[Samba] NT_STATUS_ACCESS_DENIED on a directory I have permission to access
Paul Griffith
paulg at eecs.yorku.ca
Mon May 6 14:33:27 UTC 2019
On 5/3/19 9:53 AM, Rowland Penny via samba wrote:
> On Fri, 3 May 2019 15:36:59 +0200
> "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
>
>> Hai Paul,
>>
>> Look at this: user=paulg,uid=2381
>> (from mount -t cifs //xxxx.xxxx.yorku.ca/homes /tmp/1 -o
>> user=paulg,uid=2381,gid=1000,domain=AD.ONE.EXAMPLE.CA)
>>
>> Now, look at this :
>>> idmap config * : backend = tdb
>>> idmap config * : range = 3000-7999
>>> # - You must set a DOMAIN backend configuration
>>> # idmap config for the ONEEXAMPLECA domain
>>> idmap config ONEEXAMPLECA : backend = rid
>>> idmap config ONEEXAMPLECA : range = 10000-999999
>> What do you notice here. ( the hint is 2381:1000 ) and i would expect
>> to see 10000:10000 or higher. Do you see what i mean? Your UID/GID is
>> a local users one, not AD-DC users.
>>
>> Your ranges are out of sync now, and that your denied is completly
>> correct.
>>
> Good catch Louis, those numbers are even outside the '*' domain, so
> must be a local Unix user and group and how many times do I have to
> say this:
>
> You cannot have local Unix users and groups in /etc/passwd & /etc/group
> and expect them to work on a Samba Unix domain.
>
> If the ID numbers are in AD, then the only reason would be if this is
> a classicupgraded domain (which I personally hate) and if so, the
> ranges in smb.conf will need altering to match.
>
> Rowland
>
>
Louis and Rowland,
Thank you both for your suggestions. Why only the mail directory, why
wouldn't I get a permission error on the other directories?
This is a classic upgraded domain. In this situation, what would be ideal..?
1 ) Configure the local builtin accounts?
idmap config * : range = 100-999
2) Configure the Domain accounts?
idmap config ONEEXAMPLECA : backend = rid
idmap config ONEEXAMPLECA : range = 1000-999999
Suggestions and links always welcomed :)
Paul
--
Paul Griffith | Computer Systems Coordinator
Electrical Engineering & Computer Science | Lassonde School of Engineering
York University | 4700 Keele St., Toronto ON M3J 1P3 Canada
T:416-736-2100 x70258 | F:416-736-5872
More information about the samba
mailing list