[Samba] windows acls
Peter Carlson
peter at howudodat.com
Tue Dec 20 18:18:50 UTC 2022
I am getting a permissions denied for my user "Peter" and I am lost as
to why
root at filesvr:~# cat /etc/samba/smb.conf
[global]
server string = %h server (Samba, Ubuntu)
log file = /var/log/samba/log.%m
max log size = 1000
logging = file
panic action = /usr/share/samba/panic-action %d
server role = member server
template homedir = /home/%U@%D
template shell = /bin/bash
usershare allow guests = yes
kerberos method = secrets and keytab
security = ads
idmap config SDCP : range = 2000000-2999999
idmap config SDCP : backend = rid
idmap config * : range = 10000-999999
idmap config * : backend = tdb
winbind refresh tickets = yes
winbind offline logon = yes
vfs objects = acl_xattr
map acl inherit = yes
realm = XXCA****NT.LOCAL
workgroup = SDCP
winbind use default domain = no
winbind enum groups = no
winbind enum users = no
#======================= Share Definitions =======================
[Ca****nt-Accounting]
path = /data/Ca****nt-Accounting
comment = Ca****nt Accounting Files
writable = yes
root at filesvr:~# ls -l /data
total 3264
drwxrwxrwt+ 36 root root 4096 Sep 30 08:07 Ca****nt-Accounting
root at filesvr:~# getfacl /data/Ca****nt-Accounting/
getfacl: Removing leading '/' from absolute path names
# file: data/Ca****nt-Accounting/
# owner: root
# group: root
# flags: --t
user::rwx
user:root:rwx
user:SDCP\\accounting:rwx
group::rwx
group:root:rwx
group:SDCP\\accounting:rwx
mask::rwx
other::rwx
default:user::rwx
default:user:root:rwx
default:user:SDCP\\accounting:rwx
default:group::r-x
default:group:root:r-x
default:group:SDCP\\accounting:rwx
default:mask::rwx
default:other::r-x
root at filesvr:~# samba-tool ntacl get /data/Ca****nt-Accounting/ --as-sddl
O:S-1-22-1-0G:S-1-22-2-0D:PAI(A;;0x001f01ff;;;S-1-22-1-0)(A;;0x001f01ff;;;S-1-22-2-0)(A;;0x001f01ff;;;WD)(A;OICIIO;0x001f01ff;;;CO)(A;OICIIO;0x001200a9;;;CG)(A;OICIIO;0x001200a9;;;WD)(A;OICI;0x001301bf;;;S-1-5-21-352062930-1555017353-2732629723-1106)
root at filesvr:~# wbinfo
--sid-to-name=S-1-5-21-352062930-1555017353-2732629723-1106
SDCP\Accounting 2
root at nc1:~# samba-tool user show peter
dn: CN=Peter Carlson,CN=Users,DC=XXca****nt,DC=local
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Peter Carlson
sn: Carlson
givenName: Peter
instanceType: 4
whenCreated: 20221013005141.0Z
displayName: Peter Carlson
uSNCreated: 4128
name: Peter Carlson
objectGUID: a11d2251-df6a-4475-a05e-c1719cfbc349
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
objectSid: S-1-5-21-352062930-1555017353-2732629723-1110
accountExpires: 9223372036854775807
sAMAccountName: peter
sAMAccountType: 805306368
userPrincipalName: peter at XXca****nt.local
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=XXca****nt,DC=local
pwdLastSet: 133100959020375930
userAccountControl: 66048
memberOf: CN=Linux Admins,CN=Users,DC=XXca****nt,DC=local
memberOf: CN=RemoteDesktop,CN=Users,DC=XXca****nt,DC=local
memberOf: CN=Accounting,CN=Users,DC=XXca****nt,DC=local
memberOf: CN=DBUsers,CN=Users,DC=XXca****nt,DC=local
memberOf: CN=Domain Users,CN=Users,DC=XXca****nt,DC=local
memberOf: CN=NextCloud Users,CN=Users,DC=XXca****nt,DC=local
primaryGroupID: 512
lastLogonTimestamp: 133154429533286020
whenChanged: 20221213220913.0Z
uSNChanged: 56879
lastLogon: 133160311443852490
logonCount: 634
distinguishedName: CN=Peter Carlson,CN=Users,DC=XXca****nt,DC=local
More information about the samba
mailing list