[Samba] Samba 4 Domain Member fileserver permission denied error

steve steve at steve-ss.com
Tue Apr 29 10:12:06 MDT 2014


On Tue, 2014-04-29 at 17:00 +0100, Chris Alavoine wrote:
> Hi Lorenzo,
> 
> Have tried it with 660 but I keep getting "You do not have permission to
> view or edit this object's permission settings" when trying to set the
> Security perms via RSAT. Have rebooted both RSAT and domain member server.
> Like you, I would expect 660 to work but it's not for me. For now I'll go
> with 770 which is the mode we always used on our old Samba3 fileservers
> anyway.

Nominate someone who can?
admin user = someone-responsible

HTH
Steve


> Thanks for your help,
> Chris.
> 
> 
> On 29 April 2014 16:48, Lorenzo Faleschini <
> lorenzo.faleschini at nordestsystems.com> wrote:
> 
> >  I'm glad it worked,
> >
> > anyway I don't really think you need execute on the fileserver directories
> > (apart if you have to run something from them).
> > you can consider using 660, if it doesn't work straight then try to log
> > out and in from the windows workstation you use for RSAT (or whathever
> > you're using) and then test again.
> >
> > if you need exectuion of some subfolder you can always chmod it later, but
> > the narrower permissions are the better.
> > just my 2cents.
> >
> >
> >
> >  Lorenzo Faleschini
> > IT Manager @ Nord Est Systems srl
> > ----------------------------------------
> > m: +39 335 6055225 | skype: falegalizeit
> >
> > Il 29/04/2014 17:25, Chris Alavoine ha scritto:
> >
> > Hi Lorenzo,
> >
> >  Many thanks for this. I had most of the GID/UID stuff already in place
> > (for NSLCD), but the chowning and chmoding part is what fixed it for me.
> > Had to use chmod 770 to get it working though, but many thanks for the top
> > tips! I can now get down to fully testing this is a viable fileserver
> > option.
> >
> >  Cheers,
> > c:)
> >
> >
> > On 29 April 2014 15:32, Lorenzo Faleschini <
> > lorenzo.faleschini at nordestsystems.com> wrote:
> >
> >>  I had same issue.
> >>
> >> the ugly chmod 777 fixed the issue, but that was not a fix, was a crap,
> >> so ended out in
> >>
> >> assigning GID to group "Domain Users"
> >> assigning UID to all users in my domain
> >>
> >> then on the member server
> >> (wich idmap was set as the same used on the samba4 DC  30000000-40000000
> >> to have consistent mappings throughout the domain servers)
> >> I set the shares mountpoint with the following ownerships and permissions
> >>
> >> chown -R "DOMAIN\Administrator":"DOMAIN\Domain Users" /path/to/shares
> >> chmod -R 660 /path/to/shares
> >>
> >> let me know if works for you
> >>
> >>
> >>  Lorenzo Faleschini
> >> IT Manager @ Nord Est Systems srl
> >> ----------------------------------------
> >> m: +39 335 6055225 | skype: falegalizeit
> >>
> >> Il 29/04/2014 12:34, Chris Alavoine ha scritto:
> >>
> >> Hi there,
> >>
> >> I have a working Samba 4 domain (4.1.5) with several DC's spread over a
> >> global network. They are all based on Ubuntu 12.04. At present the domain
> >> member fileservers for this network are all running Samba 3.4.7 and using
> >> NSLCD and *nix permissions to allow access. This is working nicely.
> >>
> >> I am now trying to create a new Samba 4 (4.1.7 Ubuntu 12.04) domain member
> >> fileserver and have been following these guides:
> >> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Serverhttps://wiki.samba.org/index.php/Setup_and_configure_file_shares
> >>
> >> wbinfo and getent all work as described.
> >>
> >> All looks good until I get to the section on setting permissions on the
> >> share at which point I get "An error occurred while applying the security
> >> information to: \\SERVER\share  Access is denied"
> >>
> >> Has anyone reached this point with similar results? Any help appreciated.
> >>
> >> Thanks,
> >> Chris.
> >>
> >>
> >>
> >>
> >
> >
> >  --
> > ACS (Alavoine Computer Services Ltd)
> > Chris Alavoine
> > mob +44 (0)7724 710 730
> > www.alavoinecs.co.uk
> > http://twitter.com/#!/alavoinecs
> > http://www.linkedin.com/pub/chris-alavoine/39/606/192
> >
> >
> >
> 
> 
> -- 
> ACS (Alavoine Computer Services Ltd)
> Chris Alavoine
> mob +44 (0)7724 710 730
> www.alavoinecs.co.uk
> http://twitter.com/#!/alavoinecs
> http://www.linkedin.com/pub/chris-alavoine/39/606/192




More information about the samba mailing list