[Samba] Access denied to change share security staff
Rommel Rodriguez Toirac
rommelrt at nauta.cu
Wed Apr 12 15:53:02 UTC 2017
Hello all;
I have problem with shares in a domain member used as file server (I want to use it like that)
I check from samba wiki some test that you suggest and all have been pass well. I try to make a new share using POSIX ACL and still not access.
To make the share and apply the permissions and owners:
[root at gtmpve lib]# mkdir -p /compartido/prueba/
[root at gtmpve lib]# chmod 2770 /compartido/prueba/
[root at gtmpve lib]# chown root:"ATGTM00\domain admins" /compartido/prueba/
My smb.conf look lik that:
[root at gtmpve lib]# cat /etc/samba/smb.conf
[global]
netbios name = gtmpve
security = ADS
workgroup = ATGTM00
realm = GTM.ONAT.GOB.CU
log file = /var/log/samba/%m.log
log level = 10
idmap config *:backend = tdb
idmap config *:range = 3000-7999
idmap config ATGTM00:backend = rid
idmap config ATGTM00:range = 10000-999999
winbind nss info = template
winbind enum groups = yes
winbind enum users = yes
template shell = /bin/bash
template homedir = /home/%U
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
create mask = 0666
directory mask = 0777
dos filemode = yes
acl allow execute always = yes
guest account = nobody
map to guest = Bad User
server string = Servidor de archivos #2
server role = member server
local master = no
domain master = no
preferred master = no
load printers = no
printcap name = /dev/null
disable spoolss = yes
[prueba]
path = /compartido/prueba/
read only = no
valid users = +ATGTM00\"Domain Users"
The /etc/krb5.conf is like this:
[libdefaults]
dns_lookup_realm = false
dns_lookup_kdc = true
default_realm = GTM.ONAT.GOB.CU
This are some of the test and results:
[root at gtmpve lib]# getent passwd 'ATGTM00\rommel'
ATGTM00\rommel:*:11144:10513:Rommel Rodriguez Toirac:/home/rommel:/bin/bash
[root at gtmpve lib]# wbinfo --ping-dc
checking the NETLOGON for domain[ATGTM00] dc connection to "gtmad.gtm.onat.gob.cu" succeeded
[root at gtmpve lib]# getent hosts gtmpve
192.168.41.16 gtmpve.gtm.onat.gob.cu gtmpve
Rommel Rodriguez Toirac
rommelrt at nauta.cu
More information about the samba
mailing list