[Samba] Failed to enumerate objects in the container. Access is denied
Carlos
carlos.hollow at gmail.com
Mon Jan 15 21:36:35 UTC 2018
On 15-01-2018 19:24, Rowland Penny via samba wrote:
> On Mon, 15 Jan 2018 18:49:18 -0200
> Carlos via samba <samba at lists.samba.org> wrote:
>
>> HI!
>>
>> I have one fileserve, has ok but now when change permission(oyher
>> user not Administrator) with RSAT show me message:
>>
>> "Failed to enumerate objects in the container. Access is denied"
> Fairly obvious, the user doesn't have the required permissions
:-D
>>
>> Samba Version (Compilated)
>>
>> 4.7.3
>>
>>
>> Ubuntu 16.04
>>
>>
>> # smb.conf
>>
>> [global]
>> workgroup = XXXXX
>> realm = INTERNO.XXXXX.XXX.BR
>> security = ADS
>> username map = /usr/local/samba/etc/user.map
>>
>> dedicated keytab file = /etc/krb5.keytab
>> kerberos method = secrets and keytab
>> winbind cache time = 60
>>
>> winbind max clients = 600
>> winbind enum users = Yes
>> winbind enum groups = Yes
>
> Nothing to do with your problem, but you do not need the two lines
> above.
OK.
>> winbind use default domain = Yes
>> winbind nss info = rfc2307
> The line above is only required when using the winbind 'ad' backend and
> only then when using Samba < 4.6.0
>
>> winbind refresh tickets = Yes
>> winbind nss info = template
>> template shell = /bin/bash
>>
>> idmap config * : backend = tdb
>> idmap config * : range = 3000-7999
>> idmap config * : backend = tdb
>> idmap config * : range = 3000-7999
> Why are the lines above duplicated ?
No, i duplicated when copy.
>> idmap config XXXXX : backend = rid
>> idmap config XXXXX : range = 10000-999999
>>
>> # Necessario para Fileserver
>> vfs objects = acl_xattr
>> map acl inherit = Yes
>> store dos attributes = Yes
>>
>> #
>> # Disable Cups
>> load printers = no
>> printing = bsd
>> printcap name = /dev/null
>> disable spoolss = yes
>>
>> # Lixeira + Auditoria
>> vfs objects = recycle,full_audit
> Congratulations, you have just turned off the acl_xattr vfs object.
I dont understand....
>
>> recycle:keeptree = yes
>> recycle:versions = yes
>> recycle:repository = /opt/DADOS/Lixeira/%U
>> recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso,
>> *.exe recycle:exclude_dir = tmp
>> recycle:touch = yes
>> recycle:touch_mtime = yes
>> full_audit:failure = none
>> full_audit:facility = local5
>> full_audit:priority = notice
>> full_audit:prefix = %u|%I|%S
>> full_audit:success = rename rmdir unlink
>>
>> # include
>> include = /opt/samba/etc/compartilhamento.conf
>>
>> # compartilhamento.conf
>>
>> [TEC]
>> path= /opt/DADOS/TEC/
>> read only = no
>>
>> # user.map
>>
>> !root = XXXXX\Administrator
>>
>>
>> ---------------------------------------------------------
>>
>> Before today i change permission with any user in group "Admins
>> Domain", but today only Administrator(= root) ir work, any user
>> receive message the error.
>>
>>
>> Any Idea ?
> If it worked previously, but doesn't now, something must have changed,
> have you updated the DC or the windows client ?
>
> Rowland
In fileserver dont change, but on DC103(i Have 3 Dcs) , but i make process
(https://lists.samba.org/archive/samba/2018-January/213262.html)
But i back idmap.ldb original.....
/1) on your first DC (that one that has PDC FSMO, and is the source for />/rsync) create backup of idmap.ldb />//>/tdbbackup -s .bak /path/to/samba/private/idmap.ldb />//>/it will create idmap.ldb.bak />//>/2) stop samba service on second DC />//>/3) copy idmap.ldb.bak from first dc to second dc, lose the .bak suffix />/and just copy it over idmap.ldb on second dc />//>/4) start samba on second dc /
>
>
>
More information about the samba
mailing list