[Samba] make other domain controller shares available to windows clients.

Rowland penny rpenny at samba.org
Sat Jul 11 17:41:09 UTC 2020


On 11/07/2020 18:18, Mike via samba wrote:
> CentOS 8 Samba Version 4.12.5 compiled from source configured as DC
> and joined to domain SAMDOM.EXAMPLE.COM.
>
> smb.conf --
> # Global parameters
> [global]
>          netbios name = B10
>          realm = SAMDOM.EXAMPLE.COM
>          server role = active directory domain controller
>          workgroup = SAMDOM
>          interfaces = lo,enp15s0
>          bind interfaces only = Yes
>          dns forwarder = 8.8.8.8
>          idmap_ldb:use rfc2307 =
> yes
>          dns proxy = yes
>
> [sysvol]
>          path = /usr/local/samba/var/locks/sysvol
>          read only = No
>
> [netlogon]
>          path = /usr/local/samba/var/locks/sysvol/samdom.example.com/scripts
>          read only = No
>
> ############# Share Definitions ############################
>
> [hello]
>          path = /mnt/hello
>          read only = no
> *********************************************************
>
> Windows clients can browse and access file share on AD DC host "A10"
> but when they cannot access host "B10" file share "hello" by entering
> \\b10\hello in windows explorer.
>
> I did the following on B10 in an attempt to set acl's the same way I
> do on the primary AD DC host A10 --
> setfacl -R -m g:users:rwx /mnt/hello
>
> getfacl /mnt/hello reports --
> getfacl: Removing leading '/' from absolute path names
> # file: mnt/hello
> # owner: root
> # group: root
> user::rwx
> group::r-x
> group:users:rwx
> mask::rwx
> other::r-x
>
> Still no go -- windows clients cannot access \\b10\hello
>
Hi, did you miss the bits about it not  be recommended to use a DC as a 
fileserver and that you must set the ACL's from Windows. Also, you are 
using the wrong group, it should be Domain Users.

Rowland





More information about the samba mailing list