[Samba] Samba4 AD Groups Problem

Lukas Gradl samba.org at ssn.at
Tue Jan 15 09:28:53 MST 2013 

OK, after some other hours of surfing through the net I stubled  
accross the needed information:

It looks like to try setting ACLs in smb.conf like it was done on  
Samba3 is obsolete in Samba4. You do everything by setting the ACLs on  
the share by Windows-GUI.

[testshare]
      Comment = Test share
      path = /space/testshare
      read only = No

is all you need to specify in smb.conf...


regards
Lukas


Zitat von Lukas Gradl <samba.org at ssn.at>:

> Hi!
>
> I created a Samba4 Demo Server to test AD functionality. Basically  
> it's a Debian Wheezy machine with a manually compiled Samba4  
> (smbstatus -V: Version 4.1.0pre1-GIT-051a1a9) according to  
> https://wiki.samba.org/index.php/Samba4/HOWTO but adjusted the paths  
> to a more debian way.
>
> I can Manage the Server with the Windows Domain Utilities, add  
> users, add groups, add Machines and so on.
> I created some printers and managed to set up Point and Print  
> Drivers using print$.
>
> So I think the Server basically works as expected.
>
> Now I'm trying to set up a share which can be read by everyone and  
> written by Domain Admins only. I can see the share on my server as  
> well as a file created in there on the linux command line, but I'm  
> not able to enable write Permission for Domain Admins.
>
> I created a directory on the server /space/testshare and did a  
> "chmod 777 /space/testshare" to be shure there's no problem on the  
> linux file system. When I set "read only = no" on the share I can  
> create a file there without any problem. But setting "read only =  
> yes" and "write list = @"TEST\Domain Admins"" doesn't work - I get  
> "access denied" on the windows host, despite I'm logged on as  
> TEST\Administrator
>
> Some additional information:
>
> root at samba:~# smbstatus -V
> ==========================
> Version 4.1.0pre1-GIT-051a1a9
>
>
> root at samba:~# wbinfo -u
> =======================
> Administrator
> Guest
> krbtgt
> dns-samba
> testuser
>
> root at samba:~# wbinfo -g
> =======================
> Enterprise Read-Only Domain Controllers
> Domain Admins
> Domain Users
> Domain Guests
> Domain Computers
> Domain Controllers
> Schema Admins
> Enterprise Admins
> Group Policy Creator Owners
> Read-Only Domain Controllers
> DnsUpdateProxy
> Testgroup
>
> root at samba:~# cat /etc/samba/smb.conf
> =====================================
> # Global parameters
> [global]
>     workgroup = TEST
>     server string =
>     realm = TEST.LOCAL
>     netbios name = SAMBA
>     server role = active directory domain controller
>     server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,  
> drepl, winbind, ntp_signd, kcc, dnsupdate
>     log level = 3
>
> [netlogon]
>     path = /var/lib/samba/sysvol/test.local/scripts
>     read only = No
>
> [sysvol]
>     path = /var/lib/samba/sysvol
>     read only = No
>
> [printers]
>     comment = Printer
>     path = /var/spool/samba/spool
>     browseable = Yes
>     read only = No
>     printable = Yes
>
> [print$]
>     path = /var/spool/samba/driver
>     read only = No
>
> [testshare]
>     Comment = Test share
>     path = /space/testshare
>     read only = Yes
>     write list = @"TEST\Domain Admins"
>
>
> Any help what to do next?
>
> regards
> Lukas
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list