[Samba] permission denied with windows acls
Peter Carlson
peter at howudodat.com
Sun Jan 28 23:06:38 UTC 2024
ok, I have gone back to my original recipe after working though this
piece by piece and the only thing I had wrong was that the machine is
not a member of Domain Users (or Domain Computers didn't have
permissions on the root of the share).
Thanks for all the help!!!
Now for my next task, NFSV4 and AD permissions
Peter
On 1/28/24 13:57, Rowland Penny via samba wrote:
> On Sun, 28 Jan 2024 13:51:54 -0800
> Peter Carlson via samba<samba at lists.samba.org> wrote:
>
>> On 1/28/24 13:27, Rowland Penny via samba wrote:
>>> On Sun, 28 Jan 2024 12:56:49 -0800
>>> Peter Carlson via samba<samba at lists.samba.org> wrote:
>>>
>>>> On 1/28/24 12:39, Rowland Penny via samba wrote:
>>>>> On Sun, 28 Jan 2024 12:18:34 -0800
>>>>> Peter Carlson via samba<samba at lists.samba.org> wrote:
>>>>>
>>>>>> Ok, so I started with a clean slate. Same thing, only works if I
>>>>>> add the computer account to Domain users. smbd Version
>>>>>> 4.15.13-Ubuntu
>>>>>>
>>>>>> root at u2cli:~# getent passwd CARLSON\\peter
>>>>>> CARLSON\peter:*:2001107:2000513::/home/peter at CARLSON:/bin/bash
>>>>>>
>>>>>> root at u2cli:~# mkdir -m 1777 /mnt/test
>>>>>>
>>>>>> root at u2cli:~# kinit -V -k U2CLI$
>>>>>> Using default cache: /tmp/krb5cc_0
>>>>>> Usingprincipal:U2CLI$@CARLSON.LAB
>>>>>> Authenticated to Kerberos v5
>>>>> I think running kinit might be your problem, I don't do that.
>>>>> I just started my VM, logged in as rowland, opened a terminal and
>>>>> ran the mount command.
>>>>>
>>>>> Rowland
>>>>>
>>>> ok, so I can do that too as a domain user, but this needs to be
>>>> mounted in fstab, so it seems that I either
>>> OK, so you now seem to be saying the mount is now working from the
>>> command line, so try unmounting the share. Then add this to fstab:
>>>
>>> //fs1.carlson.lab/test /mnt/test cifs
>>> sec=krb5,username=U2CLI$,multiuser
>>>
>>> Now reboot and then log in again, is there anything in /mnt/test ?
>>>
>>> Rowland
>>>
>> it is mounting through fstab....yay....but I'm confused, I thought I
>> would have to retrieve a ticket using kinit -k prior to the mount
>> working.
> Well, yes you need a ticket, but winbind is obtaining it for you, the
> machine ticket.
>
> Rowland
>
More information about the samba
mailing list