[Samba] R: R: R: R: R: cannot list/access samba share fromWindowsclient

Andrea Rossetti andy.ros at gmail.com
Mon Jan 8 22:20:52 UTC 2018

Inviato da Posta per Windows 10

Da: Rowland Penny via samba
Inviato: lunedì 8 gennaio 2018 22:52
A: samba at lists.samba.org
Oggetto: Re: [Samba] R: R: R: R: cannot list/access samba share fromWindowsclient

>I think I understand it now ;-)
>The debian Samba package used to install winbind as a dependency, it
>doesn't now, try running this (as root):
>apt-get install winbind libnss-winbind libpam-winbind
>The last two packages are the 'glue' between winbind and nsswitch

Ok now I can Look up Domain Users and Groups

root at SRVLNXWINTRA01:/home/data# getent passwd com_spoleto\andrea.rossetti
COM_SPOLETO\andrea.rossetti:*:11212:10513:Andrea Rossetti:/home/COM_SPOLETO/andrea.rossetti:/bin/false
root at SRVLNXWINTRA01:/home/data# getent group "com_spoleto\\domain admins"
COM_SPOLETO\domain admins:x:10512:

I can set permission tu shared folder

root at SRVLNXWINTRA01:/home/data# chown root:"com_spoleto\domain admins" share
root at SRVLNXWINTRA01:/home/data# chmod 2770 share/
root at SRVLNXWINTRA01:/home/data# ls -la
totale 20
drwxrws---  2 root     COM_SPOLETO\domain admins 4096 gen  8 19:39 share

But I have the same problem that I have before when I had sssd instead of winbind
1. Execute computer management from a Windows domain member client as a domain admin user (run as com_spoleto\rossetti.admin that is a “domain admins” member
2. Right click on computer management -> connect to another computer -> srvlnxwintra01 (the Linux server member)
3. I expand “System Tools” -> I expand “Shared Folders” -> click on “Shares”  right click on “share” -> Click Properties -> click on tab “Security”. In this tab I have the message “You musr have Read permission to view the properties of this object” even if I have granted SeDiskOperatorPrivilege to “com_spoleto\domain admins” Group. But If I execute “Computer Management” as “com_spoleto\adminserver” user (I explained below the reason I used this user) I can view/modify the ACLs.
4. Even if I change the permission, using adminserver, adding domainadmins full control this folder subfolder and files and adding domain users read and execute this folder subfolder and files, neither a simple user nor a domain admin users can list the shares in \\servermember
Please help me thanks!
I’ve more and more and more confused. ☹

More information about the samba mailing list