Hello,
I am having issues setting the "read-only" flag via Windows Explorer on my AIX Samba share...
I have on my AIX 7.1 system installed Samba 3.6.24 and configured, joined to our Windows domain successfully.
The samba binaries I got from perzl.org/aix
In my smb.conf I have...
Inside /usr3 I have a folder..
Inside the appsrv folder I have a file..
On my Windows 7 machine I can browse to \\van-xxxxx\usr3 and I can go inside the appsrv directory and open/edit the BradTest.p file, and create other files in this directory, etc...
I am debugging with a single file named "BradTest.p", its permissions are as follows...
The BradTest.p file is owned by another user "rober", which is an Active Directory user-id.
If I login to a Windows 7 machine as "rober" I can browse to the above file and set the read-only flag. If I login to the Windows 7 computer as another user such as "mirte", I can edit the file but I cannot change the read-only flag I get an access denied error message.
Both users belong to the "usr" group, so why can't I logged in as mirte change the read-only flag on the file owned by rober? I can "chown mirte BradTest.p" and then i can modify the read-only flag.
If logged into the computer as "mirte" and creating a dummy file called "testing'txt" in the Samba share, we can see the AD to UNIX userid mapping are working fine because the file created is owned by my user-id and the "usr" group...
I can then set the read-only flag, and when I stat the file again we see..
I can then right click and properties this file and set the read-only flag and we see the permission change reflected below...
What I need to be able to do is as another developer check out a file by setting a read-only flag on it even if it is not owned by me, this previously worked for us prior to migrating to a newer system with a newer samba build (old system had samba 3.5.8, new system has 3.6.24).
I am stumped as to how I could resolve this.. anyone able to point me to the right direction?
---------- Post updated at 04:32 PM ---------- Previous update was at 01:45 PM ----------
I have also made sure the unix "usr" group maps to the "Domain Users" group in AD..
---------- Post updated 03-31-15 at 07:31 AM ---------- Previous update was 03-30-15 at 04:32 PM ----------
Here is also the log from Samba with logging level 3.
In the above log we can see the creation of the file on the samba share, renaming it to "testing.p" and changing its properties...
Setting its read-only flag: unix_mode(testing.p) returning 0544
Removing the read-only flag: unix_mode(testing.p) returning 0744
Then we login to the unix box, change file owner to someone else and try to set the read-only flag again we get...
unix_mode(testing.p) returning 0544
smb_set_file_dosmode: file_set_dosmode of testing.p failed (Operation not permitted.)
mirde closed file testing.p (numopen=2) NT_STATUS_OK
I am having issues setting the "read-only" flag via Windows Explorer on my AIX Samba share...
I have on my AIX 7.1 system installed Samba 3.6.24 and configured, joined to our Windows domain successfully.
The samba binaries I got from perzl.org/aix
In my smb.conf I have...
Code:
[global]
workgroup = WEST
realm = west.mydomain.com
netbios name = van-xxxx
server string =
load printers = no
admin users = "VANXX\Administrator"
log level = 3
log file = /var/log/samba/%m.log
max log size = 50
security = ADS
password server = dc01.west.mydomain.com, dc02.west.mydomain.com
encrypt passwords = yes
guest ok = no
auth methods = winbind
socket options = TCP_NODELAY
interfaces = 172.xxx.xxx.xxx/22
bind interfaces only = yes
local master = no
os level = 33
domain master = no
preferred master = no
wins support = no
wins server = xxx.xxx.xxx.xxx
wins proxy = no
dns proxy = no
idmap uid = 5000-10000000
idmap gid = 5000-10000000
template homedir = /home/%U
template shell = /bin/bash
winbind use default domain = Yes
winbind nested groups = Yes
client use spnego = yes
client signing = yes
[usr3]
comment = usr3
path = /usr3
read only = No
inherit permissions = Yes
nt acl support = Yes
printable = No
guest ok = No
veto oplock files = /*.log/Quote:
|
drwxrwxrwx 17 root system 12288 Mar 30 11:23 appsrv |
Quote:
|
-r-xr--r-- 1 rober usr 111 Mar 30 10:50 BradTest.p |
I am debugging with a single file named "BradTest.p", its permissions are as follows...
