[Samba] Permission issue writing to demo share
Dr. Lars Hanke
lars at lhanke.de
Fri Jun 27 10:13:31 MDT 2014
>> I can read and write the Share using AD\Administrator. AD\StandardUser
>> can mount the share and read, what the Administrator put there. But he
>> cannot create or modify files.
> Please post:
> smb.conf
[global]
workgroup = AD
realm = AD.MICROSULT.DE
netbios name = SAMBA
server role = active directory domain controller
private dir = /srv/files/private
lock directory = /srv/files
state directory = /srv/files/state
cache directory = /srv/files/cache
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
drepl, winbind, ntp_signd, kcc, dnsupdate
idmap_ldb:use rfc2307 = yes
# allow for TLS / ldaps
tls enabled = yes
tls keyfile = /etc/samba/tls/SAMBA.ad.microsult.de.key.pem
tls certfile = /etc/samba/tls/SAMBA.ad.microsult.de.pem
tls cafile = /etc/certs/cacert.pem
# this is from steve's mail
kerberos method = system keytab
[netlogon]
path = /srv/files/state/sysvol/ad.microsult.de/scripts
read only = No
[sysvol]
path = /srv/files/state/sysvol
read only = No
[Demo]
path = /srv/files/shares/Demo
read only = no
> /etc/nsswitch.conf
passwd: compat
group: compat
shadow: compat
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
> getent passwd AS\StandardUser
empty, as is AD\Administrator
> getfacl /path/to/your/demo share
Didn't install ACL so far, since the samba docs claim to use extended
attributes instead of POSIX ACL.
root at samba:/# ls -la /srv/files/shares/Demo/
total 8
drwxr-xr-x 2 root root 35 Jun 27 14:24 .
drwxr-xr-x 3 root root 17 Jun 13 13:19 ..
-rwxrwxr-x+ 1 3000000 users 32 Jun 27 14:24 Erstellt von Admin.txt
root at samba:/# attr -l /srv/files/shares/Demo
root at samba:/# attr -l /srv/files/shares/Demo/*
Attribute "DOSATTRIB" has a 56 byte value for
/srv/files/shares/Demo/Erstellt von Admin.txt
Attribute "NTACL" has a 312 byte value for
/srv/files/shares/Demo/Erstellt von Admin.txt
root at samba:/# attr -g NTACL /srv/files/shares/Demo/Erstellt\ von\ Admin.txt
attr_get: No data available
Could not get "NTACL" for /srv/files/shares/Demo/Erstellt von Admin.txt
Actually I had expected AD/Administrator to map to uid 0 instead of
3000000. At least this uid is in the LDAP.
Regards,
- lars.
More information about the samba
mailing list