[Samba] Samba 4 permissions error
Jason Voorhees
jvoorhees1 at gmail.com
Wed Apr 27 18:55:37 UTC 2016
> OK, you have two DCs, on one, your user can access a share, you basically
> copy the shares to another DC (with all the same permissions etc) and your
> user cannot access the share on the second DC.
>
> How is AD set up ? are you using uidNumber & gidNumber attributes (you will
> have added them manually) or are you using the xidNumbers created
> automatically by Samba4.
I'm not pretty sure about the difference, but I believe it's the 2nd
alternative. I guess you could check it from my configuration shown
lines below.
>
> If you have modified the smb.conf on the second DC, can you post this.
> Can you post the smb.conf from your zential machine.
This is the content of my Zentyal's Samba configuration:
[global]
workgroup = agn
realm = REALM.COM.PE
netbios name = fileserver
server string = Linux Active Directory
server role = dc
server role check:inhibit = yes
server services = -dns -winbindd +winbind
server signing = auto
dsdb:schema update allowed = yes
drs:max object sync = 1200
idmap_ldb:use rfc2307 = yes
interfaces = lo,eth0,eth0:0,eth0:0
bind interfaces only = yes
log level = 3
log file = /var/log/samba/samba.log
max log size = 100000
include = /etc/samba/shares.conf
[netlogon]
path = /var/lib/samba/sysvol/agn.com.pe/scripts
browseable = no
read only = yes
[sysvol]
path = /var/lib/samba/sysvol
read only = no
Here the contents of /etc/samba/shares.conf:
[homes]
comment = Directorios de usuario
path = /home/%S
read only = no
browseable = no
create mask = 0611
directory mask = 0711
vfs objects = acl_xattr full_audit recycle
full_audit:success = connect opendir disconnect unlink mkdir rmdir
open rename
full_audit:failure = connect opendir disconnect unlink mkdir rmdir
open rename
recycle: directory_mode = 0700
recycle: inherit_nt_acl = Yes
recycle: excludedir = /tmp|/var/tmp
recycle: versions = Yes
recycle: keeptree = Yes
recycle: repository = RecycleBin
[agnofi]
comment = primer compartido
path = /home/samba/shares/agnofi
browseable = Yes
read only = No
force create mode = 0660
force directory mode = 0660
vfs objects = acl_xattr full_audit recycle
acl_xattr:ignore system acls = yes
full_audit:success = connect opendir disconnect unlink mkdir rmdir
open rename
full_audit:failure = connect opendir disconnect unlink mkdir rmdir
open rename
recycle: directory_mode = 0700
recycle: inherit_nt_acl = Yes
recycle: excludedir = /tmp|/var/tmp
recycle: versions = Yes
recycle: keeptree = Yes
recycle: repository = RecycleBin
There a lot of other additional shares but all of them have the same
configuration except for the path.
This is the configuration for my 2nd Samba DC:
[global]
workgroup = AGN
realm = realm.com.pe
netbios name = FILESERVERSJL
server role = active directory domain controller
log file = /var/log/samba.log
log level = 3
include = /etc/samba/shares.conf
server services = -dns -winbindd +winbind
server signing = auto
dsdb:schema update allowed = yes
drs:max object sync = 1200
idmap_ldb:use rfc2307 = yes
[netlogon]
path = /usr/local/samba-4.3.5/var/locks/sysvol/agn.com.pe/scripts
read only = No
[sysvol]
path = /usr/local/samba-4.3.5/var/locks/sysvol
read only = No
The contents of the /etc/samba/shares.conf is exactly the same as in
Zentyal's server because I copy this file using rsync.
Hope this helps. Thanks a lot for your help.
More information about the samba
mailing list