[Samba] Computer Management - Share Security - No Read Access

Marco Shmerykowsky marco at sce-engineers.com
Fri Feb 22 13:28:54 UTC 2019



---
Marco J. Shmerykowsky, P.E.
marco at sce-engineers.com

--------------------------------------------
     Shmerykowsky Consulting Engineers
        Structural Analysis & Design
      102 West 38th Street, 2nd Floor
         New York, New York 10018
   Tel. (212)719-9700 Fax. (212)719-4822
        http://www.sce-engineers.com
--------------------------------------------

On 2019-02-22 3:52 am, L.P.H. van Belle via samba wrote:
>> ******* FAILED TO ENUMERATE OBJECTS IN CONTAINER. ACCESS IS DENIED
>> 
>> Can't see where I could be deviating
> Ok i think here ( as workaround ) the following.
> 
> 
>> root at sce253:/# service smbd stop
>> root at sce253:/# rmdir /server/share-files
>> root at sce253:/# rmdir /server/users
>> root at sce253:/# cd ..
>> root at sce253:/# rmdir server
>> root at sce253:/# mkdir -p /server/share-files
>> root at sce253:/# mkdir -p /server/users
> 
> Install -d /server -o root -g "Domain Admins" -m 3771
> 
>> root at sce253:/# chown root:"Domain Admins" /server/share-files
>> root at sce253:/# chown root:"Domain Admins" /server/users
>> root at sce253:/# chmod 0770 /server/share-files
>> root at sce253:/# chmod 0770 /server/users
> 
> Now try again.
> 
> The message:
>> 
>> ******* FAILED TO ENUMERATE OBJECTS IN CONTAINER. ACCESS IS DENIED
> Purly due to /server not allowing "DOMAIN USER" write access.
> Because ... What is the windows "Primary group" yes. Domain Users.
> 
> So I thing also you might be affected with bug :
> https://bugzilla.samba.org/show_bug.cgi?id=13371
> https://bugzilla.samba.org/show_bug.cgi?id=11362
> 
> install -d /server -o root -g "Domain Admins" -m 3771
> Should help here as workaround.
> 
> 3 for the "domain admins" to enfoce this group and not domain users.
> 7 for root/Administrator
> 7 for the "domain admins"
> 1 to allow access through this folder for everybody.
> 
> Should work.

NOPE.

Blowing away this server and starting from scratch.

I must have done something stupid along the way which has
locked the behavior in.  It's definitely a permissions thing
that got set somehow at some point which won't let go.

Hope fully a clean install following all the instructions
that came up to this point will result in success.

My other server is working (somehow) and I'm scared to touch that
one at this point.  However, it does seem that there is something
floating in the samba/windows interaction that can be triggered
by incorrect configuration steps.



More information about the samba mailing list