[Samba] Unable to set attributes in a samba share (error 0x00000005)
Roberto Greiner
roberto.greiner at fundunesp.unesp.br
Fri Sep 6 16:00:17 UTC 2019
Hi,
I've set a share using samba, connected it to my Active Directory, and
now I'm having problems when I copy files into this share.
To setup the AD connection I've followed
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member,
and installed it into my Debian 9 install using APT, after
https://wiki.samba.org/index.php/Distribution-specific_Package_Installation.
With the AD connection working, I've set my file share and connected to
it from a Windows 2008 server. Then I started copying files from my old
share using robocopy. If I use (z: is the old share, w: is the new one):
robocopy /s /copy:DT /r:2 /w:1 z: w:
It works. but if I use
robocopy /s /copy:DATS /r:2 /w:1 z: w:
The copy fails with error:
2019/09/06 10:18:40 ERROR 5 (0x00000005) Creating Destination Directory
W:\<DESTINATION FOLDER>
Access is denied.
Since the share is used by different people with different privileges to
the files, I need those additional attributes in /copy:DATS.
Could somebody help me? My current setup is the following:
Debian 9 VM, samba installed from APT
smb.conf (comments removed):
[global]
security = ADS
workgroup = DOMAIN
realm = DOMAIN.FQDNFULLDOMAIN
log file = /var/log/samba/%m.log
log level = 1
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config DOMAIN : backend = rid
idmap config DOMAIN : range = 10000-999999
template shell = /bin/bash
template homedir = /home/%U
winbind enum users = yes
winbind enum groups = yes
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
panic action = /usr/share/samba/panic-action %d
server role = standalone server
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
pam password change = yes
map to guest = bad user
usershare allow guests = yes
[Users]
browseable = yes
writable = yes
guest ok = no
path = /share/Users
directory mode = 770
create mode = 0770
force create mode = 0770
inherit acls = yes
inherit permissions = yes
inherit owner = yes
/etc/krb5.conf:
[libdefaults]
default_realm = DOMAIN.FQDNDOMAIN
dns_lookup_realm = false
dns_lookup_kdc = true
/etc/nsswitch.conf
passwd: compat winbind
group: compat winbind
shadow: compat
gshadow: files
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
wbinfo --ping-dc indicates a sucessfull connection.
'getent passwd' and 'getent group' list users and groups from windows
correctly. Following
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs,
I added the 'SeDiskOperatorPrivilege' privilege to my 'DOMAIN\domain
admins' group, and /share/Users folder in the server was given the owner
and attributes indicated in the same document.
Am I missing something? Is there anything else that would be needed for
understanding the problem?
Thank you,
Roberto Greiner
--
More information about the samba
mailing list