[Samba] still no access to shared folder

Rowland penny rpenny at samba.org
Mon Mar 29 09:41:29 UTC 2021 

On 29/03/2021 10:09, Maurizio Caloro wrote:
>> Please unsnip your smb.conf.
>> Rowland
> cat smb.conf
> [global]
>       workgroup = CARAG
>       security = ADS
>       realm = CARAG.LOCAL
>
>       dedicated keytab file = /etc/krb5.keytab
>       kerberos method = secrets and keytab
>       server string = Samba Client %h
>
>       winbind use default domain = yes
>       winbind expand groups = 2
>       winbind refresh tickets = Yes
>       winbind offline logon = yes
>       dns proxy = no
>
>       idmap config * : backend = tdb
>       idmap config * : range = 3000-7999
>       idmap config CARAG : backend = rid
>       idmap config CARAG : range = 10000-999999
>       template shell = /bin/bash
>       template homedir = /home/%U
>
>       domain master = no
>       local master = no
>       preferred master = no
>       host msdfs = no
>
>       # user Administrator workaround, without it you are unable to set
> privileges
>       username map = /etc/samba/user.map
>
>       # For ACL support on domain member
>       vfs objects = acl_xattr
>       map acl inherit = yes
>       store dos attributes = yes
>
>       # Share Setting Globally
>       unix extensions = no
>       reset on zero vc = yes
>       hide unreadable = yes
>
>       # disable printing completely
>       load printers = no
>       printing = bsd
>       printcap name = /dev/null
>       disable spoolss = yes
>
>       # logging
>       log level = 0
>       max log size = 1000
>
> [USERHOME]
>          path = /shares/Userhome/
>          read only = no
>          force create mode = 0600
>          force directory mode = 0700
>
> [DATA]
>          path = /shares/data
>          writable = yes
>          read only = no
>          guest ok = yes


'guest ok' is pointless, you do not have 'map to guest = bad user' in 
'global'

>          create mask = 0666
>          force create mode = 0666
>          directory mask = 0777
>          force directory mode = 0777
>
> [GroupData01]
>          path = /shares/GroupData01
>          read only = no
>          valid users = @caragfileshare
>          write list = @caragfileshare
>          vfs objects = zfsacl
>          nfs4:mode = simple


Not being an expert on zfsacl (for that, read that I could never get it 
to work), but is this a share on freebsd, or is it ZOL ?

Do you have libnss-winbind installed ?

Do you have sssd installed ? If so, then remove it, you cannot use sssd 
with Samba >= 4.8.0 and shares.

The group 'caragfileshare' does not seem to have write permission on 
'GroupData01'

Rowland

More information about the samba mailing list