Code:
# stat BradTest.p
File: 'BradTest.p'
Size: 111 Blocks: 8 IO Block: 4096 regular file
Device: 2e0001h/3014657d Inode: 73597 Links: 1
Access: (0766/-rwxrw-rw-) Uid: ( 1165/ rober) Gid: ( 100/ usr)The BradTest.p file is owned by another user "rober", which is an Active Directory user-id.
If I login to a Windows 7 machine as "rober" I can browse to the above file and set the read-only flag. If I login to the Windows 7 computer as another user such as "mirte", I can edit the file but I cannot change the read-only flag I get an access denied error message.
Both users belong to the "usr" group, so why can't I logged in as mirte change the read-only flag on the file owned by rober? I can "chown mirte BradTest.p" and then i can modify the read-only flag.
If logged into the computer as "mirte" and creating a dummy file called "testing'txt" in the Samba share, we can see the AD to UNIX userid mapping are working fine because the file created is owned by my user-id and the "usr" group...
Code:
# stat testing.txt
File: 'testing.txt'
Size: 0 Blocks: 0 IO Block: 4096 regular empty file
Device: 2e0001h/3014657d Inode: 74877 Links: 1
Access: (0766/-rwxrw-rw-) Uid: ( 205/ mirte) Gid: ( 100/ usr)I can then right click and properties this file and set the read-only flag and we see the permission change reflected below...
Code:
# stat testing.txt
File: 'testing.txt'
Size: 0 Blocks: 0 IO Block: 4096 regular empty file
Device: 2e0001h/3014657d Inode: 74877 Links: 1
Access: (0544/-r-xr--r--) Uid: ( 205/ mirte) Gid: ( 100/ usr)I am stumped as to how I could resolve this.. anyone able to point me to the right direction?
---------- Post updated at 04:32 PM ---------- Previous update was at 01:45 PM ----------
I have also made sure the unix "usr" group maps to the "Domain Users" group in AD..
Code:
# net groupmap add ntgroup="Domain Users" unixgroup=usr rid=513 type=d
Successfully added group Domain Users to the mapping db as a domain group
# net groupmap list
Domain Users (S-1-5-21-2513559049-4070760301-2340907117-513) -> usrHere is also the log from Samba with logging level 3.
Code:
reply_mv : New Text Document.txt -> testing.p
rename_internals: case_sensitive = 0, case_preserve = 1, short case preserve = 1, directory = New Text Document.txt, newname = testing.p, last_component_dest = testing.p
rename_internals: case_sensitive = 0, case_preserve = 1, short case preserve = 1, directory = New Text Document.txt, newname = testing.p, last_component_dest = testing.p
rename_internals_fsp: succeeded doing rename on New Text Document.txt -> testing.p
unix_mode(testing.p) returning 0744
mirde closed file testing.p (numopen=0) NT_STATUS_OK
rename_internals: Error NT_STATUS_OK rename New Text Document.txt -> testing.p
smbd_dirptr_get_entry mask=[testing.p] found ./testing.p fname=testing.p (testing.p)
call_trans2qfilepathinfo testing.p (fnum = -1) level=1004 call=5 total_data=0
call_trans2qfilepathinfo testing.p (fnum = -1) level=1005 call=5 total_data=0
smbd_dirptr_get_entry mask=[*] found ./testing.p fname=testing.p (testing.p)
smbd_dirptr_get_entry mask=[testing.p] found ./testing.p fname=testing.p (testing.p)
unix_mode(testing.p) inheriting from .
