[Samba] Error : You dont have permission to save at this location.

[Rowland penny]

On 03/06/2021 19:23, Krish Kay wrote:
>
> Rowland,
>
> Thanks for responding.
> We DO NOT run winbind daemon on RHEL7 at this time, since it is not 
> running on RHEL6
>
> Below is the smb.conf that we are testing on ver 4.10.16-5 on RHEL7.4, 
> the contents in < > are redacted.
>
> [global]
>         workgroup = <WORKGROUP NAME>
>         netbios name = <NETBIOS NAME>
>         server string = Samba %v on (%L)
>         security = ADS
>         encrypt passwords = Yes
>
>         passdb backend = tdbsam:<path to db>
>
>         use sendfile = yes
>         invalid users = @samba_restricted_users
>         local master = no
>         preferred master = no
>         domain master = no
>         realm = <DOMAIN>.COM
>         template shell = /bin/bash
>         msdfs root = yes
>         log level = 3
>         log file = <path to logfile>/samba.log.%m
>         max log size = 4096
>         name resolve order = wins host
>         deadtime = 5
>         keepalive = 900
>         wins support = no
>         wins server = <IP 1>, <IP 2>
>         dns proxy = yes
>         preserve case = yes
>         short preserve case = yes
>         allow trusted domains = yes
>         client min protocol = SMB2
>         winbind use default domain = yes
>         winbind enum users = no
>         winbind enum groups = no
>         winbind nested groups = yes
>         winbind separator = +
>         winbind cache time = 6000
>         idmap config * : range = 100-60000
>         load printers = no
>         printing = bsd
>         printcap name = /dev/null
>         disable spoolss = yes
>         client ldap sasl wrapping = sign
>         client NTLMv2 auth = yes
>         username map = <path to>/map.txt
>         allow insecure wide links = yes
>         follow symlinks = yes
>         wide links = no
>
>         dont descend = .snapshot
>         hide files = /.snapshot/._*/
>         veto files = /*.one/*Notebook.onetoc2/.parentlock/
>         browseable = No
>         guest ok = No
>         blocking locks = no
>         kernel share modes = no
>         client signing = disabled
>         vfs objects = full_audit
>
>         full_audit:prefix = %D|%u|%g|%m|%I|%R|%p|%S
>         full_audit:success = connect chdir opendir mkdir rmdir open 
> read write unlink
>         full_audit:failure = connect chdir opendir mkdir rmdir open 
> read write unlink
>         full_audit:facility = local6
>         full_audit:priority = NOTICE
>
>

OK, do you plan to use shares ? You haven't shown any.

If you are planning to use shares with Samba, then remove sssd, install 
winbind and setup your smb.conf, see here:

https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member

If you just want authentication, then remove Samba and use sssd.

If you continue to use Samba >= 4.8.0 with 'security = ADS' , you must 
run winbind, this will require the removal of sssd.

Rowland