[Samba] Windows Admin user can't change Permission.

Jason Long hack3rcon at yahoo.com
Mon Feb 23 03:00:00 MST 2015


What is your Idea? 

     On Friday, February 20, 2015 2:07 AM, Jason Long <hack3rcon at yahoo.com> wrote:
   

 Hi Tim.The permission is :
[root at printmah srv]# ls -ltotal 0drwxr-xr-x. 3 root root 17 Feb 18 05:38 samba
What is the different between "valid users" and "authorized users" ?When I use "authorized users", Anyone can open directory and write and delete but when I use "valid users" it ask me username and password and when I enter them, it show me again :(
 

     On Wednesday, February 18, 2015 12:01 PM, Tim <lists at kiuni.de> wrote:
   

 Hi Jason,

what are the permissions of the folder above - in your case /srv/samba.

In the past I needed to chmod from 750 to 755 on that folder for the underlying share paths.

Regards
Tim



Am 18. Februar 2015 13:29:07 MEZ, schrieb Jason Long <hack3rcon at yahoo.com>:
Hello.
I changed my "smb.conf" as below :

[Demo]
path = /srv/samba/demo/
read only = no
force user = %U
force group = "JASONDOMAIN.JJ+domain users"
force create mode = 0666
force directory mode = 2777
force directory security mode = 0777
valid users = @"JASONDOMAIN.JJ+domain users"


Then I use below command to change owner :

# chgrp -R "domain users" demo/
# chmod -R g+rw demo/ 

# ls -l
total 0
drwxrwxr-x. 2 root domain_users 6 Feb 18 05:38 demo

But When I want to open the "demo" directory it ask me my username and password and when I enter my username and password it ask me again :(
I also have same problem with change permission too.

How can I solve it? It is emergency.

Thank you.



On Tuesday, February 17, 2015 5:49 AM, Jason Long <hack3rcon at yahoo.com> wrote:
Hello.
According to
the "https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_Windows_ACLs", I run my Samba share but can't add permission to directory via admin user or other users that are administrator.
My samba config is :

[global]
workgroup = JASONDOMAIN
security = ADS
realm = JASONDOMAINI.JJ
netbios name = printmah

dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
server string = Samba 4 Client %h
##
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
##
username map = /etc/samba/user.map

##

winbind enum users = no
winbind enum groups = no
winbind use default domain = yes
winbind expand groups = 4
winbind nss info = rfc2307
winbind refresh tickets = Yes
winbind offline logon = yes
winbind
normalize names = Yes

## map id's outside of domain to tdb files.
idmap config *:backend = tdb
idmap config *:range = 2000-9999
## map ids from the domain the ranges may not overlap !
idmap config JASONDOMAIN : backend = rid
idmap config JASONDOMAIN : range = 10000-999999

wins server = 172.30.9.1, 172.20.1.2, 172.20.1.48

domain master = no
local master = no
preferred master = no
os level = 20
map to guest = bad user
host msdfs = no
# user Administrator workaround, without it you are unable to set 
privileges
username map = /etc/samba/user.map

# For ACL support on member server
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes

# Share Setting Globally
unix extensions = no
reset on zero vc = yes
veto files =
/.bash_logout/.bash_profile/.bash_history/.bashrc/
hide unreadable = yes
template shell = /bin/sh
template homedir = /home/%U
# 
name resolve order = lmhosts wins bcast host

[test]
path = /home/jason/Desktop/photo
read only = no
browseable = yes



I had a problem with SElinux that solved by enter below commands :


setenforce 0

chcon -t samba_share_t -R /path/to/share
setenforce 1


The problem solved but I can't change or add permission to directory via Windows as "Setup share permissions" section.I use "jason" account that is exist in administrator group but Jason can't too.

How can I solve it? 


    

    


More information about the samba mailing list