unix_mode(testing.p) inherit mode 240777
unix_mode(testing.p) returning 0766
mirde opened file testing.p read=Yes write=No (numopen=2)
call_trans2qfilepathinfo testing.p (fnum = 15092) level=1006 call=7 total_data=0
smbd_dirptr_get_entry mask=[testing.p] found ./testing.p fname=testing.p (testing.p)
mirde closed file testing.p (numopen=1) NT_STATUS_OK
unix_mode(testing.p) inheriting from .
unix_mode(testing.p) inherit mode 240777
unix_mode(testing.p) returning 0766
mirde opened file testing.p read=No write=Yes (numopen=2)
unix_mode(testing.p) inheriting from .
unix_mode(testing.p) inherit mode 240777
unix_mode(testing.p) returning 0766
call_trans2qfilepathinfo testing.p (fnum = 15093) level=1034 call=7 total_data=0
call_trans2qfilepathinfo testing.p (fnum = 15093) level=1004 call=7 total_data=0
mirde closed file testing.p (numopen=1) NT_STATUS_OK
smbd_dirptr_get_entry mask=[testing.p] found ./testing.p fname=testing.p (testing.p)
call_trans2qfilepathinfo testing.p (fnum = -1) level=1005 call=5 total_data=0
smbd_dirptr_get_entry mask=[testing.p] found ./testing.p fname=testing.p (testing.p)
smbd_dirptr_get_entry mask=[*] found ./testing.p fname=testing.p (testing.p)
smbd_dirptr_get_entry mask=[testing.p] found ./testing.p fname=testing.p (testing.p)
unix_mode(testing.p) inheriting from .
unix_mode(testing.p) inherit mode 240777
unix_mode(testing.p) returning 0766
mirde opened file testing.p read=No write=Yes (numopen=2)
unix_mode(testing.p) inheriting from .
unix_mode(testing.p) inherit mode 240777
unix_mode(testing.p) returning 0766
call_trans2qfilepathinfo testing.p (fnum = 15096) level=1034 call=7 total_data=0
call_trans2qfilepathinfo testing.p (fnum = 15096) level=1004 call=7 total_data=0
mirde closed file testing.p (numopen=1) NT_STATUS_OK
smbd_dirptr_get_entry mask=[testing.p] found ./testing.p fname=testing.p (testing.p)
call_trans2qfilepathinfo testing.p (fnum = -1) level=1005 call=5 total_data=0
smbd_dirptr_get_entry mask=[testing.p] found ./testing.p fname=testing.p (testing.p)
smbd_dirptr_get_entry mask=[*] found ./testing.p fname=testing.p (testing.p)
smbd_dirptr_get_entry mask=[testing.p] found ./testing.p fname=testing.p (testing.p)
unix_mode(testing.p) inheriting from .
unix_mode(testing.p) inherit mode 240777
unix_mode(testing.p) returning 0766
mirde opened file testing.p read=Yes write=No (numopen=2)
call_trans2qfilepathinfo testing.p (fnum = 15102) level=1006 call=7 total_data=0
unix_mode(testing.p) inheriting from .
unix_mode(testing.p) inherit mode 240777
unix_mode(testing.p) returning 0766
unix_mode(testing.p) inheriting from .
unix_mode(testing.p) inherit mode 240777
unix_mode(testing.p) returning 0766
mirde opened file testing.p read=Yes write=No (numopen=3)
call_trans2qfilepathinfo testing.p (fnum = 15104) level=1004 call=7 total_data=0
mirde closed file testing.p (numopen=2) NT_STATUS_OK
unix_mode(testing.p) inheriting from .
unix_mode(testing.p) inherit mode 240777
unix_mode(testing.p) returning 0766
mirde opened file testing.p read=Yes write=No (numopen=3)
call_trans2qfilepathinfo testing.p (fnum = 15105) level=1004 call=7 total_data=0
mirde closed file testing.p (numopen=2) NT_STATUS_OK
mirde closed file testing.p (numopen=1) NT_STATUS_OK
unix_mode(testing.p) inheriting from .
