[Samba] Error while trying to manage file share

Rowland penny rpenny at samba.org
Wed Nov 27 21:02:34 UTC 2019

On 27/11/2019 20:38, Marian Thieme wrote:
> On 11/27/19 9:29 PM, Rowland penny via samba wrote:
>> On 27/11/2019 20:18, Marian Thieme wrote:
>>> First of all I would like to thank you for your help !
>>> Secondly, I think I got you wrong: My local users are just system 
>>> users. So I don't have to worry about /etc/passwd. No collision to 
>>> expect And that's why I think I am safe with the range. Actually you 
>>> are right, I should allow for local users that might be created in 
>>> future maybe for administration and "reserve"  uids in range like 
>>> 1000-1050. At this point this will be no problem at all.
>>> Regarding the doc: I was referring to the Info Box just below 
>>> Section: "Granting the SeDiskOperatorPrivilege Privilege" on 
>>> website: 
>>> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
>>> And I followed the docs you mentioned for setting up the domain member.
>>> However the initial problem is solved, somehow, because I am able to 
>>> use MMC to initially assign User "everyone". If I understood 
>>> correctly, having assigned user everyone as security group to the 
>>> share, I am then able to maintain perms and ownerships just via 
>>> folder properties after connecting the network share with some admin 
>>> user account to some windows box.
>>> I am wondering if I have to take care about the errors I mentioned 
>>> while connecting to the samba file server using MMC. Or is it save 
>>> to ignore it ?
>>> Marian
>> It is fairly common to get errors using ADUC similar to yours, 
>> normally it is possible to click through them and then everything 
>> works, if this is your case, just ignore them.
>> Can I also introduce you to the wonderful world of 'samba-tool', this 
>> can do a lot of what ADUC does, but on the Unix command line, just 
>> open a terminal on the Samba AD DC and type 'samba-tool --help' for 
>> more info.
>> Rowland
> Of course, yes please ! Actually I would prefer doing it based on 
> linux console alone.
> Since the topic w.r.t. share configuration is somewhat new to me I 
> following the, lets say, documented way. Also I looked around in the 
> web and I found this post: 
> https://serverfault.com/questions/875298/change-windows-acls-of-smb-samba-shares-directly-in-linux 
> My impression in the end has been: seems to be even more difficult. An 
> how-to for the basic setup would be great. Or do we have any ?
> Marian
Yes, you could do it that way, actually running the command is easy, it 
is creating the sddl that is the hard part ;-)

Easiest way at the moment is to set the permissions from Windows.


More information about the samba mailing list