[Samba] Permission issue

Praveen Ghimire PGhimire at sundata.com.au
Fri Feb 8 06:22:05 UTC 2019


We did a classicupgrade of our Ubuntu Server (4.3.11, TDB), the server DC5 also host shares. Post the migration we are seeing some permission issues.

When trying to give permission to a domain group/user to folder/file we get the following

chown "LIN\\myadmin:LIN\\adgroup" adtest/
chown: invalid user: 'LIN\\myadmin:LIN\\adgroup'

wbinfo --ping-dc : checking the NETLOGON for domain[LIN] dc connection to "dc5.LIN.group" succeeded

The getent group comes up with no results
getent group "LIN\\adgroup"
getent passwd "LIN\\mygroup"

Here is the smb.conf

        workgroup = LIN
        realm = LIN.GROUP
        netbios name = dc5
        server role = active directory domain controller
        idmap_ldb:use rfc2307 = yes
        log file = /var/log/samba/log.%m
        log level = 1

        winbind nss info = rfc2307

        idmap config * : backend = tdb
        idmap config * : range = 4000-7999
        idmap config LIN:backend = ad
        idmap config LIN:schema_mode = rfc2307
        idmap config LIN:range = 10000-999999

        vfs objects = acl_xattr
        map acl inherit = yes
        store dos attributes = yes

        # Template settings for login shell and home directory
        template shell = /bin/bash
        template homedir = /home/%U

here is nsswitch.conf
passwd:         files winbind
group:          files winbind
shadow:         compat

If the group in question exist in /etc/group it works, because it is local. But if the group is new or if the group has been removed from /etc/group and AD it doesn't.

We have added the SeDiskOperatorPrivilege to the user making the chown calls.

Any suggestions?

Praveen Ghimire

More information about the samba mailing list