[Samba] Incorrect group name is displayed in folder permission list in Windows

Rowland penny rpenny at samba.org
Wed Feb 12 11:42:00 UTC 2020


On 12/02/2020 11:16, Mason Schmitt wrote:
>
>     Hi, can we start by seeing your smb.conf from the file server ?
>
>
> ######################################################
> #                     Global Config                  #
> ######################################################
>
> [global]
> kerberos method = system keytab
> workgroup = NAME
> security = ads
> realm = NAME.EXAMPLE.COM <http://NAME.EXAMPLE.COM>
>
> # Logging
> log file = /var/log/samba/%m.log
> log level = 3
>
> # We're using the RID method of mapping SIDs to UID/GID
> idmap config NAME : range = 2000000-2999999
> idmap config NAME : backend = rid
> idmap config * : range = 10000-999999
> idmap config * : backend = tdb
>
> # Winbind
> winbind use default domain = no
> winbind refresh tickets = yes
> winbind offline logon = yes
> winbind enum groups = no
> winbind enum users = no
>
> # Map domain admin account to local root account
> # and resolve other "net rpc" issues
> username map = /etc/samba/user.map
> bind interfaces only = yes
> interfaces = lo eth0
>
> # Enable Windows ACL support and make ACLs maximally compatible with 
> NTFS ACLs.
> # Beyond setting the POSIX ownership and permissions for the share 
> directory, all ACLs
> # should be managed in Windows.  See the comment in the Shares section 
> below for details
> # about our standard share configuration (both on the Linux/POSIX side 
> and on the Windows side
> vfs objects = acl_xattr recycle
> acl_xattr:default acl style = windows
> #acl_xattr:ignore system acls = yes     # PURE EVIL!  If you value 
> your sanity, don't use this option
> map acl inherit = yes
> store dos attributes = yes
>
> # Samba version 4.9.x enabled extended attribute support, by default.
> # This should be a good thing as it enables clients to make more 
> intelligent decisions.
> # Unfortunately, customer reported that their old Windows 7 CE data 
> collection device,
> # doesn't like the new settings, so we have to revert this feature.
> ea support = no
>
>
> ######################################################
> #             Global Security Settings               #
> ######################################################
>
> # Disable SMB1, it's too old and too insecure to be used anymore
> server min protocol = SMB2
>
> # Samba AD users will not have access to a shell on linux hosts
> template shell = /bin/false
>
> # Netbios is dead, let's make it explicit
> disable netbios = yes
>
> # Win10 clients, that have negotiated an encrypted connection,
> # are not able to successfully re-connect to shares,
> # after being idle for an extended period of time.
> # Disabling encryption resolves this issue.
> smb encrypt = off
>
> # Hide shares from users that don't have permission to see them
> access based share enum = yes
>
>
> ######################################################
> #       Automatic creation of home directories       #
> ######################################################
>
> # !!! Important SELINUX configuration !!!
> # For automatic creation of home directories to work,
> # you must set two selinux booleans with the following commands:
> # setsebool -P samba_create_home_dirs 1
> # setsebool -P samba_enable_home_dirs 1
> #
> # Check that the selinux booleans were correctly set
> # getsebool -a | grep samba | grep home
> #
> # For samba to serve the home dirs, they must be labeled with the
> # selinux type 'samba_share_t'
> # During the installation of this server a policy was created for the
> # /srv/samba/ directory, which ensures all sub-folders/files are labeled
> # with samba_share_t.  Therefore, as long as the home folders are located
> # under /srv/samba/ this labelling will be taken care of.
> # --- End of SELINUX configuration ---
>
> # Home directories will be created at this path with %U being replaced by
> # the username
> template homedir = /srv/samba/Shares/Home/%U
>
> # This share declaration works in conjunction with a GPO
> # When a user logs in for the first time, a new home folder will
> # be created for them on the file server and a mapped drive (H:) will
> # be created in the Windows profile on their computer.  See the samba 
> wiki for
> # details of how to create the GPO
> # 
> https://wiki.samba.org/index.php/User_Home_Folders#Using_a_Group_Policy_Preference
> [Home]
>         path = /srv/samba/Shares/Home
>         comment = Share for user home dirs
>         guest ok = no
>         read only = no
>         # Recyle bin
>         recycle:repository = %U/Recycle_Bin
>         recycle:versions = Yes
>         recycle:keeptree = Yes
>         recycle:touch = Yes
>         recycle:exclude = *.tmp,~$*
>         recycle:exclude_dir = %U/Recycle_Bin
>
> ######################################################
> #                  Standard Shares                   #
> ######################################################
>
> [Shares]
>        path = /srv/samba/Shares
>        comment = Parent share sets top level Windows file permission 
> inheritance
>        guest ok = no
>        read only = no
>
> [Backup]
>        path = /srv/samba/Shares/Backup
>        comment = Create separate folders, with locked down 
> permissions, for each application
>        guest ok = no
>        read only = no
>
> [FTL]
>        path = /srv/samba/Shares/FTL
>        comment = FTL tools and documents to help with on-site service
>        guest ok = no
>        read only = no
>
> [Software]
>        path = /srv/samba/Shares/Software
>        comment = Software for installation via GPO
>        guest ok = no
>        read only = no
>
> [Top]
>        path = /srv/samba/Shares/Top
>        comment = Top level file share
>        guest ok = no
>        read only = no
>         # Recyle bin
>         recycle:repository = Recycle_Bin/%U
>         recycle:versions = Yes
>         recycle:keeptree = Yes
>         recycle:touch = Yes
>         recycle:exclude = *.tmp,~$*
>         recycle:exclude_dir = Recycle_Bin

What is in the username map ?

Rowland




More information about the samba mailing list