[Samba] Can't get permission on a share to work problem with groups
Horace
mailinglist at lhplan.tk
Sun Feb 9 03:48:47 MST 2014
On 2014-02-09 05:19, Rowland Penny wrote:
> On 24/01/14 21:05, Horace wrote:
>> Hello,
>>
>> 1. I have created a directory /srv/samba4/Public Applications.
>> 2. I created a group 'Domain Admins' with gid 1003
> When you say that you created a group called 'Domain Admins', just how
> did you create it? or do you mean that you added the gidNumber '1003'
> to the already existing group in AD?
>
> Rowland
>
I am referring to the UNIX group I created with 'groupadd' command and
modified the Builtin AD group 'ACCOUNTSAD\Domain Admins' and changed the
existing gidNumber to 1003. So AD Users that members of
'ACCOUNTSAD\Domain Admins' can write to the directory.
>> 3. I setfacl -m group:1003:rwx on Public Applications
>> 4. I created a share
>> [Public Applications]
>> read list = @ACCOUNTSAD\"Domain Users"
>> write list = @"Domain Admins"
>> comment = Public Applications
>> path = /srv/samba4/Public Applications
>> #admin users = @"Domain Admins"
>> 5. wbinfo --group-info 'Domain Admins'
>> ACCOUNTSAD\Domain Admins:*:1003:
>>
>> Debug level
>> # Debug logging information
>> #log level = 10
>> log level = 3
>> #log file = /var/log/samba.log.%m
>> #max log size = 50
>> debug timestamp = yes
>> syslog only = yes
>>
>>
>> As anyone can see, I like Domain Admins read write access and Domain
>> Users read access only. For whatever reason, when I access the share
>> \\PDC-S2\Public Applications and try to create a folder, I get
>> Permission denied.
>>
>> I have tailed both syslog's and log.smbd and there is NO relevant
>> information regarding why this is failing.
>>
>> Am I doing something wrong here ?
More information about the samba
mailing list