[Samba] problems with permissions
Rowland Penny
rpenny at samba.org
Mon Nov 27 20:46:46 UTC 2017
On Mon, 27 Nov 2017 12:14:44 -0800
Jerry Lowry via samba <samba at lists.samba.org> wrote:
> hi list,
>
> environment:
>
> Windows 2008 Domain
>
> Centos 7 server running samba 4.4.4
>
> Problem:
>
> I am creating a number of samba shares on the Centos server to be
> used on the Domain. Right now I have two major directories setup as
> shares with minor directories being created.
>
> How do I specify read/write permissions on the minor directories
> without having to create a share for each directory? When I specify
> a domain group the centos server does not see the group.
>
> The configuration now shows multiple shares but it does not preserve
> the read only access in the minor shares.
>
> Here is the config:
>
> [global]
> workgroup = Accounting
> security = ADS
> realm = Accounting.edt.local
> log file = /var/log/samba/%m.log
> log level = 1
> # Default ID mapping configuration for local BUILTIN accounts
> # and groups on a domain member. The default (*) domain:
> # - must not overlap with any domain ID mapping configuration!
> # - must use a read-write-enabled back end, such as tdb.
> # - Adding just this is not enough
> # - You must set a DOMAIN backend configuration, see below
> idmap config * : backend = tdb
> idmap config * : range = 1000000-2000000
Either:
A) you are using sssd, in which case you should ask on the sssd-users
mailing list, because sssd is doing the authentication.
Or
B) You totally missed this: '# - Adding just this is not enough' when
you cut and pasted it from the Samba wiki, you need to use the winbind
'rid' or 'ad' backend.
Rowland
More information about the samba
mailing list