[Samba] Cannot set Windows ACL on Sharefolder with other user than Administrator
Oliver
development at kleinevogel.de
Thu Aug 4 16:54:09 UTC 2022
Dear all,
some research later, I did some queries on my PDC and secondary DC.
I figure out, that the LDAP queries works and the group membership for
LDAP is working.
I found an error, when run samba-tool on the secondary DC. There is a
missing secrets.ldb and sam.ldb .
You will find it at the end of this message.
Can you help me to fix this?
What did I wrong?
Regards,
Oliver
General questionsmarks, may somebody could answer:
- getent not works on Primary DC
- wbinfo on Primary DC run with or without given Domain e.g.
"DOMAIN\\USER" & "USER"
- wbinfo on secondarys DC only runs with given Domain e.g. "DOMAIN\\USER"
- ldbsearch works only to remote host Primary DC.
- samba-tool on primary DC runs only without given Domain e.G. "USER"
Thank's in advanced!
Oliver
Troubleshoot on Primary DC DC01:
1)# getent
# getent group "Domain Users"
# getent group "DOMAIN\\Domain Users"
# getent passwd "james.bond"
# getent passwd "DOMAIN\\james.bond"
- no output for getent
2)# wbinfo
# wbinfo --group-info "Domain Users"
DOMAIN\domain users:x:10000:
# wbinfo --group-info "DOMAIN\\Domain Users"
DOMAIN\domain users:x:10000:
3) ldbsearch
# ldbsearch -H ldap://DC01 -b
"CN=Administrator,CN=Users,DC=DOMAIN,DC=local" memberOf primaryGroupID
-U Administrator
Password for [DOMAIN\Administrator]:
# record 1
dn: CN=Administrator,CN=Users,DC=DOMAIN,DC=local
primaryGroupID: 513
memberOf: CN=Domain Admins,CN=Users,DC=DOMAIN,DC=local
memberOf: CN=Schema Admins,CN=Users,DC=DOMAIN,DC=local
memberOf: CN=Enterprise Admins,CN=Users,DC=DOMAIN,DC=local
memberOf: CN=Group Policy Creator Owners,CN=Users,DC=DOMAIN,DC=local
memberOf: CN=Administrators,CN=Builtin,DC=DOMAIN,DC=local
# returned 1 records
# 1 entries
# 0 referrals
# ldbsearch -H ldap://DC01 -b
"CN=james.bond,OU=Users,DC=DOMAIN,DC=local" memberOf primaryGroupID -U
Administrator
Password for [DOMAIN\Administrator]:
# record 1
dn: CN=james.bond,OU=Users,DC=DOMAIN,DC=local
primaryGroupID: 513
memberOf:
CN=sec-admin-home-fileshare-administrator,OU=Gruppen,DC=DOMAIN,DC=local
# returned 1 records
# 1 entries
# 0 referrals
# ldbsearch -H ldap://DC01 -b
"CN=sec-admin-home-fileshare-administrator,OU=Gruppen,DC=DOMAIN,DC=local"
member memberOf primaryGroupID -U Administrator
# record 1
dn: CN=sec-admin-home-fileshare-administrator,OU=Gruppen,DC=DOMAIN,DC=local
memberOf:
CN=sec-file-home-administrator,OU=Gruppen,OU=DOMAIN-OnPrem,DC=DOMAIN,DC=local
member:
CN=james.bond,OU=Weitere-Mitglieder,OU=Familie,OU=Mitglieder,OU=Zuhaus
e, DC=DOMAIN,DC=local
# returned 1 records
# 1 entries
# 0 referrals
# ldbsearch -H ldap://DC01 -b
"CN=sec-file-home-administrator,OU=Gruppen,DC=DOMAIN,DC=local" member
memberOf primaryGroupID -U Administrator
# record 1
dn: CN=sec-file-home-administrator,OU=Gruppen,DC=DOMAIN,DC=local
member:
CN=sec-admin-home-fileshare-administrator,OU=Gruppen,DC=DOMAIN,DC=local
# returned 1 records
# 1 entries
# 0 referrals
4) Cache Datas
ls -ll /usr/local/samba/var/cache/
insgesamt 16
-rw------- 1 root root 12288 4. Aug 15:46 netsamlogon_cache.tdb
drwxr-xr-x 2 root root 4096 25. Feb 16:27 printing
5) tdb - Backends
ls -ll /usr/local/samba/private/
insgesamt 1012
drwx------ 2 root root 4096 4. Aug 17:07 msg.sock
-rw------- 1 root root 32768 3. Aug 14:27 netlogon_creds_cli.tdb
-rw------- 1 root root 421888 4. Jul 17:11 passdb.tdb
-rw------- 1 root root 577536 30. Jul 10:02 secrets.tdb
6) samba-tool
# samba-tool group listmembers "Domain Users"
svc-linuxreader-ldap
krbtgt
dns-DC01
svc-linuxreader-krb
svc-nextcloud-ldap
james.bond
Administrator
# samba-tool group listmembers "DOMAIN\\Domain Users"
ERROR: Failed to list members of "DOMAIN\Domain Users" group - Unable to
find group "DOMAIN\Domain Users"
# samba-tool group listmembers "sec-file-home-administrator"
sec-admin-home-fileshare-administrator
