[Samba] Cannot set Windows ACL on Sharefolder with other user than Administrator
Rowland Penny
rpenny at samba.org
Wed Aug 10 06:38:32 UTC 2022
On Wed, 2022-08-10 at 08:20 +0200, Oliver via samba wrote:
> Am 09.08.2022 um 17:35 schrieb Rowland Penny via samba:
> > On Tue, 2022-08-09 at 17:15 +0200, Oliver via samba wrote:
> > > Can I do some test, if there is winbind implemented corretcly in
> > > my
> > > machine?
> > >
> > >
> > > Am 04.08.2022 um 20:05 schrieb Rowland Penny via samba:
> > > > If you do not have secrets.ldb and sam.ldb on a DC, then you
> > > > have
> > > > really big problems. Have you checked if they exist or not ?
> > > Yes, they are not existing:
> > >
> > > ls -ll /usr/local/samba/private/
> > > insgesamt 1012
> > > drwx------ 2 root root 4096 4. Aug 17:20 msg.sock
> > > -rw------- 1 root root 32768 3. Aug 14:27
> > > netlogon_creds_cli.tdb
> > > -rw------- 1 root root 421888 4. Jul 17:11 passdb.tdb
> > > -rw------- 1 root root 577536 30. Jul 10:02 secrets.tdb
> > You appear to have a major problem if a run a similar command on
> > one of
> > my DC's, I get this:
> >
> > pi at rpidc1:~ $ ls -ll /var/lib/samba/private/
> > total 20320
> > -rw-r----- 2 root bind 544 Mar 26 2021 dns.keytab
> > -rw------- 1 root root 2211 Jun 10 2021 dns_update_cache
> > -rw-r--r-- 1 root root 3663 Mar 26 2021 dns_update_list
> > -rw------- 1 root root 16 Mar 26 2021 encrypted_secrets.key
> > -rw------- 1 root root 1286144 Mar 26 2021 hklm.ldb
> > -rw------- 1 root root 4927488 Jul 23 12:07 idmap.ldb
> > -rw-r--r-- 1 root root 216 Mar 26 2021 krb5.conf
> > srwxrwxrwx 1 root root 0 Jul 30 14:34 ldapi
> > drwxr-x--- 2 root root 4096 Jul 30 14:34 ldap_priv
> > drwx------ 2 root root 4096 Aug 9 16:21 msg.sock
> > -rw------- 1 root root 4792 Jul 30 14:34 netlogon_creds_cli.tdb
> > -rw------- 1 root root 421888 Mar 26 2021 passdb.tdb
> > -rw------- 1 root root 1286144 May 7 2021 privilege.ldb
> > -rw------- 1 root root 4694016 Mar 26 2021 sam.ldb
> > drwx------ 2 root root 4096 Apr 24 2021 sam.ldb.d
> > -rw------- 1 root root 12288 Aug 5 10:16 schannel_store.tdb
> > -rw------- 1 root root 785 Mar 26 2021 secrets.keytab
> > -rw------- 1 root root 1286144 Mar 26 2021 secrets.ldb
> > -rw------- 1 root root 430080 Mar 26 2021 secrets.tdb
> > -rw------- 1 root root 1286144 Mar 26 2021 share.ldb
> > drwxr-xr-x 2 root root 4096 Mar 26 2021 smbd.tmp
> > -rw-r--r-- 1 root root 955 Mar 26 2021 spn_update_list
> > drwxr-xr-x 2 root root 4096 Apr 15 2021 tls
> >
> > Was this DC provisioned, or another DC you have joined to an
> > existing
> > domain ?
> >
> > Rowland
>
> I only have got DC1, DC2 and DC3, all of them are build by myself.
>
> I got the same files as you, but only on my DC1, which holds the
> FSMO
> Roles.
>
> DC2 + DC3 which have to work for filesharing are getting this files:
>
> ls -ll /usr/local/samba/private/
> insgesamt 1012
> drwx------ 2 root root 4096 4. Aug 17:20 msg.sock
> -rw------- 1 root root 32768 3. Aug 14:27 netlogon_creds_cli.tdb
> -rw------- 1 root root 421888 4. Jul 17:11 passdb.tdb
> -rw------- 1 root root 577536 30. Jul 10:02 secrets.tdb
>
>
> May I did understand something wrong?:
> - DC1 has an total other and shorter smb.conf than DC2 and DC3
> - Only the DC2 + DC3 has security = ADS with the hole options of
> idmap and usermap in smb.conf
Sorry to be the bearer of bad news, but if 'security = ADS' is set in
smb.conf on DC2 and DC3, then they are not DC's, they are Unix domain
members, how did you join them ?
> - DC1 has BIND 9.18 DLZ Backend for DNS integraded.
>
> Can I add my .conf files as an attachmend if needed?
No, you would have to post them inline, this list strips attachments.
Rowland
More information about the samba
mailing list