[Samba] How to troubleshoot an ACL error?

[steve]

On Wed, 2014-03-05 at 08:57 -0500, Peter Clark wrote:
> On Tue, March 4, 2014 3:18 pm, Rowland Penny wrote:
> > On 04/03/14 19:11, Peter Clark wrote:
> >> On Tue, March 4, 2014 12:18 pm, Rowland Penny wrote:
> >>> On 04/03/14 16:06, Peter Clark wrote:
> >>>> Hi,
> >>>>
> >>>> Apparently they're not the same:
> >>>>
> >>>> [root at c3po ~]# getent passwd pclark
> >>>> pclark:x:500:500:Peter Clark:/home/pclark:/bin/bash
> >>> Are you using fedora or centos or similar and is pclark a local user?
> >> Fedora 20, yes, 'pclark' is also a local user.
> >
> > Thought so, remove the local user, you cannot have the same user in AD
> > and as a local user.
> 
> OK.. I deleted the AD user and created another AD user that has no local
> account.
> 
> 
> >> However, why can't the Administrator login get the security attributes
> >> of
> >> that share either?
> > It is probably because you are using [homes], this does not work with
> > samba4, see:
> >
> > https://wiki.samba.org/index.php/Setting_up_a_home_share
> 
> I renamed the share [test] and still get nothing on the security tab
> except the "properties cannot be displayed" error when looked at from the
> administrator account. I can't get past step 2 above (after adding the
> disk permissions to the administrator account). Same NT_INVALID_ACL from
> the smbclient program, nothing useful from the ADUC or system
> properties/shares.
> 
> What's the easiest way to just baseline everything and start over? samba
> is installed in /usr/local/samba.
> 
> Thanks again,
> 
> 
> 
Hi
I don't know what your new domain only user is so I'll use pclark
Try:
rm -r /home/pclark
and recreate it:
mkdir /home/pclark
Then in smb.conf
 
[test]
path = /home/pclark
read only = no
admin users = SOMETHING\Administrator

Not sure if default domain is working on the DC, so if not use:
admin users = Administrator
instead

-make sure nscd is turned off and then restart samba
-Now go and look at the security tab as Administrator

Anything?

Steve