[Samba] Fwd: Administrator User Has no access to Remote File Server
L.P.H. van Belle
belle at bazuin.nl
Wed Dec 8 07:56:41 UTC 2021
> > Run :
> > getfacl /storage
> root at filesrv1:/# getfacl storage/
> # file: storage/
> # owner: root
> # group: root
> user::rwx
> group::r-x
> other::r-x
Good enough, we use the last r-x..
* if you didnt map root to administrator
> > getfacl /storage/netfiles
> root at filesrv1:/# getfacl storage/netfiles
> # file: storage/netfiles
> # owner: root
> # group: root
> user::rwx
> group::r-x
> group:DOMAIN\\it:rwx
> mask::rwx
> other::r-x
Good enough, we use the last r-x..
* if you didnt map root to administrator and/or didnt add Administrator in the IT group.
>
> > getfacl /storage/netfiles/mis
> root at filesrv1:/# getfacl storage/netfiles/mis
> # file: storage/netfiles/mis
> # owner: root
> # group: DOMAIN\\domadmins
> # flags: -s-
> user::rwx
> user:81:rwx
> user:DOMAIN\\ralph.strebbing:rwx
> user:DOMAIN\\dvr:r-x
> group::rwx
> group:DOMAIN\\domadmins:rwx
> group:DOMAIN\\it:rwx
> mask::rwx
> other::---
> default:user::rwx
> default:user:81:rwx
> default:user:DOMAIN\\ralph.strebbing:rwx
> default:group::rwx
> default:group:DOMAIN\\domadmins:rwx
> default:group:DOMAIN\\it:rwx
> default:mask::rwx
> default:other::---
>
> The domadmin entries above are a separate group which used to be an
> Admins group in the NT4 domain (gid 910)
>
> > Whats set for the share security?
> https://imgur.com/a/t4ex8i6
> > Normaly thats everyone full controll, did you change anything here?
> Under Share Permissions, nothing's been changed. Only thing we've ever
> changed has been through setfacl on the commandline.
Good enough also..
So, looks like /storage/netfiles/ is missing rights.
Add in the Permissions.
Domain Users, read & execute, Non inherited, Applies to "this folder only"
See if that helps, this gives all users, the right to enter that folder/share.
The rights on MIS are ok to me.
The other pittfall..The recent updates..
Did you add what Rowland also asked?
To add 'min domain uid = 0' to the smb.conf
And.. Make sure this is set.
# user Administrator workaround, without it you are unable to set privileges
username map = /etc/samba/samba_usermapping
Content : !root = ADDOM_CHANGE_IT\Administrator ADDOM_CHANGE_IT\administrator
Greetz,
Louis
More information about the samba
mailing list