HI All,

I have a Redhat 7.2 runing samba 2.2 and configured samba to share folders. The folders is accessable by everyone (no permission set). The W2K servers will map a network driver while it startup (before user login) from samba shares. For example: if I have a samba share called "temp" and I then access this share from a windows 2000 server. Can I then go to the properties of this folder, click on the security tab and then add or remove users or groups from the NT domain that can have access that folder "temp". I encountered that if I try do this I can add users or groups from our domain (NT users) and specify what access each should have ie: read only or full control, but when I click on the "OK" or "Apply" button to apply these changes I get an error saying "Unable to save permission changes on folder. Access is denied" or the added user name is disappear.

I have some W2K servers (different workgroup)need to add the permission on the same samba shared folder "temp" Is it something that I need to do at samba server? How can I apply permission.

"I encountered that if I try do this I can add users or groups from our domain (NT users) and specify what access each should have ie: read only or full control, but when I click on the "OK" or "Apply" button to apply these changes I get an error saying "Unable to save permission changes on folder."

First you need add your domain users on Linux...and then you can set permission on the linux machine.You can,t modify the Linux shares permission on another Box.

post your smb.conf file and I'll help more...

Hi,

The smb.conf as below:

[global]
coding system =
client code page = 850
code page directory = /usr/share/samba/codepages
workgroup = MYGROUP
netbios name =
netbios aliases =
netbios scope =
server string = Samba Server
interfaces =
bind interfaces only = No
security = SHARE
encrypt passwords = Yes
update encrypted = No
allow trusted domains = Yes
hosts equiv =
min passwd length = 5
map to guest = Never
null passwords = No
obey pam restrictions = No
password server =
smb passwd file = /etc/samba/smbpasswd
root directory =
pam password change = No
passwd program = /bin/passwd
passwd chat = *new*password* %n\n *new*password* %n\n *changed*
passwd chat debug = No
username map =
password level = 0
username level = 0
unix password sync = No
restrict anonymous = No
lanman auth = Yes
use rhosts = No
log level = 2
syslog = 1
syslog only = No
log file = /var/log/samba/%m.log
max log size = 0
timestamp logs = Yes
debug hires timestamp = No
debug pid = No
debug uid = No
protocol = NT1
large readwrite = No
max protocol = NT1
min protocol = CORE
read bmpx = No
read raw = Yes
write raw = Yes
nt smb support = Yes
nt pipe support = Yes
nt acl support = Yes
announce version = 4.5
announce as = NT
max mux = 50
max xmit = 65535
name resolve order = lmhosts host wins bcast
max packet = 65535
max ttl = 259200
max wins ttl = 518400
min wins ttl = 21600
time server = No
change notify timeout = 60
deadtime = 0
getwd cache = Yes
keepalive = 300
lpq cache time = 10
max smbd processes = 0
max disk size = 0
max open files = 10000
read size = 16384
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
stat cache size = 50
total print jobs = 0
load printers = Yes
printcap name = /etc/printcap
enumports command =
addprinter command =
deleteprinter command =
show add printer wizard = Yes
os2 driver map =
strip dot = No
character set =
mangled stack = 50
stat cache = Yes
domain admin group =
domain guest group =
machine password timeout = 604800
add user script =
delete user script =
logon script =
logon path = \\%N\%U\profile
logon drive =
logon home = \\%N\%U
domain logons = No
os level = 20
lm announce = Auto
lm interval = 60
preferred master = Auto
local master = Yes
domain master = Auto
browse list = Yes
enhanced browsing = Yes
dns proxy = No
wins proxy = No
wins server =
wins support = No
wins hook =
kernel oplocks = Yes
oplock break wait time = 0
add share command =
change share command =
delete share command =
config file =
preload =
lock dir = /var/cache/samba
default service =
message command =
dfree command =
valid chars =
remote announce =
remote browse sync =
socket address = 0.0.0.0
homedir map = auto.home
time offset = 0
NIS homedir = No
source environment =
panic action =
hide local users = No
host msdfs = No
winbind uid =
winbind gid =
template homedir = /home/%D/%U
template shell = /bin/false
winbind separator = \
winbind cache time = 15
comment =
path =
alternate permissions = No
username =
guest account = nobody
invalid users =
valid users =
admin users =
read list =
write list =
printer admin =
force user =
force group =
read only = Yes
create mask = 0744
force create mode = 00
security mask = 0777
force security mode = 00
directory mask = 0755
force directory mode = 00
directory security mask = 0777
force directory security mode = 00
inherit permissions = No
guest only = No
guest ok = No
only user = No
hosts allow = 192.168.1. 192.168.2. 127.
hosts deny =
status = Yes
max connections = 0
min print space = 0
strict sync = No
sync always = No
write cache size = 0
max print jobs = 1000
printable = No
postscript = No
printing = lprng
print command = lpr -r -P%p %s
lpq command = lpq -P%p
lprm command = lprm -P%p %j
lppause command =
lpresume command =
queuepause command =
queueresume command =
printer name =
printer driver =
printer driver file = /etc/samba/printers.def
printer driver location =
default case = lower
case sensitive = No
preserve case = Yes
short preserve case = Yes
mangle case = No
mangling char = ~
hide dot files = Yes
hide unreadable = No
delete veto files = No
veto files =
hide files =
veto oplock files =
map system = No
map hidden = No
map archive = Yes
mangled names = Yes
mangled map =
browseable = Yes
blocking locks = Yes
fake oplocks = No
locking = Yes
oplocks = Yes
level2 oplocks = Yes
oplock contention limit = 2
posix locking = Yes
strict locking = No
share modes = Yes
copy =
include =
exec =
preexec close = No
postexec =
root preexec =
root preexec close = No
root postexec =
available = Yes
volume =
fstype = NTFS
set directory = No
wide links = Yes
follow symlinks = Yes
dont descend =
magic script =
magic output =
delete readonly = No
dos filemode = No
dos filetimes = No
dos filetime resolution = No
fake directory create times = No
vfs object =
vfs options =
msdfs root = No

[homes]
comment = Home Directories
valid users = %S
read only = No
create mask = 0664
directory mask = 0775
browseable = No

[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No

[tmp]
comment = Temporary file space
path = /home/share
read only = No
guest ok = Yes


Thanks for your help!

For example .... users called tim and john can belong to a group called Executive.....and the second group with less priviledges called employees(Jane and Steve)
---------------------------------------------------
To make Executive group to have complete control over the "Temp" folder do this
: [Temp]
path = /home/share
comment = Temp
writable = yes
write list = @Executive
Public = yes

---> this way people in Executive goup will have write access over the folder.Alsoo make sure tim and john have write access to /home/share.

You can also make all users to have read/write access.Just set the permissions to chmod 0777 /home/share

-Ask if there's more you wanna ask...

Hi,

Thanks for your help!

It seems that I can't set the permission like that. It is because that some of Windows 2000 application will use the samba shared folder to write/read data (never using any userID to access the "Temp"). The applicaiton can't access the shared folder if I set read/write group on samba.

If I can't set permission on that folder "Temp" from Windows 2000. Can I set the deny access on the samba configure file. I tried to set "invalid users = test" on the shared folder "Temp" (The user "test with same ID and password between W2K and Linux box/samba user), but it seems doesn't work with this. That user still can access the folder with read/write permission from W2k.

Any idea?! THANKS