[Samba] Share periodical not accessible

Rowland Penny rpenny at samba.org
Fri May 25 08:37:27 UTC 2018 

On Fri, 25 May 2018 10:04:49 +0200
André Harms via samba <samba at lists.samba.org> wrote:

> Thank you for your response! Here comes the smb.conf…
> 
> André
> 
> — smb.conf —
> 
> # Global parameters
> [global]
> 	workgroup = LOPRODUCTS
> 	realm = LOPRODUCTS.LOCAL
> 	server role = member server
> 	security = ads
> 	server string = %h server (Samba, Ubuntu)
> 	netbios name = fireball
> 	disable netbios = yes
> 	wins support = no
> 	domain master = no
> 	local master = no
> 	preferred master = no
> 	os level = 0
> 	dns forwarder = 172.24.0.24
> 	name resolve order = lmhosts host wins bcast
> 	# password server = lodc02.loproducts.local
> 	encrypt passwords = yes
> 	passdb backend = tdbsam
> 	winbind use default domain = yes
> 	winbind trusted domains only = no
> 	winbind enum users = yes
> 	winbind enum groups = yes
> 	winbind refresh tickets = yes
> 	winbind cache time = 10
> 	# username map = /etc/samba/usermap.txt
> 	idmap config * : backend = tdb
> 	idmap config * : range = 31000-35000
> 	idmap config LOPRODUCTS : backend = rid
> 	idmap config LOPRODUCTS : range = 35001-40000
> 	template shell = /bin/false
> 	template homedir = /home/%U
> 	inherit acls = yes
> 	map acl inherit = yes
> 	store dos attributes = yes
> 	vfs objects = acl_xattr
> 	unix extensions = no
> 	log level = 2
> 	#debug timestamp = yes

Can I suggest you read 'man smb.conf', whilst there is nothing really
wrong with the above, it does have a few default lines.

> 
> # [netlogon]
> # path=/var/lib/samba/sysvol/LOPRODUCTS.LOCAL/scripts
> # browseable = no
> # read only=No
> 
> [sysvol]
> path = /var/lib/samba/sysvol
> browseable = no
> read only = no

Really, you have a 'sysvol' share on a Unix domain member ?

> [Transfer]
> path = /opt/data/wob/transfer
> valid users = @LOPRODUCTS\domänen-admins @LOPRODUCTS\wob-admins
> @LOPRODUCTS\domänen-benutzer invalid users = @"LOPRODUCTS\authlite 1f
> tag" browseable = no
> read only = no
> writeable = yes
> create mode = 0660
> force create mode = 0660
> directory mode = 0770
> force directory mode = 0770
> force group = domänen-benutzer
> 

Did you know that 'read only = no' and 'writeable = yes' mean the same
thing ?

I think you will probably be better off using Windows ACLs, see here:

https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs

Rowland

More information about the samba mailing list