[Samba] Samba 4 AD share: Access denied
Ryan Ashley
ryana at reachtechfp.com
Fri Aug 15 14:28:31 MDT 2014
That was it! It did not work but I was already building 4.1.11 from a
clean clone. No clue why it did not work with 4.1.9, but it works FINE
now. What gets me is that it worked that way from day one for about two
weeks, then it died. I never thought to check above that level due to
the directory itself not being shared or even accessible remotely. Home
was 750 and when I reverted it to 755 and the shared directory to 775,
the shares began working.
Now, this did NOT fix it on the print-server. I am still getting access
denied. I followed the guide and created /srv/samba/printer_drivers and
the entire sub-directory structure. The "printer_drivers" directory is
2755 as per the wiki article. The directories above it are 755 and are
owned by root and the root group. So I have 755 for /srv, 755 for
/srv/samba, and 2755 for /srv/samba/printer_drivers and everything below
it, but I am getting access denied. I have one driver there in x64/3,
and all files in there are 664. Do these non-executable files need to be
775 despite being DLLs and such?
On 08/15/2014 04:10 PM, Achim Gottinger wrote:
> Am 15.08.2014 21:19, schrieb Achim Gottinger:
>> Am 15.08.2014 21:13, schrieb Ryan Ashley:
>>> root at fs01:~# getfacl /home/shared
>>> getfacl: Removing leading '/' from absolute path names
>>> # file: home/shared
>>> # owner: reachfp
>>> # group: domain\040admins
>>> user::rwx
>>> group::---
>>> other::---
>>>
>> So this is 700 mode. What happens if you change it to 755
>> chmod 755 /home/shared.
>>
> You need atleast the execution right on the preceding dirs /home and
> /home/shared for group and others.
> Check the permissions on the /home share.
> It sould be atleast 711 on /home and /home/shared.
> Tested it here and i also get access denied if an user has no
> execution right on any of the preceding folders of the share.
>>> I have not changed this since creation. It worked for a few weeks
>>> this way.
>>>
>>> On 08/15/2014 02:53 PM, Achim Gottinger wrote:
>>>>>>>>>> This is the ACL's from the share:
>>>>>>>>>>
>>>>>>>>>> getfacl /home/shared/staff/
>>>>>>>>>> getfacl: Removing leading '/' from absolute path names
>>>>>>>>>> # file: home/shared/staff/
>>>>>>>>>> # owner: emily
>>>>>>>>>> # group: administration
>>>>>>>>>> user::rwx
>>>>>>>>>> user:emily:rwx
>>>>>>>>>> group::rwx
>>>>>>>>>> group:administration:rwx
>>>>>>>>>> group:domain_admins:rwx
>>>>>>>>>> mask::rwx
>>>>>>>>>> other::rwx
>>>>>>>>>> default:user::rwx
>>>>>>>>>> default:user:emily:rwx
>>>>>>>>>> default:group::---
>>>>>>>>>> default:group:administration:rwx
>>>>>>>>>> default:group:domain_admins:rwx
>>>>>>>>>> default:mask::rwx
>>>>>>>>>> default:other::---
>>>> What's the output of "getfacl /home/shared" ? In case this was not
>>>> yet covered.
>>>
>>
>
More information about the samba
mailing list