[Samba] Samba shares with Windows ACL's
peter.pollock at kingschristian.org
Wed Nov 4 20:01:40 UTC 2020
> OK, you are using the winbind 'rid' backend, so it is okay to use
> 'Domain Admins', so start again and follow that wikipage:
> Ensure you have the 'acl' & 'attr' packages installed (this is what they
> are called on Debian based distros)
They are installed. I built the server using the walk through you gave me.
> Ensure that 'Domain Admins' has the 'SeDiskOperatorPrivilege' privilege,
> this must be granted on the Unix domain member, or to put it another
> way, the command must be run on the Unix domain member that holds the
itadmin at john:~$ net rpc rights list privileges SeDiskOperatorPrivilege -U
Enter INTERNAL\administrator's password:
> Ensure the share directory belongs to 'root:Domain Admins' with 0770
itadmin at john:~$ ls -l /hdd
drwxrwx---+ 192 root domain admins 12288 Sep 4 12:02 roaming
> Now go to a Windows PC, log in as Administrator or as a member of the
> 'Domain Admins' group.
Logged in as peterpollock
itadmin at john:~$ getent group "domain admins"
> Follow 'Setting Share Permissions and ACLs'
Followed the instructions again. Got through to the second to last line,
clicked OK to close the permissions window and a "Windows Security Setting
security information on:" window popped up and immediately an error window
popped up telling me that it could not enumerate objects in the container
and access was denied.
> Do not run chmod against the share directory once the shares are set
> from Windows.
> If it still doesn't work, suspect something like Apparmor or Selinux.
I have uninstalled Apparmor because it has only ever caused me issues.
Selinux is installed but not activated.
I'm at a loss.
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba