[Samba] Failed to enumerate objects in the container. Access is denied
Rowland Penny
rpenny at samba.org
Mon Jan 15 21:24:09 UTC 2018
On Mon, 15 Jan 2018 18:49:18 -0200
Carlos via samba <samba at lists.samba.org> wrote:
> HI!
>
> I have one fileserve, has ok but now when change permission(oyher
> user not Administrator) with RSAT show me message:
>
> "Failed to enumerate objects in the container. Access is denied"
Fairly obvious, the user doesn't have the required permissions
>
>
> Samba Version (Compilated)
>
> 4.7.3
>
>
> Ubuntu 16.04
>
>
> # smb.conf
>
> [global]
> workgroup = XXXXX
> realm = INTERNO.XXXXX.XXX.BR
> security = ADS
> username map = /usr/local/samba/etc/user.map
>
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
> winbind cache time = 60
>
> winbind max clients = 600
> winbind enum users = Yes
> winbind enum groups = Yes
Nothing to do with your problem, but you do not need the two lines
above.
> winbind use default domain = Yes
> winbind nss info = rfc2307
The line above is only required when using the winbind 'ad' backend and
only then when using Samba < 4.6.0
> winbind refresh tickets = Yes
> winbind nss info = template
> template shell = /bin/bash
>
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
Why are the lines above duplicated ?
> idmap config XXXXX : backend = rid
> idmap config XXXXX : range = 10000-999999
>
> # Necessario para Fileserver
> vfs objects = acl_xattr
> map acl inherit = Yes
> store dos attributes = Yes
>
> #
> # Disable Cups
> load printers = no
> printing = bsd
> printcap name = /dev/null
> disable spoolss = yes
>
> # Lixeira + Auditoria
> vfs objects = recycle,full_audit
Congratulations, you have just turned off the acl_xattr vfs object.
> recycle:keeptree = yes
> recycle:versions = yes
> recycle:repository = /opt/DADOS/Lixeira/%U
> recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso,
> *.exe recycle:exclude_dir = tmp
> recycle:touch = yes
> recycle:touch_mtime = yes
> full_audit:failure = none
> full_audit:facility = local5
> full_audit:priority = notice
> full_audit:prefix = %u|%I|%S
> full_audit:success = rename rmdir unlink
>
> # include
> include = /opt/samba/etc/compartilhamento.conf
>
> # compartilhamento.conf
>
> [TEC]
> path= /opt/DADOS/TEC/
> read only = no
>
> # user.map
>
> !root = XXXXX\Administrator
>
>
> ---------------------------------------------------------
>
> Before today i change permission with any user in group "Admins
> Domain", but today only Administrator(= root) ir work, any user
> receive message the error.
>
>
> Any Idea ?
If it worked previously, but doesn't now, something must have changed,
have you updated the DC or the windows client ?
Rowland
More information about the samba
mailing list