[Samba] Changing ownership of files on Windows (net rpc rights?)

John Hixson john at ixsystems.com
Tue Jul 15 20:48:36 MDT 2014 

Hello,

I am unable to change ownership of Samba shares on Windows. It makes no
difference if Samba is a PDC or if it is a member server in an Active
Directory. I am running Samba 4.1.9 on FreeBSD 9.2 with ZFS. I can
easily change ownership locally on the FreeBSD box, however, when trying
to do it from Windows it errors out with access is denied. I've
attempted to use net rpc rights grant statements to give various users
and groups the SeTakeOwnershipPrivilege right ( I am not even sure if
this is the correct way to go ), but it also fails with
NT_STATUS_ACCESS_DENIED. I've pretty much exhausted every avenue trying
to figure out why this isn't possible and am hoping someone on this list
can help me. I'm attaching my smb.conf file. I can provide anything else
if necessary. 

- John
-------------- next part --------------
[global]
    server max protocol = SMB3
    encrypt passwords = yes
    dns proxy = no
    strict locking = no
    oplocks = yes
    deadtime = 15
    max log size = 51200
    max open files = 11070
    load printers = no
    printing = bsd
    printcap name = /dev/null
    disable spoolss = yes
    getwd cache = yes
    guest account = nobody
    map to guest = Bad User
    obey pam restrictions = yes
    directory name cache size = 0
    kernel change notify = no
    panic action = /usr/local/libexec/samba/samba-backtrace
    server string = FreeNAS Server
    ea support = yes
    store dos attributes = yes
    hostname lookups = yes
    time server = yes
    domain logons = no
    acl allow execute always = true
    idmap config *:backend = tdb
    idmap config *:range = 90000000-100000000
    server role = member server
    netbios name = BUGFIX
    workgroup = 2K3
    realm = WIN2K3.DIVINIX.ORG
    security = ADS
    client use spnego = yes
    cache directory = /var/tmp/.cache/.samba
    local master = no
    domain master = no
    preferred master = no
    acl check permissions = true
    acl map full control = true
    dos filemode = yes
    winbind cache time = 7200
    winbind offline logon = yes
    winbind enum users = yes
    winbind enum groups = yes
    winbind nested groups = yes
    winbind use default domain = no
    winbind refresh tickets = yes
    winbind nss info = rfc2307
    idmap config 2K3: backend = ad
    idmap config 2K3: schema_mode = rfc2307
    idmap config 2K3: range = 10000-90000000
    allow trusted domains = no
    template shell = /bin/sh
    template homedir = /home/%D/%U
    pid directory = /var/run/samba
    smb passwd file = /var/etc/private/smbpasswd
    private dir = /var/etc/private
    create mask = 0666
    directory mask = 0777
    client ntlmv2 auth = yes
    dos charset = CP437
    unix charset = UTF-8
    log level = 1
    

[homes]
    comment = Home Directories
    valid users = %D\%U
    writable = yes
    browseable = no
    path = /mnt/vol0/HOMES/%D/%U
    

[CHARTEST]
    path = /mnt/vol0/CHARTEST
    printable = no
    veto files = /.snap/.windows/.zfs/
    writeable = yes
    browseable = yes
    recycle:repository = .recycle/%U
    recycle:keeptree = yes
    recycle:versions = yes
    recycle:touch = yes
    recycle:directory_mode = 0777
    recycle:subdir_mode = 0700
    vfs objects = zfsacl streams_xattr aio_pthread
    hide dot files = yes
    guest ok = no
    nfs4:mode = special
    nfs4:acedup = merge
    nfs4:chown = yes
    zfsacl:acesort = dontcare
    

[TESTME1]
    path = /mnt/vol0/TESTME1
    printable = no
    veto files = /.snap/.windows/.zfs/
    writeable = yes
    browseable = yes
    recycle:repository = .recycle/%U
    recycle:keeptree = yes
    recycle:versions = yes
    recycle:touch = yes
    recycle:directory_mode = 0777
    recycle:subdir_mode = 0700
    vfs objects = zfsacl streams_xattr aio_pthread
    hide dot files = yes
    guest ok = no
    nfs4:mode = special
    nfs4:acedup = merge
    nfs4:chown = yes
    zfsacl:acesort = dontcare
    

[TESTME2]
    path = /mnt/vol0/TESTME2
    printable = no
    veto files = /.snap/.windows/.zfs/
    writeable = yes
    browseable = yes
    recycle:repository = .recycle/%U
    recycle:keeptree = yes
    recycle:versions = yes
    recycle:touch = yes
    recycle:directory_mode = 0777
    recycle:subdir_mode = 0700
    vfs objects = zfsacl streams_xattr aio_pthread
    hide dot files = yes
    guest ok = no
    nfs4:mode = special
    nfs4:acedup = merge
    nfs4:chown = yes
    zfsacl:acesort = dontcare
    

[UFS]
    path = /mnt/ufs0
    printable = no
    veto files = /.snap/.windows/.zfs/
    writeable = yes
    browseable = yes
    recycle:repository = .recycle/%U
    recycle:keeptree = yes
    recycle:versions = yes
    recycle:touch = yes
    recycle:directory_mode = 0777
    recycle:subdir_mode = 0700
    vfs objects = streams_xattr aio_pthread
    hide dot files = yes
    guest ok = no
    nfs4:mode = special
    nfs4:acedup = merge
    nfs4:chown = yes
    zfsacl:acesort = dontcare

More information about the samba mailing list