[Samba] rights -- structures

Rowland penny rpenny at samba.org
Mon Dec 14 10:33:05 UTC 2020


On 14/12/2020 10:26, Maurizio Caloro wrote:
>> Sorry, but I do not understand any of the above, please re-write it.
>>
>> Rowland
> Ok now the Service smbd  nmbd and Winbind are still running fine, the Samba
> Fileserver machine are now fresh join to domain, yes
> I see this machine, like before.
>
> I have a understanding Mismatch
> If try to add to folder the Permission, like
>
> chown "Maurizio Caloro:smbadmin" "Maurizio Caloro"
> chown: invalid user: 'Maurizio Caloro:smbadmin'
>
> why this arnt see the user that exist in this domain......
>
> # cat smb.conf
> [global]
>     workgroup = CARAG
>     security = ADS
>     realm = CARAG.LOCAL
>
>     winbind refresh tickets = Yes
>     winbind use default domain = yes
>     vfs objects = acl_xattr
>     map acl inherit = Yes
>     store dos attributes = Yes
>
>
> If changing here the line Security from ADS to DOMAIN the Service, smbd nmdb
> and winbind will be failed to start.

It would, you do not use 'domain' with an AD domain.

Can you please try this smb.conf:

[global]
     workgroup = CARAG
     security = ADS
     realm = CARAG.LOCAL

     dedicated keytab file = /etc/krb5.keytab
     kerberos method = secrets and keytab
     server string = Samba Client %h

     winbind use default domain = yes
     winbind expand groups = 2
     winbind refresh tickets = Yes
     winbind offline logon = yes
     dns proxy = no

     idmap config * : backend = tdb
     idmap config * : range = 3000-7999
     idmap config CARAG : backend = rid
     idmap config CARAG : range = 10000-999999
     template shell = /bin/bash
     template homedir = /home/%U

     domain master = no
     local master = no
     preferred master = no
     host msdfs = no

     # user Administrator workaround, without it you are unable to set 
privileges
     username map = /etc/samba/user.map

     # For ACL support on domain member
     vfs objects = acl_xattr
     map acl inherit = Yes
     store dos attributes = Yes

     # Share Setting Globally
     unix extensions = no
     reset on zero vc = yes
     hide unreadable = yes

     # disable printing completely
     load printers = no
     printing = bsd
     printcap name = /dev/null
     disable spoolss = yes

     # logging
     log level = 0
     max log size = 1000

[USERHOME]
         path = /shares/Userhome/
         read only = no

Then create /etc/samba/user.map containing this:

!root = CARAG\Administrator

Restart winbind, smbd and nmbd

Rowland






More information about the samba mailing list