[Samba] Domain Member Server: Domain Users cannot access shares
Rowland Penny
rpenny at samba.org
Wed Sep 21 08:59:58 UTC 2016
On Tue, 20 Sep 2016 23:38:19 -0400
Jason Secord via samba <samba at lists.samba.org> wrote:
> So it seems that I have identified the source of all of my permissions
> issues, though I'm unclear as to exactly why these problems have
> occurred and would love an explanation if anyone can offer one.
>
> I was using mdadm to create a RAID 1 array, formatting it ext4 and
> storing all of the data that samba was serving on /dev/md0. The two
> drives that make up the array are hosted by an LSI MegaRaid
> controller, though they are not configured within it's interface.
> After carefully troubleshooting every step in the process of setting
> share permissions and ACLs I decided to create a test share on the
> system drive. I copied one of the problematic directories from the
> raid array to my home folder and was immediately able to access it as
> a Domain User... So something about the RAID array is causing the
> failure. I've since moved all of the shared data to the system drive
> and am moving on to other tasks but I'd really like to get it moved
> back to the array.
>
> What is going on here? The system drive is hosted by the same
> controller... I've successfully used RAID arrays and mdadm to host
> shares at other locations. I'd really love to understand what's
> going awry in this setup.
>
> Kind regards,
>
> JS
>
Your raid setup may be the main culprit here, but your Samba setup
isn't helping.
Can I suggest a few alterations ?
Remove the gidNumber from these groups:
group policy creator owners
enterprise admins
schema admins
dnsadmins
Remove the uidNumber from this user:
administrator
Add this line to smb.conf:
username map = /etc/samba/user.map
Then create the user.map
nano /etc/samba/user.map
!root = PHM\Administrator PHM\administrator Administrator
administrator
Remove all the instances of 'admin users' & 'valid users' from the
shares. Use Windows ACLs instead, see here for more info:
https://wiki.samba.org/index.php/Shares_with_Windows_ACLs
Try running 'getfacl /mnt/md0/samba_shares/Accounts'
Rowland
More information about the samba
mailing list