[Samba] getfacl not have domain name and samba4 not work correctly
Ulisses FĂ©res
uferes2 at gmail.com
Thu Jun 30 14:24:45 UTC 2016
Hi.
Sorry. Today I have a big problem with the samba I can not solve!
My permissions do not work properly. in the RSAT created groups, OU and
users. I configured in Windows the shared directory *TECNOLOGIA* security
settings assigning full permissions to *grupo_tecnologia* (technology
group).
However users who are with *grupo_tecnologia* (primary) to access the share
opens a popup asking for the user / password in which does not accept
access.
I noticed on linux with getfacl that DOMAIN is not properly setted as in
red:
*[root at smb ~]# getfacl /shares/c/tecnologia/*
# file: shares/c/tecnologia/
# owner: root
# group: root
user::rwx
user:root:rwx
user:BUILTIN\134administrators:rwx
user:domain\040admins:rwx
*user:grupo_tecnologia:rwx*
group::---
group:root:---
group:BUILTIN\134administrators:rwx
group:domain\040admins:rwx
*group:grupo_tecnologia:rwx*
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:user:BUILTIN\134administrators:rwx
default:user:domain\040admins:rwx
*default:user:grupo_tecnologia:rwx*
default:group::---
default:group:root:---
default:group:BUILTIN\134administrators:rwx
default:group:domain\040admins:rwx
*default:group:grupo_tecnologia:rwx*
default:mask::rwx
default:other::---
It was not to be:
*default:group:ROPA\grupo_tecnologia:rwx*
I believe all my problem may be due to this.
*IP Server:* 192.168.1.99
*[root at smb ~]# smbd -V*
Version 4.2.13
*[root at smb ~]# smbclient -V*
Version 4.2.13
*I try install version 4.4.4 but this error continues*
*[root at smb ~]# cat /etc/samba/smb.conf*
# Global parameters
[global]
workgroup = ROPA
realm = ROPA.INTRANET
netbios name = SMB
server role = active directory domain controller
dns forwarder = 8.8.8.8
[netlogon]
path = /usr/local/samba/var/locks/sysvol/ropa.intranet/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
[tecnologia]
comment = tecnologia
path = /shares/c/tecnologia
read only = no
*[root at smb ~]# cat /etc/resolv.conf*
domain ropa.intranet
search ropa.intranet
nameserver 192.168.1.99
nameserver 8.8.8.8
*[root at smb ~]# cat /etc/hosts*
127.0.0.1 localhost localhost.localdomain localhost4
localhost4.localdomain4 smb smb.ropa.intranet
*[root at smb ~]# testparm*
Load smb config files from /usr/local/samba/etc/smb.conf
Processing section "[netlogon]"
Processing section "[sysvol]"
Processing section "[tecnologia]"
Loaded services file OK.
Server role: ROLE_ACTIVE_DIRECTORY_DC
Press enter to see a dump of your service definitions
# Global parameters
[global]
workgroup = ROPA
realm = ROPA.INTRANET
server role = active directory domain controller
passdb backend = samba_dsdb
dns forwarder = 8.8.8.8
rpc_server:tcpip = no
rpc_daemon:spoolssd = embedded
rpc_server:spoolss = embedded
rpc_server:winreg = embedded
rpc_server:ntsvcs = embedded
rpc_server:eventlog = embedded
rpc_server:srvsvc = embedded
rpc_server:svcctl = embedded
rpc_server:default = external
winbindd:use external pipes = true
idmap config * : backend = tdb
map archive = No
map readonly = no
store dos attributes = Yes
vfs objects = dfs_samba4 acl_xattr
[netlogon]
path = /usr/local/samba/var/locks/sysvol/ropa.intranet/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
[tecnologia]
comment = tecnologia
path = /shares/c/tecnologia
read only = No
*[root at smb ~]# klist*
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator at ROPA.INTRANET
Valid starting Expires Service principal
06/24/2016 01:21:09 06/24/2016 11:21:09 krbtgt/ROPA.INTRANET at ROPA.INTRANET
renew until 06/25/2016 01:21:04
*[root at smb~]# uname -a*
Linux smb.ropa.intranet 3.10.0-123.20.1.el7.x86_64 #1 SMP Thu Jan 29
18:05:33 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
Thanks i lot!
Ulisses.
More information about the samba
mailing list