[Samba] Samba4 creating share and setting permissions without windows tools

Rowland Penny rowlandpenny at googlemail.com
Thu Jul 31 13:45:16 MDT 2014 

On 31/07/14 20:26, Diego Llovet wrote:
> ok, but I have an empty /etc/nsswitch and windbind is stopped, 
> according to wiki there is not necessary or at least not mentioned
>
> ________ smb.conf
> # Global parameters
> [global]
>         workgroup = DOMAIN
>         realm = DOMAIN.COM <http://DOMAIN.COM>
>         netbios name = PRUEBASDIEGO
>         interfaces = lo, eth0
>         bind interfaces only = Yes
>         server role = active directory domain controller
>         idmap_ldb:use rfc2307 = yes
>
> [netlogon]
>         path = /usr/local/samba/var/locks/sysvol/domain.com/scripts 
> <http://domain.com/scripts>
>         read only = No
>
> [sysvol]
>         path = /usr/local/samba/var/locks/sysvol
>         read only = No
>
> [home]
>         path = /home/homeUsers/
>         read only = No
>
> [share]
>         path = /home/share
>         read only = no
>         create mask = 0777
>
> [People]
>         path = /home/people/
>         read only = No
> ________
>
> Provisioned samba4
>
> samba-tool domain provision --use-rfc2307 --interactive 
> --option="interfaces=lo eth0" --option="bind interfaces only=yes"
>
>
>
>
> 2014-07-31 14:56 GMT-03:00 Rowland Penny <rowlandpenny at googlemail.com 
> <mailto:rowlandpenny at googlemail.com>>:
>
>     On 31/07/14 18:47, Diego Llovet wrote:
>
>         Hi,
>         wbinfo -g return the groups that I created withh samba-toll
>         group add IT
>         getent group IT return nothing
>
>
>     That is where your problem lies, you need to be able to run
>     'getent passwd' and have it return your users and 'getent group
>     <groupname>' needs to return info about the group.
>
>     Could you post your smb.conf, /etc/nsswitch and how you
>     provisioned the samba4 server.
>
>     Rowland
>
>
>
>         2014-07-31 13:18 GMT-03:00 Rowland Penny
>         <rowlandpenny at googlemail.com
>         <mailto:rowlandpenny at googlemail.com>
>         <mailto:rowlandpenny at googlemail.com
>         <mailto:rowlandpenny at googlemail.com>>>:
>
>
>             On 31/07/14 14:48, Diego Llovet wrote:
>
>                 Hello,
>
>                 I need a way to set permissions to share folder
>         without to use
>                 RSAT, I've
>                 not found anything about that.
>
>                 The samba wiki said that
>
>                 ---------------------
>                 Change permissions on folders of a share
>
>
>                 Changes of permissions are done using the classic *nix
>         tools
>                 'chmod',
>                 'chown' and 'chgrp'.
>
>                 Example:
>
>                   Code:
>
>                 # mkdir /srv/samba/Demo/Example/
>                 # chown foobar:DemoGroup /srv/samba/Demo/Example/
>                 # chmod 2770 /srv/samba/Demo/Example/
>
>                 -------------------
>
>                 I created a group DemoGroup with "samba-tool group add
>         DemoGroup"
>                 Then, when I did
>                 Code:
>
>                 chown foobar:DemoGroup /srv/samba/Demo/Example/
>
>                 I got this error
>                   Code:
>
>                 chown: invalid group: "DemoGroup"
>
>                 What must I do to allow groups created by samba-tool works
>                 with chown??
>
>                 How can I do to assign permissions to a shared folder from
>                 command line
>                 using the power of samba4?
>
>                 Thank you in advance
>
>             Hi, what does 'wbinfo -g' and 'getent group DemoGroup'
>         return ?
>
>             Rowland
>
>             --     To unsubscribe from this list go to the following
>         URL and read the
>             instructions: https://lists.samba.org/mailman/options/samba
>
>
>
>     -- 
>     To unsubscribe from this list go to the following URL and read the
>     instructions: https://lists.samba.org/mailman/options/samba
>
>
I some how thought that was what you were going to say, it would seem 
that part of the samba dc howto wiki page has gone missing, or rather it 
has migrated totally to another page!!


  Make domain users/groups available locally through Winbind

To have your domain users and groups available locally on your Member 
Server, you need to place two links in your /lib64 folder:

# ln -s /usr/local/samba/lib/libnss_winbind.so /lib64
# ln -s /lib64/libnss_winbind.so /lib64/libnss_winbind.so.2
# ldconfig

*If you are running a 32-bit system ("uname -i" will return "i686"), you 
have to use /lib instead!*

The final step of the configuration is to add 'winbind' to the 'passwd' 
and 'group' entry of your /etc/nsswitch.conf:

passwd: compat winbind
group:  compat winbind


HINT HINT Marc ;-)

Do the above and see if this helps.

Rowland

More information about the samba mailing list