[Samba] Access denied to change share security staff

Rommel Rodriguez Toirac rommelrt at nauta.cu
Wed Apr 12 15:53:02 UTC 2017 

Hello all;
I have problem with shares in a domain member used as file server (I want to use it like that)
I check from samba wiki some test that you suggest and all have been pass well. I try to make a new share using POSIX ACL and still not access.
To make the share and apply the permissions and owners:

[root at gtmpve lib]# mkdir -p /compartido/prueba/
[root at gtmpve lib]# chmod 2770 /compartido/prueba/
[root at gtmpve lib]# chown root:"ATGTM00\domain admins" /compartido/prueba/ 

My smb.conf look lik that:

[root at gtmpve lib]# cat /etc/samba/smb.conf 
[global]
netbios name = gtmpve
security = ADS
workgroup = ATGTM00
realm = GTM.ONAT.GOB.CU

log file = /var/log/samba/%m.log
log level = 10

idmap config *:backend = tdb
idmap config *:range = 3000-7999

idmap config ATGTM00:backend = rid
idmap config ATGTM00:range = 10000-999999

winbind nss info = template
winbind enum groups = yes
winbind enum users = yes

template shell = /bin/bash
template homedir = /home/%U

vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
create mask = 0666
directory mask = 0777
dos filemode = yes
acl allow execute always = yes

guest account = nobody
map to guest = Bad User

server string = Servidor de archivos #2
server role = member server
local master = no
domain master = no
preferred master = no

load printers = no
printcap name = /dev/null
disable spoolss = yes

[prueba]
path = /compartido/prueba/
read only = no
valid users = +ATGTM00\"Domain Users"

The /etc/krb5.conf is like this:

[libdefaults]
dns_lookup_realm = false
dns_lookup_kdc = true
default_realm = GTM.ONAT.GOB.CU

This are some of the test and results:

[root at gtmpve lib]# getent passwd 'ATGTM00\rommel'
ATGTM00\rommel:*:11144:10513:Rommel Rodriguez Toirac:/home/rommel:/bin/bash

[root at gtmpve lib]# wbinfo --ping-dc
checking the NETLOGON for domain[ATGTM00] dc connection to "gtmad.gtm.onat.gob.cu" succeeded

[root at gtmpve lib]# getent hosts gtmpve
192.168.41.16 gtmpve.gtm.onat.gob.cu gtmpve

Rommel Rodriguez Toirac
rommelrt at nauta.cu

More information about the samba mailing list