[Samba] File Server member DC ACL permissions
Ricardo Pardim Claus
ricardo.claus at yahoo.com.br
Wed Aug 10 14:18:16 UTC 2016
Greetings,
Previously I had set up a file server with DC on the same machine. As recommendations, created another machine to be the file server.
I made the settings as far as I could do, but I can not give permissions on shared folders. Must give permissions on shared folders for groups and users of the domain.
I'm using Samba 4.4.5 in DC's and also the file server. I joined the file server as a domain member.
About file server member of a domain, I have not found a satisfactory documentation.
When the second DC was playing the role of file server, permissions worked perfectly.
What do I need to configure the file server recognizes the permissions of users and AD groups?
Follow my configuration file:
smb.conf
# Global parameters
[global]
netbios name = SRV16
server string = Samba4 Server
security = ADS
encrypt passwords = Yes
realm = OOMAIN.LOCAL
workgroup = DOMAIN
log file = /var/log/samba/%m.log
log level = 1
#
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = Yes
winbind nss info = rfc2307
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
[dados]
comment = Pasta dados
path = /mnt/data
read only = No
browseable = Yes
inherit acls = Yes
inherit permissions = Yes
/etc/nsswitch.conf:
passwd: files sss winbind
shadow: files sss winbind
group: files sss winbind
hosts: files dns
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files sss
netgroup: files sss
publickey: nisplus
automount: files sss
aliases: files nisplus
With these commands, I can view the AD users and groups.
wbinfo -u
wbinfo -g
getent group
I realized the Winbind settings as reported in Samba page.
When I run the following command I get error:
# setfacl -R -m default:group:"Domain Admins":rwx /mnt/data/p1
setfacl: /mnt/data/p1: Malformed default ACL `user::rwx,group::rwx,group:4294967295:rwx,mask::rwx,other::r-x': Duplicate entries at entry 3
setfacl: /mnt/data/p1/teste.txt: Malformed default ACL `user::rw-,group::r--,group:4294967295:rwx,mask::rwx,other::r--': Duplicate entries at entry 3
The missing setting?
More information about the samba
mailing list