[Samba] ACL SHARE
L.P.H. van Belle
belle at bazuin.nl
Tue Jun 27 15:23:02 UTC 2017
correct is not much different, but you need a "correct" config.
now your config is simpley wrong. ( sorry )
This proves it. one question..
idmap config * : backend = rid
idmap config * : range = 100000-999999
can you write you "rid" to the samba AD.. No.
# - must use an read-write-enabled back end, such as tdb.
you need also :
# idmap config for the SAMDOM domain
idmap config SAMDOM : backend = rid
idmap config SAMDOM : range = 10000-999999
but do remember ...
For every domain, set these parameters individually. The ID ranges of the * default domain and all other domains configured in the smb.conf file must not overlap.
Greetz,
Louis
Van: Carlos A. P. Cunha [mailto:carlos.hollow at gmail.com]
Verzonden: dinsdag 27 juni 2017 17:07
Aan: L.P.H. van Belle
Onderwerp: Re: [Samba] ACL SHARE
Hello
Thank you for your attention.
My conf is not much different from the documentation, and what's different "I believe" is not my problem.
As I mentioned the problem only occurs with access via sharing ....
Regards
Em 27-06-2017 11:32, L.P.H. van Belle via samba escreveu:
Hai Carlos, I suggest start here : https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Setting_up_a_Basic_smb.conf_File Which says.. # Default ID mapping configuration for local BUILTIN accounts # and groups on a domain member. The default (*) domain: # - must not overlap with any domain ID mapping configuration! # - must use an read-write-enabled back end, such as tdb. idmap config * : backend = tdb idmap config * : range = 3000-7999 And you want RID, https://wiki.samba.org/index.php/Idmap_config_rid So fix you smb.conf, restart samba. Run : net cache flush Test id username And try again. Greetz, Louis
-----Oorspronkelijk bericht----- Van: samba [mailto:samba-bounces at lists.samba.org] Namens Carlos A. P. Cunha via samba Verzonden: dinsdag 27 juni 2017 16:26 Aan: samba at lists.samba.org Onderwerp: [Samba] ACL SHARE Hello I have a Debian 8 with samba (Version 4.2.10-Debian) that serves as Fileserver. My smb.conf [global] workgroup = XXXXX realm = GRUPO.XXXXX.COM.BR security = ADS idmap config * : backend = rid idmap config * : range = 100000-999999 client schannel = no allow trusted domains = yes winbind use default domain = yes winbind refresh tickets = Yes winbind offline logon = no winbind cache time = 360 winbind enum users = yes winbind enum groups = yes template shell = /bin/bash template homedir = /home/%U map to guest = bad user guest account = guest guest ok = yes vfs objects = acl_xattr map acl inherit = Yes store dos attributes = Yes I have sharing: [QUALIDADELEITE] path = /home/QUALIDADELEITE browseable = yes writeable = yes printable = no create mask = 0770 force directory mode = 0770 force create mode = 0770 force group = +qualidadeleite valid users = @qualidadeleite getfacl /home/QUALIDADELEITE # file: home/QUALIDADELEITE # owner: root # group: qualidadeleite user::rwx group::rwx other::--- default:user::rwx default:group::r-x default:group:qualidadeleite:rwx default:mask::rwx default:other::r-x My doubts inside have an ok.txt file Getfacl ok.txt # File: ok.txt # Owner: root # Group: root User :: rwx Group :: r-x #effective: --- Group: qualidadeleite: rwx #effective: --- Mask :: --- Other :: --- The problem in this way a user of the qualidadeleite group can not do anything in the file, even though they have permissions via ACL, this only happens on shares. Direct on the file System the ACL permission is functional. Access to this directory occurs both direct (ssh) and via shares. Do you know what it can be? Regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list