[Samba] getfacl not have domain name and samba4 not work correctly

Jason Waters jason at geeknocity.com
Thu Jun 30 15:10:06 UTC 2016


I don't think your hosts file should be
localhost4.localdomain4 smb smb.ropa.intranet

It should be
192.168.1.99 smb smb.ropa.intranet

Then I would check if wbinfo -g returns groups?

also what does your /etc/nsswitch.conf file look like?


On Thu, Jun 30, 2016 at 10:24 AM, Ulisses FĂ©res <uferes2 at gmail.com> wrote:

> Hi.
>
> Sorry. Today I have a big problem with the samba I can not solve!
>
> My permissions do not work properly. in the RSAT created groups, OU and
> users. I configured in Windows the shared directory *TECNOLOGIA* security
> settings assigning full permissions to *grupo_tecnologia* (technology
> group).
>
> However users who are with *grupo_tecnologia* (primary) to access the share
> opens a popup asking for the user / password in which does not accept
> access.
>
> I noticed on linux with getfacl that DOMAIN is not properly setted as in
> red:
>
>
> *[root at smb ~]# getfacl /shares/c/tecnologia/*
> # file: shares/c/tecnologia/
> # owner: root
> # group: root
> user::rwx
> user:root:rwx
> user:BUILTIN\134administrators:rwx
> user:domain\040admins:rwx
> *user:grupo_tecnologia:rwx*
> group::---
> group:root:---
> group:BUILTIN\134administrators:rwx
> group:domain\040admins:rwx
> *group:grupo_tecnologia:rwx*
> mask::rwx
> other::---
> default:user::rwx
> default:user:root:rwx
> default:user:BUILTIN\134administrators:rwx
> default:user:domain\040admins:rwx
> *default:user:grupo_tecnologia:rwx*
> default:group::---
> default:group:root:---
> default:group:BUILTIN\134administrators:rwx
> default:group:domain\040admins:rwx
> *default:group:grupo_tecnologia:rwx*
> default:mask::rwx
> default:other::---
>
>
> It was not to be:
>
> *default:group:ROPA\grupo_tecnologia:rwx*
>
> I believe all my problem may be due to this.
>
>
>
>
> *IP Server:* 192.168.1.99
>
> *[root at smb ~]# smbd -V*
> Version 4.2.13
>
> *[root at smb ~]# smbclient -V*
> Version 4.2.13
>
> *I try install version 4.4.4 but this error continues*
>
>
> *[root at smb ~]# cat /etc/samba/smb.conf*
> # Global parameters
> [global]
>         workgroup = ROPA
>         realm = ROPA.INTRANET
>         netbios name = SMB
>         server role = active directory domain controller
>         dns forwarder = 8.8.8.8
>
> [netlogon]
>         path = /usr/local/samba/var/locks/sysvol/ropa.intranet/scripts
>         read only = No
>
> [sysvol]
>         path = /usr/local/samba/var/locks/sysvol
>         read only = No
>
>
> [tecnologia]
>         comment = tecnologia
>         path = /shares/c/tecnologia
>         read only = no
>
>
>
> *[root at smb ~]# cat /etc/resolv.conf*
> domain ropa.intranet
> search ropa.intranet
> nameserver 192.168.1.99
> nameserver 8.8.8.8
>
> *[root at smb ~]# cat /etc/hosts*
> 127.0.0.1   localhost localhost.localdomain localhost4
> localhost4.localdomain4 smb smb.ropa.intranet
>
>
> *[root at smb ~]# testparm*
> Load smb config files from /usr/local/samba/etc/smb.conf
> Processing section "[netlogon]"
> Processing section "[sysvol]"
> Processing section "[tecnologia]"
>
> Loaded services file OK.
> Server role: ROLE_ACTIVE_DIRECTORY_DC
>
> Press enter to see a dump of your service definitions
>
> # Global parameters
> [global]
>         workgroup = ROPA
>         realm = ROPA.INTRANET
>         server role = active directory domain controller
>         passdb backend = samba_dsdb
>         dns forwarder = 8.8.8.8
>         rpc_server:tcpip = no
>         rpc_daemon:spoolssd = embedded
>         rpc_server:spoolss = embedded
>         rpc_server:winreg = embedded
>         rpc_server:ntsvcs = embedded
>         rpc_server:eventlog = embedded
>         rpc_server:srvsvc = embedded
>         rpc_server:svcctl = embedded
>         rpc_server:default = external
>         winbindd:use external pipes = true
>         idmap config * : backend = tdb
>         map archive = No
>         map readonly = no
>         store dos attributes = Yes
>         vfs objects = dfs_samba4 acl_xattr
>
>
> [netlogon]
>         path = /usr/local/samba/var/locks/sysvol/ropa.intranet/scripts
>         read only = No
>
>
> [sysvol]
>         path = /usr/local/samba/var/locks/sysvol
>         read only = No
>
>
> [tecnologia]
>         comment = tecnologia
>         path = /shares/c/tecnologia
>         read only = No
>
> *[root at smb ~]# klist*
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: administrator at ROPA.INTRANET
>
> Valid starting       Expires              Service principal
> 06/24/2016 01:21:09  06/24/2016 11:21:09
> krbtgt/ROPA.INTRANET at ROPA.INTRANET
>         renew until 06/25/2016 01:21:04
>
> *[root at smb~]# uname -a*
> Linux smb.ropa.intranet 3.10.0-123.20.1.el7.x86_64 #1 SMP Thu Jan 29
> 18:05:33 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
>
>
> Thanks i lot!
> Ulisses.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list