unix_mode(testing.p) inherit mode 240777
unix_mode(testing.p) returning 0766
mirde opened file testing.p read=No write=No (numopen=2)
call_trans2qfilepathinfo testing.p (fnum = 15106) level=1005 call=7 total_data=0
mirde closed file testing.p (numopen=1) NT_STATUS_OK
unix_mode(testing.p) inheriting from .
unix_mode(testing.p) inherit mode 240777
unix_mode(testing.p) returning 0766
mirde opened file testing.p read=Yes write=No (numopen=2)
mirde closed file testing.p (numopen=1) NT_STATUS_OK
unix_mode(testing.p) inheriting from .
unix_mode(testing.p) inherit mode 240777
unix_mode(testing.p) returning 0766
mirde opened file testing.p read=Yes write=No (numopen=2)
smbd_dirptr_get_entry mask=[*] found ./testing.p fname=testing.p (testing.p)
call_trans2qfilepathinfo testing.p (fnum = -1) level=1022 call=5 total_data=0
call_trans2qfilepathinfo: SMB_VFS_STAT of testing.p:Zone.Identifier failed (A file or directory in the path name does not exist.)
call_trans2qfilepathinfo testing.p (fnum = -1) level=1004 call=5 total_data=0
call_trans2qfilepathinfo testing.p (fnum = -1) level=1005 call=5 total_data=0
unix_mode(testing.p) inheriting from .
unix_mode(testing.p) inherit mode 240777
unix_mode(testing.p) returning 0766
mirde opened file testing.p read=No write=No (numopen=3)
call_trans2setfilepathinfo(8) testing.p (fnum 15111) info_level=1004 totdata=40
smbd_do_setfilepathinfo: testing.p (fnum 15111) info_level=1004 totdata=40
unix_mode(testing.p) returning 0544
mirde closed file testing.p (numopen=2) NT_STATUS_OK
smbd_dirptr_get_entry mask=[testing.p] found ./testing.p fname=testing.p (testing.p)
call_trans2qfilepathinfo testing.p (fnum = -1) level=1022 call=5 total_data=0
smbd_dirptr_get_entry mask=[testing.p] found ./testing.p fname=testing.p (testing.p)
unix_mode(testing.p) inheriting from .
unix_mode(testing.p) inherit mode 240777
unix_mode(testing.p) returning 0766
unix_mode(testing.p) inheriting from .
unix_mode(testing.p) inherit mode 240777
unix_mode(testing.p) returning 0766
mirde opened file testing.p read=Yes write=No (numopen=3)
call_trans2qfilepathinfo testing.p (fnum = 15115) level=1004 call=7 total_data=0
mirde closed file testing.p (numopen=2) NT_STATUS_OK
unix_mode(testing.p) inheriting from .
unix_mode(testing.p) inherit mode 240777
unix_mode(testing.p) returning 0766
mirde opened file testing.p read=Yes write=No (numopen=3)
call_trans2qfilepathinfo testing.p (fnum = 15116) level=1004 call=7 total_data=0
mirde closed file testing.p (numopen=2) NT_STATUS_OK
mirde closed file testing.p (numopen=1) NT_STATUS_OK
unix_mode(testing.p) inheriting from .
unix_mode(testing.p) inherit mode 240777
unix_mode(testing.p) returning 0766
mirde opened file testing.p read=No write=No (numopen=2)
call_trans2qfilepathinfo testing.p (fnum = 15117) level=1006 call=7 total_data=0
call_trans2qfilepathinfo testing.p (fnum = 15117) level=1005 call=7 total_data=0
mirde closed file testing.p (numopen=1) NT_STATUS_OK
unix_mode(testing.p) inheriting from .
