[Samba] Access denied
Luis Emilio Espitia Sanchez
leespitia at gmail.com
Tue Jun 12 23:10:16 UTC 2018
Hello,
We're running Centos 7 with samba 4.7.1 and we have an AD on WS2012 R2, so
all users and groups are already created on the AD. The idea is to logon
with the credential from de AD to the samba file server.
We configured the smb.conf, acording to the samba wiki, so this is the
result:
[global]
security = ADS
workgroup = MYDOMAIN
realm = MYDOMAIN.COM
log file = /var/log/samba/%m.log
log level = 3
max log size = 50
# Default idmap config for local BUILTIN accounts and groups
idmap config * : backend = tdb
idmap config * : range = 3000 - 7999
# idmap config for MYDOMAIN domain
idmap config MYDOMAIN:backend = ad
idmap config MYDOMAIN:schema_mode = rfc2307
idmap config MYDOMAIN:range = 10000-999999
template shell = /bin/bash
template homedir = /home/%U
username map = /usr/local/samba/etc/user.map
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
[compa]
path = /home/sistemas/compartido
read only = no
The server was corerectly joined to the domain and we can query the AD for
users and groups with getent passwd and getent group.
According to the wiki, the directory must be owned by root and owner group
is system admins from the AD, like this:
drwxrwx---+ 2 root system_admins 51 jun 12 17:22 compartido
All good so far, and we can modify ACL from windows, and query this
configuration with getfacl.
But when we try to acces the shared directory, we get the access denied
error, and we get this from log:
../source3/smbd/smb2_server.c:3120(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_create.c:293
We've been trying to solve this error for a few days, but we haven't get
lucky.
Best regards
Luis Espitia
More information about the samba
mailing list