[Samba] Can't get permission on a share to work problem with groups
Horace
mailinglist at lhplan.tk
Sun Feb 9 02:01:33 MST 2014
On 2014-01-24 18:10, me at electronico.nc wrote:
> Le 25/01/2014 08:05, Horace a écrit :
>> Hello,
>>
>> 1. I have created a directory /srv/samba4/Public Applications.
>> 2. I created a group 'Domain Admins' with gid 1003
>> 3. I setfacl -m group:1003:rwx on Public Applications
>> 4. I created a share
>> [Public Applications]
>> read list = @ACCOUNTSAD\"Domain Users"
>> write list = @"Domain Admins"
>> comment = Public Applications
>> path = /srv/samba4/Public Applications
>> #admin users = @"Domain Admins"
>> 5. wbinfo --group-info 'Domain Admins'
>> ACCOUNTSAD\Domain Admins:*:1003:
>>
>> Debug level
>> # Debug logging information
>> #log level = 10
>> log level = 3
>> #log file = /var/log/samba.log.%m
>> #max log size = 50
>> debug timestamp = yes
>> syslog only = yes
>>
>>
>> As anyone can see, I like Domain Admins read write access and Domain
>> Users read access only. For whatever reason, when I access the share
>> \\PDC-S2\Public Applications and try to create a folder, I get
>> Permission denied.
>>
>> I have tailed both syslog's and log.smbd and there is NO relevant
>> information regarding why this is failing.
>>
>> Am I doing something wrong here ?
> Not sure if it's relevent, but I never use shares with space in
> filename, so you don't have to double-quote them.
> This avoids lot of errors.
> Nicolas
I followed your suggestion and set path to path =
/srv/samba4/Public_Applications, that resolve some annoying errors.
However, I am still getting ACCESS DENIED, if you take at the logs
below:
[2014/02/09 03:46:03.001182, 4, pid=13792, effective(0, 0), real(0, 0)]
../source3/smbd/sec_ctx.c:424(pop_sec_ctx)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2014/02/09 03:46:03.001309, 5, pid=13792, effective(0, 0), real(0, 0)]
../source3/smbd/share_access.c:127(token_contains_name)
Domain Admins is a None, expected a group
[2014/02/09 03:46:03.001393, 10, pid=13792, effective(0, 0), real(0, 0)]
../source3/smbd/share_access.c:215(user_ok_token)
User ACCOUNTSAD\lutchy.horace not in 'valid users'
[2014/02/09 03:46:03.001474, 2, pid=13792, effective(0, 0), real(0, 0)]
../source3/smbd/service.c:418(create_connection_session_info)
user 'ACCOUNTSAD\lutchy.horace' (from session setup) not permitted to
access this share (Public Applications)
[2014/02/09 03:46:03.001564, 1, pid=13792, effective(0, 0), real(0, 0)]
../source3/smbd/service.c:550(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2014/02/09 03:46:03.001655, 5, pid=13792, effective(0, 0), real(0, 0)]
../lib/dbwrap/dbwrap.c:187(dbwrap_check_lock_order)
check lock order 1 for
/usr/local/samba/var/lock/smbXsrv_tcon_global.tdb
[2014/02/09 03:46:03.001738, 10, pid=13792, effective(0, 0), real(0, 0)]
../lib/dbwrap/dbwrap.c:133(debug_lock_order)
lock order: 1:/usr/local/samba/var/lock/smbXsrv_tcon_global.tdb
2:<none> 3:<none>
[2014/02/09 03:46:03.001827, 10, pid=13792, effective(0, 0), real(0, 0)]
../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key)
Locking key 96AE9D8A
[2014/02/09 03:46:03.001920, 10, pid=13792, effective(0, 0), real(0, 0)]
../lib/dbwrap/dbwrap_tdb.c:143(db_tdb_fetch_locked_internal)
Allocated locked data 0x0xb8ec2290
[2014/02/09 03:46:03.002025, 10, pid=13792, effective(0, 0), real(0, 0)]
../lib/dbwrap/dbwrap_tdb.c:59(db_tdb_log_key)
Unlocking key 96AE9D8A
[2014/02/09 03:46:03.002109, 5, pid=13792, effective(0, 0), real(0, 0)]
../lib/dbwrap/dbwrap.c:146(dbwrap_lock_order_state_destructor)
release lock order 1 for
/usr/local/samba/var/lock/smbXsrv_tcon_global.tdb
[2014/02/09 03:46:03.002189, 10, pid=13792, effective(0, 0), real(0, 0)]
../lib/dbwrap/dbwrap.c:133(debug_lock_order)
lock order: 1:<none> 2:<none> 3:<none>
[2014/02/09 03:46:03.002380, 10, pid=13792, effective(0, 0), real(0, 0)]
../source3/smbd/smb2_server.c:2643(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] ||
at ../source3/smbd/smb2_tcon.c:127
[2014/02/09 03:46:03.002470, 10, pid=13792, effective(0, 0), real(0, 0)]
../source3/smbd/smb2_server.c:2544(smbd_smb2_request_done_ex)
smbd_smb2_request_done_ex: idx[1] status[NT_STATUS_ACCESS_DENIED]
body[8] dyn[yes:1] at ../source3/smbd/smb2_server.c:2682
[2014/02/09 03:46:03.002558, 10, pid=13792, effective(0, 0), real(0, 0)]
../source3/smbd/smb2_server.c:873(smb2_set_operation_credit)
smb2_set_operation_credit: requested 1, charge 1, granted 1, current
possible/max 386/512, total granted/max/low/range 127/8192/17/127
Domain Admins is a None, expected a group is invalid?
Here is my current configuration for the time being:
[Public Applications]
write list = @"Domain Admins"
comment = Publicly Shared Applications for Intranet Users
path = /srv/samba4/Public_Applications
valid users = @"Domain Admins"
I have also tried valid users = ACCOUNTSAD\"Domain Admins" but I still
get 'is none, expected a group'? What is the correct syntax to providing
groups in valid users field??
More information about the samba
mailing list