unix_mode(testing.p) inherit mode 240777
unix_mode(testing.p) returning 0766
mirde opened file testing.p read=Yes write=No (numopen=2)
mirde closed file testing.p (numopen=1) NT_STATUS_OK
unix_mode(testing.p) inheriting from .
unix_mode(testing.p) inherit mode 240777
unix_mode(testing.p) returning 0766
mirde opened file testing.p read=Yes write=No (numopen=2)
smbd_dirptr_get_entry mask=[*] found ./testing.p fname=testing.p (testing.p)
smbd_dirptr_get_entry mask=[*] found ./testing.p fname=testing.p (testing.p)
smbd_dirptr_get_entry mask=[*] found ./testing.p fname=testing.p (testing.p)
call_trans2qfilepathinfo testing.p (fnum = -1) level=1022 call=5 total_data=0
call_trans2qfilepathinfo: SMB_VFS_STAT of testing.p:Zone.Identifier failed (A file or directory in the path name does not exist.)
smbd_dirptr_get_entry mask=[*] found ./testing.p fname=testing.p (testing.p)
smbd_dirptr_get_entry mask=[*] found ./testing.p fname=testing.p (testing.p)
smbd_dirptr_get_entry mask=[*] found ./testing.p fname=testing.p (testing.p)
call_trans2qfilepathinfo testing.p (fnum = -1) level=1004 call=5 total_data=0
call_trans2qfilepathinfo testing.p (fnum = -1) level=1005 call=5 total_data=0
unix_mode(testing.p) inheriting from .
unix_mode(testing.p) inherit mode 240777
unix_mode(testing.p) returning 0766
mirde opened file testing.p read=No write=No (numopen=3)
call_trans2setfilepathinfo(8) testing.p (fnum 15124) info_level=1004 totdata=40
smbd_do_setfilepathinfo: testing.p (fnum 15124) info_level=1004 totdata=40
unix_mode(testing.p) returning 0744
mirde closed file testing.p (numopen=2) NT_STATUS_OK
smbd_dirptr_get_entry mask=[testing.p] found ./testing.p fname=testing.p (testing.p)
call_trans2qfilepathinfo testing.p (fnum = -1) level=1022 call=5 total_data=0
smbd_dirptr_get_entry mask=[*] found ./testing.p fname=testing.p (testing.p)
mirde closed file testing.p (numopen=1) NT_STATUS_OK
call_trans2qfilepathinfo testing.p (fnum = -1) level=1004 call=5 total_data=0
call_trans2qfilepathinfo testing.p (fnum = -1) level=1005 call=5 total_data=0
smbd_dirptr_get_entry mask=[testing.p] found ./testing.p fname=testing.p (testing.p)
unix_mode(testing.p) inheriting from .
unix_mode(testing.p) inherit mode 240777
unix_mode(testing.p) returning 0766
mirde opened file testing.p read=Yes write=No (numopen=2)
call_trans2qfilepathinfo testing.p (fnum = 15129) level=1006 call=7 total_data=0
unix_mode(testing.p) inheriting from .
unix_mode(testing.p) inherit mode 240777
unix_mode(testing.p) returning 0766
unix_mode(testing.p) inheriting from .
unix_mode(testing.p) inherit mode 240777
unix_mode(testing.p) returning 0766
mirde opened file testing.p read=Yes write=No (numopen=3)
call_trans2qfilepathinfo testing.p (fnum = 15131) level=1004 call=7 total_data=0
mirde closed file testing.p (numopen=2) NT_STATUS_OK
unix_mode(testing.p) inheriting from .
unix_mode(testing.p) inherit mode 240777
unix_mode(testing.p) returning 0766
mirde opened file testing.p read=Yes write=No (numopen=3)
call_trans2qfilepathinfo testing.p (fnum = 15132) level=1004 call=7 total_data=0
mirde closed file testing.p (numopen=2) NT_STATUS_OK
mirde closed file testing.p (numopen=1) NT_STATUS_OK
unix_mode(testing.p) inheriting from .
