[Samba] 4.4.14 on solaris, using ads, can't read/write as user
Rowland Penny
rpenny at samba.org
Thu Jun 29 17:36:12 UTC 2017
On Thu, 29 Jun 2017 14:06:37 -0300
francis picabia via samba <samba at lists.samba.org> wrote:
> Thanks for your help. Here is a sanitized config from our dev system
> where I'm testing the Solaris patch.
>
> [global]
> workgroup = MYDOM
> netbios name = norm
> security = ADS
> log file = /var/log/samba/%m.log
> max log size = 50
> dns proxy = no
> loglevel = 3
> template shell = /usr/bin/bash
> winbind use default domain = true
> winbind enum users = yes
> winbind enum groups = yes
> winbind nested groups = yes
> encrypt passwords = yes
> realm = AD.MYDOM.CA
>
>
> idmap config * : range = 16777216-33554431
> idmap config * : backend = rid
>
>
> nt acl support = no
> unix extensions = no
>
> load printers = no
> printing = bsd
> printcap name = /dev/null
> disable spoolss = yes
>
>
> #============================ Share Definitions
> ==============================
>
> [homes]
> comment = Home Directories
> path = %H
> browseable = no
> valid users = MYDOM\%U
> create mask = 0750
> directory mask = 0750
> wide links = Yes
>
> guest ok = no
> read only = no
>
> [tmp]
> path = /tmp
> public = no
> browseable = no
> read only = no
>
>
> As this is now, I was experimenting with not controlling the access
> to /tmp New files can be copied there by the connected user, and they
> are showing expected ownership. Reading 700 files owned by the user
> isn't working from smbclient nor Windows.
>
> The version of AD is under Windows 2012R2
>
Your problems lie here:
idmap config * : range = 16777216-33554431
idmap config * : backend = rid
Why use the range '16777216-33554431' ?
You cannot use 'rid' with the BUILTIN (*) domain, you should use 'tdb'
And the main reason why it isn't working, you need a block for the
'MYDOM' domain, see here for more info:
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
Rowland
More information about the samba
mailing list