[Samba] Permission Issue

Benedikt Kaleß benedikt.kaless at forumZFD.de
Thu Aug 29 08:58:41 UTC 2019 

Hi,

I have an old Fileserver which is working correct:

This is the smb.conf:

[global]
	security = ads
	realm = EXAMPLE.COM
	workgroup = example
	winbind refresh tickets = Yes
	winbind use default domain = yes
	template shell = /bin/bash
	idmap config * : range = 1000000 - 1999999
	idmap config ZFD : backend = rid
	idmap config ZFD : range = 0 - 200000
	hide dotfiles = yes
	server string = Standalone server %h (Samba %v)
	store dos attributes = yes
	vfs objects = acl_xattr
	inherit permissions = Yes

Afterwards I set up the CTDB cluster and did an "rsync -alpAXvt" to copy
the data from the old Fileserver to the cluster

net conf list:

[global]
    winbind refresh tickets = Yes
    winbind use default domain = yes
    template shell = /bin/bash
    idmap config * : range = 1000000 - 1999999
    idmap config ZFD : backend = rid
    idmap config ZFD : range = 0 - 200000
    hide dot files = yes
    server string = forumZFD Daten server %h (Samba %v)
    map acl inherit = yes
    inherit permissions = yes
    workgroup = EXAMPLE
    netbios name = CLUSTER-HO
    clustering = yes
    security = ads
    realm = EXAMPLE.COM
    store dos attributes = Yes
    log level = 3

The users have often  "permission denied" problems even though the
windows file explorer the group membership is shown and a gpresult /r
shows that membership. Sometimes everything works correct.


Best

Bene




Am 29.08.19 um 10:49 schrieb Rowland penny via samba:
> On 29/08/2019 09:36, Benedikt Kaleß via samba wrote:
> > Hi,
> >
> > sorry to bother you:
> >
> > I have three AD in the domain.
> >
> > They all deliver different IDs:
> >
> > root at addc2:~# id testuser
> > uid=3000155(EXAMPLE\testuser) gid=100(users)
> > Gruppen=100(users),3000155(EXAMPLE\testuser),3000036(EXAMPLE\TEAM1),3000014(EXAMPLE\geschäftsstelle),3000001(BUILTIN\users)
> >
> > root at addc3:~$ id testuser
> > uid=3000133(EXAMPLE\testuser) gid=100(users)
> > Gruppen=100(users),3000133(EXAMPLE\testuser),3000093(EXAMPLE\TEAM1),3000041(EXAMPLE\geschäftsstelle),3000007(BUILTIN\users)
> >
> > root at addc3:~# id testuser
> > uid=3000080(EXAMPLE\testuser) gid=100(users)
> > Gruppen=100(users),3000080(EXAMPLE\testuser),3000051(EXAMPLE\TEAM1),3000023(EXAMPLE\geschäftsstelle),3000001(BUILTIN\users)
> >
> That is quite correct for DCs, unless you sync idmap.ldb between them.
>
> In your first post there is a smb.conf, where is this from ?
>
> Rowland
>
>
>
-- 
forumZFD
Entschieden für Frieden|Committed to Peace

Benedikt Kaleß
Leiter Team IT|Head team IT

Forum Ziviler Friedensdienst e.V.|Forum Civil Peace Service
Am Kölner Brett 8 | 50825 Köln | Germany  

Tel 0221 91273233 | Fax 0221 91273299 | 
http://www.forumZFD.de 

Vorstand nach § 26 BGB, einzelvertretungsberechtigt|Executive Board:
Oliver Knabe (Vorsitz|Chair), Sonja Wiekenberg-Mlalandle, Alexander Mauz  
VR 17651 Amtsgericht Köln

Spenden|Donations: IBAN DE37 3702 0500 0008 2401 01 BIC BFSWDE33XXX

More information about the samba mailing list