[Samba] Permission Issue
Benedikt Kaleß
benedikt.kaless at forumZFD.de
Thu Aug 29 08:58:41 UTC 2019
Hi,
I have an old Fileserver which is working correct:
This is the smb.conf:
[global]
security = ads
realm = EXAMPLE.COM
workgroup = example
winbind refresh tickets = Yes
winbind use default domain = yes
template shell = /bin/bash
idmap config * : range = 1000000 - 1999999
idmap config ZFD : backend = rid
idmap config ZFD : range = 0 - 200000
hide dotfiles = yes
server string = Standalone server %h (Samba %v)
store dos attributes = yes
vfs objects = acl_xattr
inherit permissions = Yes
Afterwards I set up the CTDB cluster and did an "rsync -alpAXvt" to copy
the data from the old Fileserver to the cluster
net conf list:
[global]
winbind refresh tickets = Yes
winbind use default domain = yes
template shell = /bin/bash
idmap config * : range = 1000000 - 1999999
idmap config ZFD : backend = rid
idmap config ZFD : range = 0 - 200000
hide dot files = yes
server string = forumZFD Daten server %h (Samba %v)
map acl inherit = yes
inherit permissions = yes
workgroup = EXAMPLE
netbios name = CLUSTER-HO
clustering = yes
security = ads
realm = EXAMPLE.COM
store dos attributes = Yes
log level = 3
The users have often "permission denied" problems even though the
windows file explorer the group membership is shown and a gpresult /r
shows that membership. Sometimes everything works correct.
Best
Bene
Am 29.08.19 um 10:49 schrieb Rowland penny via samba:
> On 29/08/2019 09:36, Benedikt Kaleß via samba wrote:
> > Hi,
> >
> > sorry to bother you:
> >
> > I have three AD in the domain.
> >
> > They all deliver different IDs:
> >
> > root at addc2:~# id testuser
> > uid=3000155(EXAMPLE\testuser) gid=100(users)
> > Gruppen=100(users),3000155(EXAMPLE\testuser),3000036(EXAMPLE\TEAM1),3000014(EXAMPLE\geschäftsstelle),3000001(BUILTIN\users)
> >
> > root at addc3:~$ id testuser
> > uid=3000133(EXAMPLE\testuser) gid=100(users)
> > Gruppen=100(users),3000133(EXAMPLE\testuser),3000093(EXAMPLE\TEAM1),3000041(EXAMPLE\geschäftsstelle),3000007(BUILTIN\users)
> >
> > root at addc3:~# id testuser
> > uid=3000080(EXAMPLE\testuser) gid=100(users)
> > Gruppen=100(users),3000080(EXAMPLE\testuser),3000051(EXAMPLE\TEAM1),3000023(EXAMPLE\geschäftsstelle),3000001(BUILTIN\users)
> >
> That is quite correct for DCs, unless you sync idmap.ldb between them.
>
> In your first post there is a smb.conf, where is this from ?
>
> Rowland
>
>
>
--
forumZFD
Entschieden für Frieden|Committed to Peace
Benedikt Kaleß
Leiter Team IT|Head team IT
Forum Ziviler Friedensdienst e.V.|Forum Civil Peace Service
Am Kölner Brett 8 | 50825 Köln | Germany
Tel 0221 91273233 | Fax 0221 91273299 |
http://www.forumZFD.de
Vorstand nach § 26 BGB, einzelvertretungsberechtigt|Executive Board:
Oliver Knabe (Vorsitz|Chair), Sonja Wiekenberg-Mlalandle, Alexander Mauz
VR 17651 Amtsgericht Köln
Spenden|Donations: IBAN DE37 3702 0500 0008 2401 01 BIC BFSWDE33XXX
More information about the samba
mailing list