[Samba] Permission Issue
Rowland penny
rpenny at samba.org
Thu Aug 29 09:17:20 UTC 2019
On 29/08/2019 09:58, Benedikt Kaleß via samba wrote:
> Hi,
>
> I have an old Fileserver which is working correct:
>
> This is the smb.conf:
>
> [global]
> security = ads
> realm = EXAMPLE.COM
> workgroup = example
> winbind refresh tickets = Yes
> winbind use default domain = yes
> template shell = /bin/bash
> idmap config * : range = 1000000 - 1999999
> idmap config ZFD : backend = rid
> idmap config ZFD : range = 0 - 200000
> hide dotfiles = yes
> server string = Standalone server %h (Samba %v)
> store dos attributes = yes
> vfs objects = acl_xattr
> inherit permissions = Yes
>
> Afterwards I set up the CTDB cluster and did an "rsync -alpAXvt" to copy
> the data from the old Fileserver to the cluster
>
> net conf list:
>
> [global]
> winbind refresh tickets = Yes
> winbind use default domain = yes
> template shell = /bin/bash
> idmap config * : range = 1000000 - 1999999
> idmap config ZFD : backend = rid
> idmap config ZFD : range = 0 - 200000
> hide dot files = yes
> server string = forumZFD Daten server %h (Samba %v)
> map acl inherit = yes
> inherit permissions = yes
> workgroup = EXAMPLE
> netbios name = CLUSTER-HO
> clustering = yes
> security = ads
> realm = EXAMPLE.COM
> store dos attributes = Yes
> log level = 3
>
> The users have often "permission denied" problems even though the
> windows file explorer the group membership is shown and a gpresult /r
> shows that membership. Sometimes everything works correct.
>
>
I think I understand this, the first smb.conf is from the original
fileserver, the second is from the cluster, if this is the case, we can
ignore the first smb.conf.
Are the DCs involved in the ctdb cluster, apart from providing
authentication ?
Do you have a user called 'root' in AD ? if so, remove it.
Change this:
idmap config ZFD : range = 0 - 200000
to this:
idmap config ZFD : range = 500 - 200000
Add:
vfs objects = acl_xattr
Rowland
More information about the samba
mailing list