[Samba] Cannot set Windows ACL on Sharefolder with other user than Administrator
Oliver
development at kleinevogel.de
Tue Aug 9 15:15:37 UTC 2022
Can I do some test, if there is winbind implemented corretcly in my machine?
Am 04.08.2022 um 20:05 schrieb Rowland Penny via samba:
> If you do not have secrets.ldb and sam.ldb on a DC, then you have
> really big problems. Have you checked if they exist or not ?
Yes, they are not existing:
ls -ll /usr/local/samba/private/
insgesamt 1012
drwx------ 2 root root 4096 4. Aug 17:20 msg.sock
-rw------- 1 root root 32768 3. Aug 14:27 netlogon_creds_cli.tdb
-rw------- 1 root root 421888 4. Jul 17:11 passdb.tdb
-rw------- 1 root root 577536 30. Jul 10:02 secrets.tdb
> Do you have libpam-winbind and libnss-winbind installed ?
> Or if you complied Samba yourself, did you create the required links ?
Yes, I do following symlinks on both machines:
#Debian Aarch64
ln -s /usr/local/samba/lib/libnss_winbind.so.2
/lib/aarch64-linux-gnu/libnss_winbind.so.2
ln -s /lib/aarch64-linux-gnu/libnss_winbind.so.2
/lib/aarch64-linux-gnu/libnss_winbind.so
ldconfig
#Ubuntu x86_64
ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib/x86_64-linux-gnu/
ln -s /lib/x86_64-linux-gnu/libnss_winbind.so.2
/lib/x86_64-linux-gnu/libnss_winbind.so
ldconfig
My pre-installed packages before I compile samba are:
# Debian Install Dependencies for Samaba Build from Source
apt-get install acl attr autoconf bison build-essential \
debhelper dnsutils docbook-xml docbook-xsl flex gdb libjansson-dev \
libacl1-dev libaio-dev libarchive-dev libattr1-dev libblkid-dev
libbsd-dev \
libcap-dev libcups2-dev libgnutls28-dev libgpgme-dev libjson-perl \
libldap2-dev libncurses5-dev libpam0g-dev libparse-yapp-perl \
libpopt-dev libreadline-dev nettle-dev perl perl-modules pkg-config \
python3-all-dev python3-dbg python-dev python3-dnspython \
python3-dnspython python3-markdown python3-markdown \
python3-dev xsltproc zlib1g-dev liblmdb-dev lmdb-utils libdbus-1-dev
# Ubuntu
apt-get install acl attr autoconf bison build-essential \
debhelper dnsutils docbook-xml docbook-xsl flex gdb libjansson-dev \
libacl1-dev libaio-dev libarchive-dev libattr1-dev libblkid-dev
libbsd-dev \
libcap-dev libcups2-dev libgnutls28-dev libgpgme-dev libjson-perl \
libldap2-dev libncurses5-dev libpam0g-dev libparse-yapp-perl \
libpopt-dev libreadline-dev nettle-dev perl perl-modules pkg-config \
python3-all-dev python3-dbg python2-dev python3-dnspython \
python3-dnspython python3-markdown python3-markdown \
python3-dev xsltproc zlib1g-dev liblmdb-dev lmdb-utils libdbus-1-dev
python3-gpg
>> - wbinfo on secondarys DC only runs with given Domain e.g.
>> "DOMAIN\\USER"
> Hmm, that isn't correct.
>
>> - ldbsearch works only to remote host DC.
> 'ldbsearch' should work on both DC's
>
> I do hope that '.local' is a replacement for your correct TLD
Yes, I have .home as my TLD.
>
> I think you need to compare your first DC with your second DC, they
> should, apart from the hostname ipaddress etc, be identical.
Actually they are different. May there could be a same hostname inside
smb.conf before I joined the domain.
> I would also do some reading up on AD attributes (for instance, a group
> will never have a primaryGroupID attribute).
Thanks, I wil do so.
Regards,
Oliver
More information about the samba
mailing list