# samba-tool group listmembers "sec-admin-home-fileshare-administrator"
sec-admin-home-fileshare-administrator
Troubleshoot on secondary DC DC02:
1)# getent
# getent group "Domain Users"
# getent group "DOMAIN\\Domain Users"
DOMAIN\domain users:x:10000:
# getent passwd "james.bond"
# getent passwd "DOMAIN\\james.bond"
DOMAIN\james.bond:*:49999:39999::/home/james.bond:/bin/bash
2)# wbinfo
# wbinfo --group-info "Domain Users"
DOMAIN\domain users:x:10000:
failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for group Domain Users
# wbinfo --group-info "DOMAIN\\Domain Users"
DOMAIN\domain users:x:10000:
3) ldbsearch
# ldbsearch -H ldap://DC01 -b
"CN=james.bond,OU=Users,DC=DOMAIN,DC=local" memberOf primaryGroupID -U
Administrator
Password for [DOMAIN\Administrator]:
# record 1
dn: CN=james.bond,OU=Users,DC=DOMAIN,DC=local
primaryGroupID: 513
memberOf:
CN=sec-admin-home-fileshare-administrator,OU=Gruppen,DC=DOMAIN,DC=local
# returned 1 records
# 1 entries
# 0 referrals
# ldbsearch -H ldap://DC01 -b
"CN=sec-admin-home-fileshare-administrator,OU=Gruppen,DC=DOMAIN,DC=local"
member memberOf primaryGroupID -U Administrator
# record 1
dn: CN=sec-admin-home-fileshare-administrator,OU=Gruppen,DC=DOMAIN,DC=local
memberOf: CN=sec-file-home-administrator,OU=Gruppen,,DC=DOMAIN,DC=local
member: CN=james.bond,OU=Users,DC=DOMAIN,DC=local
# returned 1 records
# 1 entries
# 0 referrals
# ldbsearch -H ldap://DC01 -b
"CN=sec-file-home-administrator,OU=Gruppen,DC=DOMAIN,DC=local" member
memberOf primaryGroupID -U Administrator
# record 1
dn: CN=sec-file-home-administrator,OU=Gruppen,DC=DOMAIN,DC=local
member:
CN=sec-admin-home-fileshare-administrator,OU=Gruppen,DC=DOMAIN,DC=local
# returned 1 records
# 1 entries
# 0 referrals
4) Cache Datas
ls -ll /usr/local/samba/var/cache/
insgesamt 20
-rw-r--r-- 1 root root 235 4. Aug 17:18 browse.dat
-rw------- 1 root root 12288 31. Jul 11:21 netsamlogon_cache.tdb
drwxr-xr-x 2 root root 4096 4. Jul 17:11 printing
5) tdb - Backends
ls -ll /usr/local/samba/private/
insgesamt 1012
drwx------ 2 root root 4096 4. Aug 17:20 msg.sock
-rw------- 1 root root 32768 3. Aug 14:27 netlogon_creds_cli.tdb
-rw------- 1 root root 421888 4. Jul 17:11 passdb.tdb
-rw------- 1 root root 577536 30. Jul 10:02 secrets.tdb
6) samba-tool
# samba-tool group listmembers "Domain Users"
ldb: ltdb: tdb(/usr/local/samba/private/secrets.ldb): tdb_open_ex: could
not open file /usr/local/samba/private/secrets.ldb: No such file or
directory
ldb: Unable to open tdb '/usr/local/samba/private/secrets.ldb': No such
file or directory
ldb: Failed to connect to '/usr/local/samba/private/secrets.ldb' with
backend 'tdb': Unable to open tdb
'/usr/local/samba/private/secrets.ldb': No such file or directory
ltdb: tdb(/usr/local/samba/private/sam.ldb): tdb_open_ex: could not open
file /usr/local/samba/private/sam.ldb: No such file or directory
Unable to open tdb '/usr/local/samba/private/sam.ldb': No such file or
directory
Failed to connect to 'tdb:///usr/local/samba/private/sam.ldb' with
backend 'tdb': Unable to open tdb '/usr/local/samba/private/sam.ldb': No
such file or directory
ERROR: Failed to list members of "Domain Users" group - (1, "Unable to
open tdb '/usr/local/samba/private/sam.ldb': No such file or directory")
File
"/usr/local/samba/lib/python3.9/site-packages/samba/netcmd/group.py",
line 527, in run
samdb = SamDB(url=H, session_info=system_session(),
File "/usr/local/samba/lib/python3.9/site-packages/samba/samdb.py",
line 70, in __init__
super(SamDB, self).__init__(url=url, lp=lp, modules_dir=modules_dir,
File
"/usr/local/samba/lib/python3.9/site-packages/samba/__init__.py", line
114, in __init__
self.connect(url, flags, options)
File "/usr/local/samba/lib/python3.9/site-packages/samba/samdb.py",
line 86, in connect
super(SamDB, self).connect(url=url, flags=flags,
More information about the samba
mailing list