[Samba] Problem to manage permission to a share from windows

Andrea Rossetti andy.ros at gmail.com
Thu Feb 22 16:30:09 UTC 2018 

Hi,
I’ve successfully joined an ubuntu 16.04 machine, as member serverm, to an active directory domain Windows server 2012 R2 following the instructions in the wiki.samba.org “Setting up Samba as a Domain Member” now I have to set acl using Windows acl on a share. For that I followed the instruction in the “Setting up a Share Using Windows ACLs”. I also granted the SeDiskOperatorPrivilege to the Domain admins Group.
But when I try to manage the computer with the computer management from Windows as a user member of Domain admins Group, when I right click on the share and click on properties I don’t have the secirity tab. Where is the problem?

This is my smb.conf
[global]
   workgroup = COM_SPOLETO
   realm = COMUNE.SPOLETO.LOCAL
   client signing = yes
   client use spnego = yes
   kerberos method = secrets and keytab
   security = ads
   bind interfaces only = yes
   interfaces = lo enp0s3
   enable privileges = yes
   idmap config * : backend = tdb
   idmap config * : range = 2000-9999
   idmap config COM_SPOLETO : backend = rid
   idmap config COM_SPOLETO : range = 10000-999999
   username map = /etc/samba/user.map
   vfs objects = acl_xattr
   map acl inherit = yes
   store dos attributes = yes
   winbind refresh tickets = Yes
   server string = %h server (Samba, Ubuntu)
   dns proxy = no
   log file = /var/log/samba/log.%m
   log level = 1
   max log size = 1000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d
   server role = member server
   passdb backend = tdbsam
   map to guest = bad user
   usershare allow guests = no

[printers]
   comment = All Printers
   browseable = no
   path = /var/spool/samba
   printable = yes
   guest ok = no
   read only = yes
   create mask = 0700

[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no

[geoportale-lizmap]
    comment = Progetti QGIS per Lizmap
    path = /opt/shares/geoportale-lizmap
    read only = no
    inherit acls = yes

Inviato da Posta per Windows 10

More information about the samba mailing list