[Samba] problems with share permissions
Rowland Penny
rpenny at samba.org
Tue Dec 12 22:09:16 UTC 2017
On Tue, 12 Dec 2017 14:01:03 -0800
Jerry Lowry <jlowry at edt.com> wrote:
> Sorry didn't scroll up far enough :)
>
> samba version : 4.4.4-14.el7_3
>
> also forgot that pictures don't transfer....it has been a tough week,
> this is Friday right?
>
> thanks
>
> Here is the global section:
>
> [global]
> workgroup = Accounting
> security = ADS
> realm = Accounting.edt.local
> log file = /var/log/samba/%m.log
> log level = 1
> # Default ID mapping configuration for local BUILTIN accounts
> # and groups on a domain member. The default (*) domain:
> # - must not overlap with any domain ID mapping configuration!
> # - must use a read-write-enabled back end, such as tdb.
> # - Adding just this is not enough
> # - You must set a DOMAIN backend configuration, see below
> idmap config * : backend = ad
> idmap config * : range = 1000000-2000000
> #
This is wrong, you cannot use the 'ad' backend for the default domain,
it should be 'tdb'.
You should also have 'idmap config' lines for the 'ACCOUNTING' domain,
can I suggest you go and read this wikipage again:
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
Just a thought, have you given your users a unique number inside the
'1000000-2000000' range and Domain Users a gidNumber inside the same
range, these attributes are not added automatically.
Rowland
More information about the samba
mailing list