LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Accessed Denied while trying to change perrnissions - Windows Domain (https://www.linuxquestions.org/questions/linux-newbie-8/accessed-denied-while-trying-to-change-perrnissions-windows-domain-940519/)

profector21 04-18-2012 03:29 PM

Accessed Denied while trying to change perrnissions - Windows Domain
 
Hoping someone can point me in the right direction. I recently setup a few shared folders using samba. At first I forced a local user in /etc/samba/smb.conf and everything worked ok. Everyone could read the files and do everything they wanted. The problem? I was letting everyone have access to all of the files. Since I'm using Wndows Servers for domain controllers I figured active directory would be a good way of controlling access. After all everyone already has an account there and they are already assigned a group. But it's not working out so well.

I've seemingly joined the Linux RHEL 6 server to the domain and I can see my user and groups list using wbinfo -u and wbinfo -g. I'm was thinking that I was done, but now when I go to the share from a windows computer, that is logged on with as domain admin, I can't make any changes. When I try, I get a message that tell me access denied. Any pointers? Even logged on as the windows domain admim there are some folders I can't access at all, and other where I can add and delete, but I can't copy a file. Strange.

profector21 04-19-2012 10:47 AM

Tried installing samba-swat to see if it would help with the setup but it didn't help any.

profector21 04-20-2012 10:03 AM

This moring I checked the kernal to make sure that ACL support was turned on using
Code:

grep POSIX_ACL config-2.6.32-220.13.1.el6.x86_64
The response was:

Code:

CONFIG_EXT2_FS_POSIX_ACL=y
CONFIG_EXT3_FS_POSIX_ACL=y
CONFIG_EXT4_FS_POSIX_ACL=y
CONFIG_FS_POSIX_ACL=y
CONFIG_XFS_POSIX_ACL=y
CONFIG_BTRFS_FS_POSIX_ACL=y
CONFIG_TMPFS_POSIX_ACL=y
CONFIG_JFFS2_FS_POSIX_ACL=y

So looks good. I'm using EXT4

Rechecked /etc/fstab and this filesystem appears to be mounted correctly

Code:

/dev/sdb1              /f                      ext4    noatime,acl,user_xattr          0 1

Where to go next,recheck samba.conf? Domain and server names were changed to protect the innocent :) Namely me, so I don't get picked up by a search engine and fired for incompetence. :rolleyes:
The Create and Directory Mask's are suspect. I don't remember adding those so I'm guessing it's something that came from SWAT. This is a member server, RHEL 6. The domain controller is a Windows 2003 R2 Server.

Code:

[global]
        workgroup = INFFAST
        realm = INFFAST.COM
        netbios aliases = INFLINUX
        server string = INFLINUX
        security = ADS
        auth methods = winbind
        password server = LENEXA.INFFAST.COM
        client NTLMv2 auth = Yes
        log file = /var/log/samba/%m.log
        max log size = 100
        domain master = No
        dns proxy = No
        socket address =
        idmap uid = 10000-90000
        idmap gid = 10000-90000
        winbind separator = template shell = /bin/bash
        winbind cache time = 180
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind use default domain = Yes
        winbind refresh tickets = Yes
        winbind offline logon = Yes
        winbind normalize names = Yes
        idmap config INFFAST.COM : cache time = 180
        idmap config INFFAST.COM : backend = ad



[f]
          comment = F
        path = /f/
        read only = No
        create mask = 0700
        directory mask = 0700
        inherit permissions = Yes
        inherit acls = Yes
        inherit owner = Yes



K so I'll check the options on /f/ and then try it again.


All times are GMT -5. The time now is 01:50 PM.