[Samba] Samba 4 AD share: Access denied
mourik jan heupink - merit
heupink at merit.unu.edu
Thu Aug 14 01:56:29 MDT 2014
On your fileserver, are you able to become or logon as one of your
regular users? (Either logon directly, or using 'su username')
Then 'id' to make sure that group memberships are as expected, and then
try to access your staff share. Samba 'obeys' the acl's on the
filesystem, we're using those primarily to grant/deny access to files.
Perhaps those are wrong?
On 8/13/2014 22:29, Ryan Ashley wrote:
> Alright, I changed the owner of the staff share (files and all) to a
> domain user. The only people in the ACL were the user, domain admins
> group, and staff group. The user was denied access despite owning
> everything. This throws all four of my theories out the window. This
> tells me that ONLY people with domain admin access can access shares.
> What would cause this? I have triple-checked the ACLs and have removed
> the "SYSTEM" account from the ACLs. Currently the owner is the domain
> admin and the domain admins group along with the staff group have full
> control. Still, no domain users can access it. Is there any possible way
> to get Samba to log access denied cases in a log-file the way Windows
> does in an event log? All I know from my standpoint is that Samba is
> denying access to everybody who is not a domain admin, despite having
> ACLs set that said domain admins can manipulate.
More information about the samba