[Samba] Samba 4 Domain Member fileserver permission denied error

steve steve at steve-ss.com
Wed Apr 30 02:39:57 MDT 2014 

On Wed, 2014-04-30 at 08:58 +0200, Lorenzo Faleschini wrote:
> Chris,
> 
> I'am sorry, I just noticed I've same 770 config on my subfolders (the actual shares)
> i've chmodded 660 just the mountpoint, but that's not significant.
> 
> 
> actually if I chmod 760 the domain users from windows clients cannot even access the share, so I suppose 770 is needed.
> 
> who knows..
As recommended, if you're having no luck don't understand chmod with
Samba or it just isn't working as you wish, allocate an admin user and
set the share acls from the security tab in windows.
Does your filesystem support extended acls?
HTH
> 
> btw 770 is always better than 777 :)
> 
> cheers
> 
> Lorenzo Faleschini
> IT Manager @ Nord Est Systems srl
> ----------------------------------------
> m: +39 335 6055225 | skype: falegalizeit
> 
> Il 29/04/2014 18:12, steve ha scritto:
> > On Tue, 2014-04-29 at 17:00 +0100, Chris Alavoine wrote:
> >> Hi Lorenzo,
> >>
> >> Have tried it with 660 but I keep getting "You do not have permission to
> >> view or edit this object's permission settings" when trying to set the
> >> Security perms via RSAT. Have rebooted both RSAT and domain member server.
> >> Like you, I would expect 660 to work but it's not for me. For now I'll go
> >> with 770 which is the mode we always used on our old Samba3 fileservers
> >> anyway.
> > Nominate someone who can?
> > admin user = someone-responsible
> >
> > HTH
> > Steve
> >
> >
> >> Thanks for your help,
> >> Chris.
> >>
> >>
> >> On 29 April 2014 16:48, Lorenzo Faleschini <
> >> lorenzo.faleschini at nordestsystems.com> wrote:
> >>
> >>>   I'm glad it worked,
> >>>
> >>> anyway I don't really think you need execute on the fileserver directories
> >>> (apart if you have to run something from them).
> >>> you can consider using 660, if it doesn't work straight then try to log
> >>> out and in from the windows workstation you use for RSAT (or whathever
> >>> you're using) and then test again.
> >>>
> >>> if you need exectuion of some subfolder you can always chmod it later, but
> >>> the narrower permissions are the better.
> >>> just my 2cents.
> >>>
> >>>
> >>>
> >>>   Lorenzo Faleschini
> >>> IT Manager @ Nord Est Systems srl
> >>> ----------------------------------------
> >>> m: +39 335 6055225 | skype: falegalizeit
> >>>
> >>> Il 29/04/2014 17:25, Chris Alavoine ha scritto:
> >>>
> >>> Hi Lorenzo,
> >>>
> >>>   Many thanks for this. I had most of the GID/UID stuff already in place
> >>> (for NSLCD), but the chowning and chmoding part is what fixed it for me.
> >>> Had to use chmod 770 to get it working though, but many thanks for the top
> >>> tips! I can now get down to fully testing this is a viable fileserver
> >>> option.
> >>>
> >>>   Cheers,
> >>> c:)
> >>>
> >>>
> >>> On 29 April 2014 15:32, Lorenzo Faleschini <
> >>> lorenzo.faleschini at nordestsystems.com> wrote:
> >>>
> >>>>   I had same issue.
> >>>>
> >>>> the ugly chmod 777 fixed the issue, but that was not a fix, was a crap,
> >>>> so ended out in
> >>>>
> >>>> assigning GID to group "Domain Users"
> >>>> assigning UID to all users in my domain
> >>>>
> >>>> then on the member server
> >>>> (wich idmap was set as the same used on the samba4 DC  30000000-40000000
> >>>> to have consistent mappings throughout the domain servers)
> >>>> I set the shares mountpoint with the following ownerships and permissions
> >>>>
> >>>> chown -R "DOMAIN\Administrator":"DOMAIN\Domain Users" /path/to/shares
> >>>> chmod -R 660 /path/to/shares
> >>>>
> >>>> let me know if works for you
> >>>>
> >>>>
> >>>>   Lorenzo Faleschini
> >>>> IT Manager @ Nord Est Systems srl
> >>>> ----------------------------------------
> >>>> m: +39 335 6055225 | skype: falegalizeit
> >>>>
> >>>> Il 29/04/2014 12:34, Chris Alavoine ha scritto:
> >>>>
> >>>> Hi there,
> >>>>
> >>>> I have a working Samba 4 domain (4.1.5) with several DC's spread over a
> >>>> global network. They are all based on Ubuntu 12.04. At present the domain
> >>>> member fileservers for this network are all running Samba 3.4.7 and using
> >>>> NSLCD and *nix permissions to allow access. This is working nicely.
> >>>>
> >>>> I am now trying to create a new Samba 4 (4.1.7 Ubuntu 12.04) domain member
> >>>> fileserver and have been following these guides:
> >>>> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Serverhttps://wiki.samba.org/index.php/Setup_and_configure_file_shares
> >>>>
> >>>> wbinfo and getent all work as described.
> >>>>
> >>>> All looks good until I get to the section on setting permissions on the
> >>>> share at which point I get "An error occurred while applying the security
> >>>> information to: \\SERVER\share  Access is denied"
> >>>>
> >>>> Has anyone reached this point with similar results? Any help appreciated.
> >>>>
> >>>> Thanks,
> >>>> Chris.
> >>>>
> >>>>
> >>>>
> >>>>
> >>>
> >>>   --
> >>> ACS (Alavoine Computer Services Ltd)
> >>> Chris Alavoine
> >>> mob +44 (0)7724 710 730
> >>> www.alavoinecs.co.uk
> >>> http://twitter.com/#!/alavoinecs
> >>> http://www.linkedin.com/pub/chris-alavoine/39/606/192
> >>>
> >>>
> >>>
> >>
> >> -- 
> >> ACS (Alavoine Computer Services Ltd)
> >> Chris Alavoine
> >> mob +44 (0)7724 710 730
> >> www.alavoinecs.co.uk
> >> http://twitter.com/#!/alavoinecs
> >> http://www.linkedin.com/pub/chris-alavoine/39/606/192
> >
>

More information about the samba mailing list