[Samba] Samba 4 Domain Member fileserver permission denied error
Chris Alavoine
chrisa at acs-info.co.uk
Tue Apr 29 10:00:59 MDT 2014
Hi Lorenzo,
Have tried it with 660 but I keep getting "You do not have permission to
view or edit this object's permission settings" when trying to set the
Security perms via RSAT. Have rebooted both RSAT and domain member server.
Like you, I would expect 660 to work but it's not for me. For now I'll go
with 770 which is the mode we always used on our old Samba3 fileservers
anyway.
Thanks for your help,
Chris.
On 29 April 2014 16:48, Lorenzo Faleschini <
lorenzo.faleschini at nordestsystems.com> wrote:
> I'm glad it worked,
>
> anyway I don't really think you need execute on the fileserver directories
> (apart if you have to run something from them).
> you can consider using 660, if it doesn't work straight then try to log
> out and in from the windows workstation you use for RSAT (or whathever
> you're using) and then test again.
>
> if you need exectuion of some subfolder you can always chmod it later, but
> the narrower permissions are the better.
> just my 2cents.
>
>
>
> Lorenzo Faleschini
> IT Manager @ Nord Est Systems srl
> ----------------------------------------
> m: +39 335 6055225 | skype: falegalizeit
>
> Il 29/04/2014 17:25, Chris Alavoine ha scritto:
>
> Hi Lorenzo,
>
> Many thanks for this. I had most of the GID/UID stuff already in place
> (for NSLCD), but the chowning and chmoding part is what fixed it for me.
> Had to use chmod 770 to get it working though, but many thanks for the top
> tips! I can now get down to fully testing this is a viable fileserver
> option.
>
> Cheers,
> c:)
>
>
> On 29 April 2014 15:32, Lorenzo Faleschini <
> lorenzo.faleschini at nordestsystems.com> wrote:
>
>> I had same issue.
>>
>> the ugly chmod 777 fixed the issue, but that was not a fix, was a crap,
>> so ended out in
>>
>> assigning GID to group "Domain Users"
>> assigning UID to all users in my domain
>>
>> then on the member server
>> (wich idmap was set as the same used on the samba4 DC 30000000-40000000
>> to have consistent mappings throughout the domain servers)
>> I set the shares mountpoint with the following ownerships and permissions
>>
>> chown -R "DOMAIN\Administrator":"DOMAIN\Domain Users" /path/to/shares
>> chmod -R 660 /path/to/shares
>>
>> let me know if works for you
>>
>>
>> Lorenzo Faleschini
>> IT Manager @ Nord Est Systems srl
>> ----------------------------------------
>> m: +39 335 6055225 | skype: falegalizeit
>>
>> Il 29/04/2014 12:34, Chris Alavoine ha scritto:
>>
>> Hi there,
>>
>> I have a working Samba 4 domain (4.1.5) with several DC's spread over a
>> global network. They are all based on Ubuntu 12.04. At present the domain
>> member fileservers for this network are all running Samba 3.4.7 and using
>> NSLCD and *nix permissions to allow access. This is working nicely.
>>
>> I am now trying to create a new Samba 4 (4.1.7 Ubuntu 12.04) domain member
>> fileserver and have been following these guides:
>> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Serverhttps://wiki.samba.org/index.php/Setup_and_configure_file_shares
>>
>> wbinfo and getent all work as described.
>>
>> All looks good until I get to the section on setting permissions on the
>> share at which point I get "An error occurred while applying the security
>> information to: \\SERVER\share Access is denied"
>>
>> Has anyone reached this point with similar results? Any help appreciated.
>>
>> Thanks,
>> Chris.
>>
>>
>>
>>
>
>
> --
> ACS (Alavoine Computer Services Ltd)
> Chris Alavoine
> mob +44 (0)7724 710 730
> www.alavoinecs.co.uk
> http://twitter.com/#!/alavoinecs
> http://www.linkedin.com/pub/chris-alavoine/39/606/192
>
>
>
--
ACS (Alavoine Computer Services Ltd)
Chris Alavoine
mob +44 (0)7724 710 730
www.alavoinecs.co.uk
http://twitter.com/#!/alavoinecs
http://www.linkedin.com/pub/chris-alavoine/39/606/192
More information about the samba
mailing list