unix_mode(testing.p) inherit mode 240777
unix_mode(testing.p) returning 0766
mirde opened file testing.p read=No write=No (numopen=2)
call_trans2qfilepathinfo testing.p (fnum = 15133) level=1005 call=7 total_data=0
mirde closed file testing.p (numopen=1) NT_STATUS_OK
unix_mode(testing.p) inheriting from .
unix_mode(testing.p) inherit mode 240777
unix_mode(testing.p) returning 0766
mirde opened file testing.p read=Yes write=No (numopen=2)
mirde closed file testing.p (numopen=1) NT_STATUS_OK
unix_mode(testing.p) inheriting from .
unix_mode(testing.p) inherit mode 240777
unix_mode(testing.p) returning 0766
mirde opened file testing.p read=Yes write=No (numopen=2)
smbd_dirptr_get_entry mask=[*] found ./testing.p fname=testing.p (testing.p)
call_trans2qfilepathinfo testing.p (fnum = -1) level=1022 call=5 total_data=0
call_trans2qfilepathinfo: SMB_VFS_STAT of testing.p:Zone.Identifier failed (A file or directory in the path name does not exist.)
call_trans2qfilepathinfo testing.p (fnum = -1) level=1004 call=5 total_data=0
call_trans2qfilepathinfo testing.p (fnum = -1) level=1005 call=5 total_data=0
unix_mode(testing.p) inheriting from .
unix_mode(testing.p) inherit mode 240777
unix_mode(testing.p) returning 0766
mirde opened file testing.p read=No write=No (numopen=3)
call_trans2setfilepathinfo(8) testing.p (fnum 15138) info_level=1004 totdata=40
smbd_do_setfilepathinfo: testing.p (fnum 15138) info_level=1004 totdata=40
unix_mode(testing.p) returning 0544
smb_set_file_dosmode: file_set_dosmode of testing.p failed (Operation not permitted.)
mirde closed file testing.p (numopen=2) NT_STATUS_OK
call_trans2qfilepathinfo testing.p (fnum = -1) level=1004 call=5 total_data=0
call_trans2qfilepathinfo testing.p (fnum = -1) level=1005 call=5 total_data=0
unix_mode(testing.p) inheriting from .
unix_mode(testing.p) inherit mode 240777
unix_mode(testing.p) returning 0766
mirde opened file testing.p read=No write=No (numopen=3)
call_trans2setfilepathinfo(8) testing.p (fnum 15139) info_level=1004 totdata=40
smbd_do_setfilepathinfo: testing.p (fnum 15139) info_level=1004 totdata=40
unix_mode(testing.p) returning 0544
smb_set_file_dosmode: file_set_dosmode of testing.p failed (Operation not permitted.)
mirde closed file testing.p (numopen=2) NT_STATUS_OK
call_trans2qfilepathinfo testing.p (fnum = -1) level=1004 call=5 total_data=0
call_trans2qfilepathinfo testing.p (fnum = -1) level=1005 call=5 total_data=0
unix_mode(testing.p) inheriting from .
unix_mode(testing.p) inherit mode 240777
unix_mode(testing.p) returning 0766
mirde opened file testing.p read=No write=No (numopen=3)
call_trans2setfilepathinfo(8) testing.p (fnum 15140) info_level=1004 totdata=40
smbd_do_setfilepathinfo: testing.p (fnum 15140) info_level=1004 totdata=40
unix_mode(testing.p) returning 0544Setting its read-only flag: unix_mode(testing.p) returning 0544
Removing the read-only flag: unix_mode(testing.p) returning 0744
Then we login to the unix box, change file owner to someone else and try to set the read-only flag again we get...
unix_mode(testing.p) returning 0544
smb_set_file_dosmode: file_set_dosmode of testing.p failed (Operation not permitted.)
mirde closed file testing.p (numopen=2) NT_STATUS_OK