[Samba] Access denied to change share security staff

Rommel Rodriguez Toirac rommelrt at nauta.cu
Thu Apr 13 13:28:09 UTC 2017 

El 12 de abril de 2017 16:06:00 GMT-04:00, Rowland Penny via samba <samba at lists.samba.org> escribió:
>On Wed, 12 Apr 2017 15:37:14 -0400
>Rommel Rodriguez Toirac via samba <samba at lists.samba.org> wrote:
>
>
>>  Why this diffents? what I be missing?
>
>You are missing the fact that you shouldn't mix using Unix permissions
>and ACLs, it will not work. Use one or the other, preferably the
>later, in fact if you use the DC as a fileserver, you MUST use the
>later.
>
>Follow these instructions here:
>
>https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
>
>Do not set any Unix permissions on the share dir manually.
>
>Rowland

I follow step by step Setting up a Share Using Windows ACLs from wiki, but still I have an Access denied when try to change the permissions of share or when try to change Security ACL.
  As sugesst Rowland I do not change the permissions using Unix, just create the directory/subdirectory and add the entry in /etc/smb.conf as:

 [compartir]
      path = /test/compartir/
      read only = no

then from a RSAT of Windows7 loggin as Administrator in the domain I use the /Computer management/System tools/Shared folders/Shares to try to change permissions ACL and Security. 

I check again if user Administrator have the SeDiskOperatorPrivilege privilege and is Ok.
 
[root at gtmpve samba]# net rpc rights list privileges -UAdministrator
Enter Administrator's password:
     SeMachineAccountPrivilege  Add machines to domain
     SeTakeOwnershipPrivilege  Take ownership of files or other objects
     SeBackupPrivilege  Back up files and directories
     SeRestorePrivilege  Restore files and directories
     SeRemoteShutdownPrivilege  Force shutdown from a remote system
      SePrintOperatorPrivilege  Manage printers
      SeAddUsersPrivilege  Add users and groups to the domain
      SeDiskOperatorPrivilege  Manage disk shares
      SeSecurityPrivilege  System security

 I see the shared directory fron the network, but can not access it neather.
 Is possible that the problem is related with that I have another file server (samba4 domain member) in the network?
  
 


Rommel Rodriguez Toirac
rommelrt at nauta.cu

More information about the samba mailing list