[Samba] I: R: R: R: R: cannot list/access samba sharefromWindowsclient

Andrea Rossetti andy.ros at gmail.com
Tue Jan 9 08:58:44 UTC 2018

>Da: Rowland Penny via samba
>Inviato: lunedì 8 gennaio 2018 22:52
>A: samba at lists.samba.org
>Oggetto: Re: [Samba] R: R: R: R: cannot list/access samba share fromWindowsclient
>>I think I understand it now ;-)
>>The debian Samba package used to install winbind as a dependency, it
>>doesn't now, try running this (as root):
>>apt-get install winbind libnss-winbind libpam-winbind
>>The last two packages are the 'glue' between winbind and nsswitch
>Ok now I can Look up Domain Users and Groups
>root at SRVLNXWINTRA01:/home/data# getent passwd com_spoleto\andrea.rossetti
>COM_SPOLETO\andrea.rossetti:*:11212:10513:Andrea Rossetti:/home/COM_SPOLETO/andrea.rossetti:/bin/false
>root at SRVLNXWINTRA01:/home/data# getent group "com_spoleto\\domain admins"
>COM_SPOLETO\domain admins:x:10512:
>I can set permission tu shared folder
>root at SRVLNXWINTRA01:/home/data# chown root:"com_spoleto\domain admins" share
>root at SRVLNXWINTRA01:/home/data# chmod 2770 share/
>root at SRVLNXWINTRA01:/home/data# ls -la
>totale 20
>drwxrws---  2 root     COM_SPOLETO\domain admins 4096 gen  8 19:39 share
>But I have the same problem that I have before when I had sssd instead of winbind
>1. Execute computer management from a Windows domain member client as a domain admin user (run as >com_spoleto\rossetti.admin that is a “domain admins” member
>2. Right click on computer management -> connect to another computer -> srvlnxwintra01 (the Linux server >member)
>3. I expand “System Tools” -> I expand “Shared Folders” -> click on “Shares”  right click on “share” -> Click >Properties -> click on tab “Security”. In this tab I have the message “You must have Read permission to view the properties of this object” even if I have granted SeDiskOperatorPrivilege to “com_spoleto\domain admins” Group. But If I execute “Computer Management” as “com_spoleto\adminserver” user (I explained below the >reason I used this user) I can view/modify the ACLs.
>4. Even if I change the permission, using adminserver, adding domainadmins full control this folder subfolder and files and adding domain users read and execute this folder subfolder and files, neither a simple user nor a domain admin users can list the shares in \\servermember
>Please help me thanks!
>I’ve more and more and more confused. ☹

I tried again, this morning, only point 4 and now I can do things that last night did not make me do without change any configuration. That night brings advice? 😊 😊 😊 Seriously… now both the “domain users” and “domain admins” can list share on \\linuxservermember the “domain admins” full control and the “domain users” read only.
Do the ACLs configurations take time to be transposed by samba when done from a vindows client via “computer management” snap-in??

More information about the samba mailing list