[Samba] Cannot browse mode 0700 directories from Windows with security=ads
Rowland penny
rpenny at samba.org
Fri Apr 15 16:36:43 UTC 2016
On 15/04/16 16:21, Ian Collier wrote:
> On Fri, Apr 15, 2016 at 04:06:53PM +0100, you wrote:
>> Having got that out of the way, can you post your smb.conf ?
> This is slightly redacted so apologise if some essential info
> was missing. Also there are lots of shares but the 0700 access
> problem happens on the [homes] share so here's that one:
>
> [global]
> workgroup = ...
> realm = ...
> server string = Samba Server
> interfaces = 127.0.0.1, eth0
> bind interfaces only = Yes
> security = ADS
> password server = dc1... dc2...
> log level = 1
> log file = /var/log/samba/log.%m
> load printers = No
> printcap name = /dev/null
> disable spoolss = Yes
> read only = No
> create mask = 0664
> hosts allow = .../22
> printing = bsd
> print command = lpr -r -P'%p' %s
> lpq command = lpq -P'%p'
> lprm command = lprm -P'%p' %j
> posix locking = no
> kernel oplocks = no
> username map script = /bin/echo
>
> [homes]
> comment = UNIX Home Directories
> path = /auto/users/%U
> create mask = 0750
> directory mask = 0750
> browseable = No
>
> Ian Collier.
>
OK, you have a Samba domain member that is joined to an AD domain and
you also say you are running winbindd, but there doesn't seem to be any
winbind or 'idmap config' lines in your smb.conf, are you also running
sssd ?
If you are not running sssd, can I suggest having a look here:
https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member
You will probably want to use the 'rid' backend
Rowland
More information about the samba
mailing list