17 prf91.tmp -rw-rw-rw- 1 tamme7 arvutid 803 2009-02-25 11:18 prf92.tmp -rw-rw-rw- 1 tamme7 arvutid 122 2009-02-25 11:18 prf93.tmp drwxrwxrwx 2 tamme7 arvutid 4096 2009-02-25 11:17 startup/ No segfault this time :-)
So this one can be closed?
Closing out bug report. Please re-open if it's still an issue. Thanks for reporting!