[Samba] Samba share and groups permissions
Nicolas Boissé
nicolas.boisse at univ-lemans.fr
Fri Feb 23 07:13:08 UTC 2024
Hello,
I have a Fedora server, part of a domain, on which various shares are
configured.
For one share, I want to set up permissions according to the groups to
which the users belong. But it doesn't work. For example, I want the
share to be accessible by group A in read-write mode, and group B in
read-only mode. I use setfacl for this. But neither group A nor group B
have access to the share: "Access Denied".
The only way to access it is to authorize the "Domain Users" group or
users instead of groups.
On servers, groups are recognized (wbinfo -g), as is user group
membership (wbinfo -r).
Below is my smb.conf file (Samba 4.19.4).
Can you tell me what's wrong? Thanks a lot!
=========
[global]
workgroup = MYDOM
realm = MYDOM.FR
security = ADS
bind interfaces only = yes
interfaces = lo eno1
log level = 3 passdb:5 auth:5
log file = /var/log/samba/%U.log
max log size = 50000
map to guest = bad uid
template shell = /bin/bash
template homedir = /home/%U
username map script = /bin/echo
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config MYDOM:backend = ad
idmap config MYDOM:schema_mode = rfc2307
idmap config MYDOM:range = 10000-999999
idmap config MYDOM:unix_nss_info = yes
acl allow execute always = yes
vfs objects = acl_xattr
map acl inherit = yes
unix extensions = no
[ressources]
path = /data/ressources/
browseable = no
read only = no
force create mode = 770
force directory mode = 770
csc policy = disable
follow symlinks = yes
wide links = yes
hide dot files = yes
hide files = /desktop.ini/$RECYCLE.BIN/
vfs objects = recycle
recycle:repository = /data/ressources/.recycle/%U
recycle:keeptree = yes
recycle:versions = yes
recycle:noversions = *.tmp,*.temp,*.o,*.obj,*.TMP,*.TEMP
recycle:exclude = *.tmp,*.temp,*.o,*.obj,*.TMP,*.TEMP
recycle:excludedir = /recycle,/tmp,/temp,/TMP,/TEMP
More information about the samba
mailing list