[Samba] Issue creating share on Windows domain-joined Debian 12 Server
Rowland Penny
rpenny at samba.org
Tue Oct 17 18:12:17 UTC 2023
On Tue, 17 Oct 2023 11:34:35 -0600
Joel R Smith via samba <samba at lists.samba.org> wrote:
> Environment:
> New install of Debian 12 (Physical Server)
> Latest Samba via apt (4.17.12)
>
> So I am most of the way there getting this to work. I have
> successfully joined the Debian server to our windows domain. I have
> created a "Unix Admins" windows security group with the
> "SeDiskOperatorPrivilege" enabled. The file share exists although I
> am not yet able to open it. The problem I am having is when
> attempting to manage the share by connecting to the Linux server in
> Windows using Computer Management > Shared Folders > Shares > "Share
> Name" > Properties. In the properties of the share when I go to the
> "Security" tab, the following message appears: "You must have read
> permissions to view the properties of this object". I am unable to
> take ownership through the interface.
>
> Some strange behavior I also noticed that may be related: When I
> attempt to map the domain account I am using to the local root
> account (user.map: !root = NETWORK\Admin) I am unable to connect to
> the Debian server using computer management. It immediately gives an
> error and the Computer Management MMC opens up blank. Immediately
> after commenting out the user.map line and running smbcontrol all
> reload-config I can again connect to the server with Computer
> Management.
>
> Here are the guides I have been referencing:
>
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
Did you miss the part about 'Setting up a Basic smb.conf File',
particular the part about selecting an idmap backend ?
> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
>
>
> contents of smb.conf:
>
> workgroup = network
> password server = dc.network.domain.ca
You shouldn't set the 'password server', you should allow Samba to find
the best DC to use.
> realm = NETWORK.DOMAIN.CA
> security = ads
> idmap config * : range = 16777216-33554431
There aren't enough 'idmap config' lines, also that is a strange range,
could you also be running sssd ?
> template homedir = /home/%D/%U
That is the default.
> template shell = /bin/bash
> winbind use default domain = true
> winbind offline logon = false
> min protocol = SMB3
> passdb backend = smbpasswd
Why ? The default is the much newer tdbsam
> vfs objects = acl_xattr
> map acl inherit = yes
> username map = /etc/samba/user.map
What are the contents of the user.map ?
>
> [storage]
> path = /Backup/Backuptest
> comment = Backup Share
> read only = no
Rowland
More information about the samba
mailing list