[Samba] Unable to set attributes in a samba share (error 0x00000005)

Roberto Greiner roberto.greiner at fundunesp.unesp.br
Wed Sep 11 11:33:59 UTC 2019 

On 09/09/2019 04:34, Rowland penny via samba wrote:
> On 06/09/2019 17:00, Roberto Greiner via samba wrote:
>> Hi,
>>
>> I've set a share using samba, connected it to my Active Directory, and
>> now I'm having problems when I copy files into this share.
>>
>> To setup the AD connection I've followed
>> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member,
>> and installed it into my Debian 9 install using APT, after
> That would get you Samba 4.5.16, this is EOL as far as Samba is
> concerned, can you upgrade to Buster ? This will get you Samba 4.9.5
> Then I started copying files from my old
>> share using robocopy. If I use (z: is the old share, w: is the new one):
>>
>> robocopy /s /copy:DT /r:2 /w:1 z: w:
>>
>> It works. but if I use
>>
>> robocopy /s /copy:DATS /r:2 /w:1 z: w:
>>
>> The copy fails with error:
>>
>> 2019/09/06 10:18:40 ERROR 5 (0x00000005) Creating Destination Directory
>> W:\<DESTINATION FOLDER>
>> Access is denied.
>>
>> Since the share is used by different people with different privileges to
>> the files, I need those additional attributes in /copy:DATS.
>>
>> Could somebody help me? My current setup is the following:
>>
>> Debian 9 VM, samba installed from APT
>>
> Try this smb.conf:
>
> [global]
>     workgroup = DOMAIN
>     security = ADS
>     realm = DOMAIN.FQDNFULLDOMAIN
>
>     winbind use default domain = yes
>     winbind expand groups = 2
>     winbind refresh tickets = Yes
>     winbind offline logon = yes
>
>     idmap config * : backend = tdb
>     idmap config * : range = 3000-7999
>     idmap config DOMAIN : backend = rid
>     idmap config DOMAIN : range = 10000-999999
>     template shell = /bin/bash
>     template homedir = /home/%U
>
>     domain master = no
>     local master = no
>     preferred master = no
>
>     # user Administrator workaround, without it you are unable to set
> privileges
>     username map = /etc/samba/user.map
>
>     # For ACL support on domain member
>     vfs objects = acl_xattr
>     map acl inherit = Yes
>     store dos attributes = Yes
>
>     log file = /var/log/samba/%m.log
>     log level = 1
>
> [Users]
>     read only = no
>     path = /share/Users


Asa I reported earlier, The problem was in the settings used in the
[share] sections. Replacing them with the default settings from the
wiki, made it work.

But later I hit in another problem: Only users with admin rights managed
to access the share. So I added the other differences you included above
(the winbind lines and xxxx master = no lines), and tested again. It
worked and now all users have proper access.

Tks Rowland, you saved my day ^_^

Roberto Greiner

--

More information about the samba mailing list