[Samba] Samba 4 Domain Member fileserver permission denied error

Lorenzo Faleschini lorenzo.faleschini at nordestsystems.com
Wed Apr 30 00:58:34 MDT 2014


Chris,

I'am sorry, I just noticed I've same 770 config on my subfolders (the actual shares)
i've chmodded 660 just the mountpoint, but that's not significant.


actually if I chmod 760 the domain users from windows clients cannot even access the share, so I suppose 770 is needed.

who knows..

btw 770 is always better than 777 :)

cheers

Lorenzo Faleschini
IT Manager @ Nord Est Systems srl
----------------------------------------
m: +39 335 6055225 | skype: falegalizeit

Il 29/04/2014 18:12, steve ha scritto:
> On Tue, 2014-04-29 at 17:00 +0100, Chris Alavoine wrote:
>> Hi Lorenzo,
>>
>> Have tried it with 660 but I keep getting "You do not have permission to
>> view or edit this object's permission settings" when trying to set the
>> Security perms via RSAT. Have rebooted both RSAT and domain member server.
>> Like you, I would expect 660 to work but it's not for me. For now I'll go
>> with 770 which is the mode we always used on our old Samba3 fileservers
>> anyway.
> Nominate someone who can?
> admin user = someone-responsible
>
> HTH
> Steve
>
>
>> Thanks for your help,
>> Chris.
>>
>>
>> On 29 April 2014 16:48, Lorenzo Faleschini <
>> lorenzo.faleschini at nordestsystems.com> wrote:
>>
>>>   I'm glad it worked,
>>>
>>> anyway I don't really think you need execute on the fileserver directories
>>> (apart if you have to run something from them).
>>> you can consider using 660, if it doesn't work straight then try to log
>>> out and in from the windows workstation you use for RSAT (or whathever
>>> you're using) and then test again.
>>>
>>> if you need exectuion of some subfolder you can always chmod it later, but
>>> the narrower permissions are the better.
>>> just my 2cents.
>>>
>>>
>>>
>>>   Lorenzo Faleschini
>>> IT Manager @ Nord Est Systems srl
>>> ----------------------------------------
>>> m: +39 335 6055225 | skype: falegalizeit
>>>
>>> Il 29/04/2014 17:25, Chris Alavoine ha scritto:
>>>
>>> Hi Lorenzo,
>>>
>>>   Many thanks for this. I had most of the GID/UID stuff already in place
>>> (for NSLCD), but the chowning and chmoding part is what fixed it for me.
>>> Had to use chmod 770 to get it working though, but many thanks for the top
>>> tips! I can now get down to fully testing this is a viable fileserver
>>> option.
>>>
>>>   Cheers,
>>> c:)
>>>
>>>
>>> On 29 April 2014 15:32, Lorenzo Faleschini <
>>> lorenzo.faleschini at nordestsystems.com> wrote:
>>>
>>>>   I had same issue.
>>>>
>>>> the ugly chmod 777 fixed the issue, but that was not a fix, was a crap,
>>>> so ended out in
>>>>
>>>> assigning GID to group "Domain Users"
>>>> assigning UID to all users in my domain
>>>>
>>>> then on the member server
>>>> (wich idmap was set as the same used on the samba4 DC  30000000-40000000
>>>> to have consistent mappings throughout the domain servers)
>>>> I set the shares mountpoint with the following ownerships and permissions
>>>>
>>>> chown -R "DOMAIN\Administrator":"DOMAIN\Domain Users" /path/to/shares
>>>> chmod -R 660 /path/to/shares
>>>>
>>>> let me know if works for you
>>>>
>>>>
>>>>   Lorenzo Faleschini
>>>> IT Manager @ Nord Est Systems srl
>>>> ----------------------------------------
>>>> m: +39 335 6055225 | skype: falegalizeit
>>>>
>>>> Il 29/04/2014 12:34, Chris Alavoine ha scritto:
>>>>
>>>> Hi there,
>>>>
>>>> I have a working Samba 4 domain (4.1.5) with several DC's spread over a
>>>> global network. They are all based on Ubuntu 12.04. At present the domain
>>>> member fileservers for this network are all running Samba 3.4.7 and using
>>>> NSLCD and *nix permissions to allow access. This is working nicely.
>>>>
>>>> I am now trying to create a new Samba 4 (4.1.7 Ubuntu 12.04) domain member
>>>> fileserver and have been following these guides:
>>>> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Serverhttps://wiki.samba.org/index.php/Setup_and_configure_file_shares
>>>>
>>>> wbinfo and getent all work as described.
>>>>
>>>> All looks good until I get to the section on setting permissions on the
>>>> share at which point I get "An error occurred while applying the security
>>>> information to: \\SERVER\share  Access is denied"
>>>>
>>>> Has anyone reached this point with similar results? Any help appreciated.
>>>>
>>>> Thanks,
>>>> Chris.
>>>>
>>>>
>>>>
>>>>
>>>
>>>   --
>>> ACS (Alavoine Computer Services Ltd)
>>> Chris Alavoine
>>> mob +44 (0)7724 710 730
>>> www.alavoinecs.co.uk
>>> http://twitter.com/#!/alavoinecs
>>> http://www.linkedin.com/pub/chris-alavoine/39/606/192
>>>
>>>
>>>
>>
>> -- 
>> ACS (Alavoine Computer Services Ltd)
>> Chris Alavoine
>> mob +44 (0)7724 710 730
>> www.alavoinecs.co.uk
>> http://twitter.com/#!/alavoinecs
>> http://www.linkedin.com/pub/chris-alavoine/39/606/192
>



More information about the samba mailing list