[Samba] Can not change the share permissions

Rommel Rodriguez Toirac rommelrt at nauta.cu
Mon Apr 10 15:41:00 UTC 2017 

 Hello all;
I still have problem with shares in a domain member used as file server (I want to use it like that)
I check from samba wiki some test that you suggest and all have been pass well. I try to make a new share using POSIX ACL and still not access.
To make the share and apply the permissions and owners:

 [root at gtmpve lib]# mkdir -p /compartido/prueba/
 [root at gtmpve lib]# chmod 2770 /compartido/prueba/
 [root at gtmpve lib]# chown root:"ATGTM00\domain admins" /compartido/prueba/       

My smb.conf look lik that:

 [root at gtmpve lib]# cat /etc/samba/smb.conf    
 [global]
       netbios name = gtmpve
       security = ADS
       workgroup = ATGTM00
       realm = GTM.ONAT.GOB.CU

       log file = /var/log/samba/%m.log
       log level = 10

       idmap config *:backend = tdb
       idmap config *:range = 3000-7999

       idmap config ATGTM00:backend = rid
       idmap config ATGTM00:range = 10000-999999

       winbind nss info = template
       winbind enum groups = yes
       winbind enum users = yes
       
       template shell = /bin/bash
       template homedir = /home/%U

       vfs objects = acl_xattr
       map acl inherit = yes
       store dos attributes = yes
       create mask = 0666
       directory mask = 0777
       dos filemode = yes
       acl allow execute always = yes
       
       guest account = nobody
       map to guest = Bad User
       
       server string = Servidor de archivos #2
       server role = member server
       local master = no
       domain master = no
       preferred master = no
    
       load printers = no
       printcap name = /dev/null
       disable spoolss = yes

 [prueba]
       path = /compartido/prueba/
       read only = no
       valid users = +ATGTM00\"Domain Users"

The /etc/krb5.conf is like this:

 [libdefaults]
  dns_lookup_realm = false
  dns_lookup_kdc = true
  default_realm = GTM.ONAT.GOB.CU

This are some of the test and results:

 [root at gtmpve lib]# getent passwd 'ATGTM00\rommel'
 ATGTM00\rommel:*:11144:10513:Rommel Rodriguez Toirac:/home/rommel:/bin/bash
 
 [root at gtmpve lib]# wbinfo --ping-dc
 checking the NETLOGON for domain[ATGTM00] dc connection to "gtmad.gtm.onat.gob.cu" succeeded

 [root at gtmpve lib]# getent hosts gtmpve
 192.168.41.16   gtmpve.gtm.onat.gob.cu gtmpve

Rommel Rodriguez Toirac
rommelrt at nauta.cu

More information about the samba mailing list