[Samba] Cannot set permissions from Windows: "Failed to Enumerate Objects in the Container. Access is denied."
cpierre at coreweave.com
cpierre at coreweave.com
Wed Sep 15 18:35:41 UTC 2021
Hi,
I have a domain joined Samba fileserver, I'm attempting to grant permissions
based on AD Objects. I'm able to access the share after chown on the mount
path, however permissions cannot be adjusted from the Windows client.
Nothing stands in the logs stand out at default logging level.
smbstatus --version
Version 4.11.6-Ubuntu
Here is my /etc/samba/user.map:
!root = ${DOMAINNAME}\Administrator ${DOMAINNAME}\administrator
Administrator administrator
/etc/samba/smb.conf:
[global]
workgroup = ${DOMAINNAME}
security = ADS
realm = ${DNSDOMAIN}
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
server string = Data %h
winbind use default domain = yes
winbind expand groups = 4
winbind nss info = rfc2307
winbind refresh tickets = Yes
winbind offline logon = yes
winbind normalize names = Yes
## map ids outside of domain to tdb files.
idmap config *:backend = tdb
idmap config *:range = 2000-9999
## map ids from the domain the ranges may not overlap !
idmap config ${DOMAINNAME} : backend = rid
idmap config ${DOMAINNAME} : range = 10000-999999
template shell = /bin/bash
template homedir = /home/${DOMAINNAME}/%U
domain master = no
local master = no
preferred master = no
os level = 20
#map to guest = bad user
host msdfs = no
# user Administrator workaround, without it you are unable to set
privileges
username map = /etc/samba/user.map
# For ACL support on domain member
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
acl_xattr:ignore system acls = yes
# Share Setting Globally
#unix extensions = no
#reset on zero vc = yes
#veto files = /.bash_logout/.bash_profile/.bash_history/.bashrc/
#hide unreadable = yes
# disable printing completely
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
# Security
#client ipc max protocol = SMB3
#client ipc min protocol = SMB2_10
#client max protocol = SMB3
#client min protocol = SMB2_10
#server max protocol = SMB3
#server min protocol = SMB2_10
# Time Machine
#fruit:delete_empty_adfiles = yes
#fruit:time machine = yes
#fruit:veto_appledouble = no
#fruit:wipe_intentionally_left_blank_rfork = yes
[${VOLUME}]
path = /share/samba/${VOLUME}
read only = no
#guest ok = no
#veto files =
/.apdisk/.DS_Store/.TemporaryItems/.Trashes/desktop.ini/ehthumbs.db/Network
Trash Folder/Temporary Items/Thumbs.db/
#delete veto files = yes
More information about the samba
mailing list