I have a samba server that authenticates users using LDAP, however it does have kerberos enabled as well. Unfortunately users authenticated using kerberos cannot delete files. I can test this using smbclient - if I use the '-k' switch, I cannot delete the files, if I don't, I can. The users does have read/write/execute access to the directory from where he is trying to delete the file.
Any idea what might be wrong?
The smb.conf:
security = user
passdb backend = ldapsam:ldap://ldap1.[...]
ldap ssl = start tls
ldap suffix = dc=mff,dc=cuni,dc=cz
ldap user suffix = ou=accounts
ldap group suffix = ou=groups
ldap admin dn = uid=[...]
ldapsam:trusted = yes
kerberos method = system keytab
realm = [...]
use spnego = yes
unix extensions = no
winbind enum users = Yes
winbind enum groups = Yes
winbind cache time = 7200
idmap cache time = 7200
idmap uid = 8000-50000
idmap gid = 8000-50000
name cache timeout = 7200
delete readonly = yes
[share]
comment = "Uzivatelska data"
path = /export/home
public = no
writable = yes
hide unreadable = yes
And finally, I probably found the answer: https://bugzilla.samba.org/show_bug.cgi?id=7139 It seems that Samba 3.5 should solve it.