[Samba] Error : You dont have permission to save at this location.
Rowland penny
rpenny at samba.org
Thu Jun 3 18:48:47 UTC 2021
On 03/06/2021 19:23, Krish Kay wrote:
>
> Rowland,
>
> Thanks for responding.
> We DO NOT run winbind daemon on RHEL7 at this time, since it is not
> running on RHEL6
>
> Below is the smb.conf that we are testing on ver 4.10.16-5 on RHEL7.4,
> the contents in < > are redacted.
>
> [global]
> workgroup = <WORKGROUP NAME>
> netbios name = <NETBIOS NAME>
> server string = Samba %v on (%L)
> security = ADS
> encrypt passwords = Yes
>
> passdb backend = tdbsam:<path to db>
>
> use sendfile = yes
> invalid users = @samba_restricted_users
> local master = no
> preferred master = no
> domain master = no
> realm = <DOMAIN>.COM
> template shell = /bin/bash
> msdfs root = yes
> log level = 3
> log file = <path to logfile>/samba.log.%m
> max log size = 4096
> name resolve order = wins host
> deadtime = 5
> keepalive = 900
> wins support = no
> wins server = <IP 1>, <IP 2>
> dns proxy = yes
> preserve case = yes
> short preserve case = yes
> allow trusted domains = yes
> client min protocol = SMB2
> winbind use default domain = yes
> winbind enum users = no
> winbind enum groups = no
> winbind nested groups = yes
> winbind separator = +
> winbind cache time = 6000
> idmap config * : range = 100-60000
> load printers = no
> printing = bsd
> printcap name = /dev/null
> disable spoolss = yes
> client ldap sasl wrapping = sign
> client NTLMv2 auth = yes
> username map = <path to>/map.txt
> allow insecure wide links = yes
> follow symlinks = yes
> wide links = no
>
> dont descend = .snapshot
> hide files = /.snapshot/._*/
> veto files = /*.one/*Notebook.onetoc2/.parentlock/
> browseable = No
> guest ok = No
> blocking locks = no
> kernel share modes = no
> client signing = disabled
> vfs objects = full_audit
>
> full_audit:prefix = %D|%u|%g|%m|%I|%R|%p|%S
> full_audit:success = connect chdir opendir mkdir rmdir open
> read write unlink
> full_audit:failure = connect chdir opendir mkdir rmdir open
> read write unlink
> full_audit:facility = local6
> full_audit:priority = NOTICE
>
>
OK, do you plan to use shares ? You haven't shown any.
If you are planning to use shares with Samba, then remove sssd, install
winbind and setup your smb.conf, see here:
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
If you just want authentication, then remove Samba and use sssd.
If you continue to use Samba >= 4.8.0 with 'security = ADS' , you must
run winbind, this will require the removal of sssd.
Rowland
More information about the samba
mailing list