LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-18-2012, 04:29 PM   #1
profector21
LQ Newbie
 
Registered: Apr 2012
Location: Olathe, KS USA
Distribution: RHEL 6
Posts: 11
Blog Entries: 1

Rep: Reputation: Disabled
Accessed Denied while trying to change perrnissions - Windows Domain


Hoping someone can point me in the right direction. I recently setup a few shared folders using samba. At first I forced a local user in /etc/samba/smb.conf and everything worked ok. Everyone could read the files and do everything they wanted. The problem? I was letting everyone have access to all of the files. Since I'm using Wndows Servers for domain controllers I figured active directory would be a good way of controlling access. After all everyone already has an account there and they are already assigned a group. But it's not working out so well.

I've seemingly joined the Linux RHEL 6 server to the domain and I can see my user and groups list using wbinfo -u and wbinfo -g. I'm was thinking that I was done, but now when I go to the share from a windows computer, that is logged on with as domain admin, I can't make any changes. When I try, I get a message that tell me access denied. Any pointers? Even logged on as the windows domain admim there are some folders I can't access at all, and other where I can add and delete, but I can't copy a file. Strange.

Last edited by profector21; 04-18-2012 at 04:31 PM.
 
Old 04-19-2012, 11:47 AM   #2
profector21
LQ Newbie
 
Registered: Apr 2012
Location: Olathe, KS USA
Distribution: RHEL 6
Posts: 11
Blog Entries: 1

Original Poster
Rep: Reputation: Disabled
Tried installing samba-swat to see if it would help with the setup but it didn't help any.
 
Old 04-20-2012, 11:03 AM   #3
profector21
LQ Newbie
 
Registered: Apr 2012
Location: Olathe, KS USA
Distribution: RHEL 6
Posts: 11
Blog Entries: 1

Original Poster
Rep: Reputation: Disabled
This moring I checked the kernal to make sure that ACL support was turned on using
Code:
grep POSIX_ACL config-2.6.32-220.13.1.el6.x86_64
The response was:

Code:
CONFIG_EXT2_FS_POSIX_ACL=y
CONFIG_EXT3_FS_POSIX_ACL=y
CONFIG_EXT4_FS_POSIX_ACL=y
CONFIG_FS_POSIX_ACL=y
CONFIG_XFS_POSIX_ACL=y
CONFIG_BTRFS_FS_POSIX_ACL=y
CONFIG_TMPFS_POSIX_ACL=y
CONFIG_JFFS2_FS_POSIX_ACL=y
So looks good. I'm using EXT4

Rechecked /etc/fstab and this filesystem appears to be mounted correctly

Code:
/dev/sdb1               /f                      ext4    noatime,acl,user_xattr          0 1

Where to go next,recheck samba.conf? Domain and server names were changed to protect the innocent Namely me, so I don't get picked up by a search engine and fired for incompetence.
The Create and Directory Mask's are suspect. I don't remember adding those so I'm guessing it's something that came from SWAT. This is a member server, RHEL 6. The domain controller is a Windows 2003 R2 Server.

Code:
[global]
        workgroup = INFFAST
        realm = INFFAST.COM
        netbios aliases = INFLINUX
        server string = INFLINUX
        security = ADS
        auth methods = winbind
        password server = LENEXA.INFFAST.COM
        client NTLMv2 auth = Yes
        log file = /var/log/samba/%m.log
        max log size = 100
        domain master = No
        dns proxy = No
        socket address =
        idmap uid = 10000-90000
        idmap gid = 10000-90000
        winbind separator = template shell = /bin/bash
        winbind cache time = 180
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind use default domain = Yes
        winbind refresh tickets = Yes
        winbind offline logon = Yes
        winbind normalize names = Yes
        idmap config INFFAST.COM : cache time = 180
        idmap config INFFAST.COM : backend = ad



[f]
   	comment = F
        path = /f/
        read only = No
        create mask = 0700
        directory mask = 0700
        inherit permissions = Yes
        inherit acls = Yes
        inherit owner = Yes


K so I'll check the options on /f/ and then try it again.

Last edited by profector21; 04-20-2012 at 11:06 AM. Reason: spelling
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
POSTFIX - Relay Denied in other domain name cheesewizz Linux - Newbie 3 06-12-2011 10:25 PM
Linux File Server Accessed by Windows Computers & Outside LAN Haroldm814 Linux - Newbie 4 01-15-2010 12:48 AM
/dev/dsp can't be accessed (permission denied) KDE tells me wilsonsamm Linux - Desktop 3 04-08-2008 09:45 AM
NFS server on Windows 2000 to be accessed from Linux manchines hueofwind Linux - Networking 1 06-20-2006 10:20 PM
linux shares accessed by windows users jtbmoore Linux - Networking 2 02-28-2006 04:25 PM


All times are GMT -5. The time now is 12:23 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration