[Samba] rights -- structures
Rowland penny
rpenny at samba.org
Mon Dec 14 10:33:05 UTC 2020
On 14/12/2020 10:26, Maurizio Caloro wrote:
>> Sorry, but I do not understand any of the above, please re-write it.
>>
>> Rowland
> Ok now the Service smbd nmbd and Winbind are still running fine, the Samba
> Fileserver machine are now fresh join to domain, yes
> I see this machine, like before.
>
> I have a understanding Mismatch
> If try to add to folder the Permission, like
>
> chown "Maurizio Caloro:smbadmin" "Maurizio Caloro"
> chown: invalid user: 'Maurizio Caloro:smbadmin'
>
> why this arnt see the user that exist in this domain......
>
> # cat smb.conf
> [global]
> workgroup = CARAG
> security = ADS
> realm = CARAG.LOCAL
>
> winbind refresh tickets = Yes
> winbind use default domain = yes
> vfs objects = acl_xattr
> map acl inherit = Yes
> store dos attributes = Yes
>
>
> If changing here the line Security from ADS to DOMAIN the Service, smbd nmdb
> and winbind will be failed to start.
It would, you do not use 'domain' with an AD domain.
Can you please try this smb.conf:
[global]
workgroup = CARAG
security = ADS
realm = CARAG.LOCAL
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
server string = Samba Client %h
winbind use default domain = yes
winbind expand groups = 2
winbind refresh tickets = Yes
winbind offline logon = yes
dns proxy = no
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config CARAG : backend = rid
idmap config CARAG : range = 10000-999999
template shell = /bin/bash
template homedir = /home/%U
domain master = no
local master = no
preferred master = no
host msdfs = no
# user Administrator workaround, without it you are unable to set
privileges
username map = /etc/samba/user.map
# For ACL support on domain member
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
# Share Setting Globally
unix extensions = no
reset on zero vc = yes
hide unreadable = yes
# disable printing completely
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
# logging
log level = 0
max log size = 1000
[USERHOME]
path = /shares/Userhome/
read only = no
Then create /etc/samba/user.map containing this:
!root = CARAG\Administrator
Restart winbind, smbd and nmbd
Rowland
More information about the samba
mailing list