Prev: [Samba] Microsoft Office File Converter Problem
Next: [Samba] Authentication mystery
From: Josh Kelley on 17 Mar 2010 12:30
On Mon, Mar 15, 2010 at 3:24 PM, Josh Kelley <joshkel(a)gmail.com> wrote:

> I'm having a very strange permissions problem with Samba 3.4.7 (installed
> via backports.org) running on Debian Lenny:
>
> If a Windows 7 or Windows Vista client tries to use Windows Explorer to
> access a user's home directory with permissions 0700, the client gets a
> permission denied error.
>
> If the directory is made world readable, it works. (For one user, group
> readable also works. For another user, it does not.)
>
> Accessing the same directory from the command prompt ("dir
> \\server\username") instead of from Windows Explorer works.
>
> Accessing the same directory from Windows Explorer in Windows XP works.
>
> This problem started when we upgraded from Samba 3.2.5 to Samba 3.4.7.
> With Samba 3.2.5, our Vista users were fine, but Windows 7 was unable to
> connect (login failed, apparently due to the NTLMv2 / 128-bit encryption
> limitations that I read about online).
>

I managed to fix this problem. I had been using a username map script since
Samba 3.0.24 to change "DOMAIN\username" to "username" so that users
wouldn't have to SSH in to the (Winbind plus) Samba system as
DOMAIN\username. Apparently, with Samba 3.4.7, this kind of username map is
no longer necessary, and it was keeping Samba from treating users as domain
users and properly resolving their SIDs.

The Samba logfile does say that this is happening (with references to the
Unix User domain and use of a S-1-22-1-... SID), but I had not looked at
that part of the logfile.

I really don't understand why username map is acting differently now, but
since disabling it seems to work, I'm happy.

--
Josh Kelley
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
 | 
Pages: 1
Prev: [Samba] Microsoft Office File Converter Problem
Next: [Samba] Authentication mystery