[Samba] make other domain controller shares available to windows clients.
Rowland penny
rpenny at samba.org
Sat Jul 11 17:41:09 UTC 2020
On 11/07/2020 18:18, Mike via samba wrote:
> CentOS 8 Samba Version 4.12.5 compiled from source configured as DC
> and joined to domain SAMDOM.EXAMPLE.COM.
>
> smb.conf --
> # Global parameters
> [global]
> netbios name = B10
> realm = SAMDOM.EXAMPLE.COM
> server role = active directory domain controller
> workgroup = SAMDOM
> interfaces = lo,enp15s0
> bind interfaces only = Yes
> dns forwarder = 8.8.8.8
> idmap_ldb:use rfc2307 =
> yes
> dns proxy = yes
>
> [sysvol]
> path = /usr/local/samba/var/locks/sysvol
> read only = No
>
> [netlogon]
> path = /usr/local/samba/var/locks/sysvol/samdom.example.com/scripts
> read only = No
>
> ############# Share Definitions ############################
>
> [hello]
> path = /mnt/hello
> read only = no
> *********************************************************
>
> Windows clients can browse and access file share on AD DC host "A10"
> but when they cannot access host "B10" file share "hello" by entering
> \\b10\hello in windows explorer.
>
> I did the following on B10 in an attempt to set acl's the same way I
> do on the primary AD DC host A10 --
> setfacl -R -m g:users:rwx /mnt/hello
>
> getfacl /mnt/hello reports --
> getfacl: Removing leading '/' from absolute path names
> # file: mnt/hello
> # owner: root
> # group: root
> user::rwx
> group::r-x
> group:users:rwx
> mask::rwx
> other::r-x
>
> Still no go -- windows clients cannot access \\b10\hello
>
Hi, did you miss the bits about it not be recommended to use a DC as a
fileserver and that you must set the ACL's from Windows. Also, you are
using the wrong group, it should be Domain Users.
Rowland
More information about the samba
mailing list