[Samba] Compmgmt.msc connection errors for managing Windows ACL's
Kris Lou
klou at themusiclink.net
Thu Mar 3 22:39:48 UTC 2022
This is a bit of a kludge, and I know I'm mixing and matching packages ...
but here we go.
I have Openmediavault systems, but with Louis 4.11 packages (so Buster-x86
+ Louis 4.11). I'm finally trying to get Folder Redirection right, so am
configuring User Homes via
https://wiki.samba.org/index.php/Windows_User_Home_Folders.
However, I'm having errors setting the actual Windows ACL, within
Compmgmt.msc:
- Connecting to my OMV server is fine, but opening "System Tools"
complains of remote server Firewall and DCOM+ service errors. Windows logs
show "DCOM was unable to communicate with the computer <HOST>using any of
the configured protocols; requested by PID a90
(C:\WINDOWS\system32\mmc.exe), while activating CLSID
{03837521-098B-11D8-9414-505054503030}."
Then, it connects and will show the Shares, etc.
- At this point, I can edit and save Share Permissions, but attempting
to change ACL's gives me "Failed to enumerate objects in specified
Container. Access Denied." errors.
- Additionally, in the Advanced portion of Permission Entry while
attempting to add Domain Users, the bottom "add condition to limit access"
shows "unable to contact Active Directory to access or verify claim types"
I've checked the following:
- added SeDiskOperatorPrivilege to my account, Domain Admins, etc.
- /etc/resolv.conf is pointing to my DCs
- wbinfo -i (and other winbind) seems to work
In all other respects, this behaves like a Domain Member Server (RID). Any
ideas why this is happening, or should I just use POSIX ACL's?
smb.conf (some of these settings are mine, some are automatically put in by
OMV)
# Global parameters
[global]
disable spoolss = Yes
dns proxy = No
load printers = No
log file = /var/log/samba/log.%m
logging = file
map to guest = Bad User
max log size = 1000
multicast dns register = No
pam password change = Yes
panic action = /usr/share/samba/panic-action %d
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
passwd program = /usr/bin/passwd %u
printcap name = /dev/null
realm = SAMDOM.COM
security = ADS
server min protocol = SMB2
server string = %h server
socket options = TCP_NODELAY IPTOS_LOWDELAY
template homedir = /home/%U
template shell = /bin/bash
username map = /usr/local/share/samba/etc/user.map
winbind enum groups = Yes
winbind enum users = Yes
winbind use default domain = Yes
workgroup = SAMDOM
fruit:resource = file
fruit:metadata = stream
fruit:locking = none
fruit:encoding = native
idmap config SAMDOM : range = 10000-50000
idmap config SAMDOM : backend = rid
idmap config * : range = 3000-6999
fruit:aapl = yes
idmap config * : backend = tdb
aio read size = 16384
aio write size = 16384
create mask = 0777
directory mask = 0777
map acl inherit = Yes
printing = bsd
use sendfile = Yes
vfs objects = acl_xattr fruit streams_xattr
[users]
comment = User Homes
create mask = 0664
directory mask = 0775
force create mode = 0664
force directory mode = 0775
hide dot files = No
hide special files = Yes
inherit acls = Yes
inherit permissions = Yes
path = /srv/dev-disk-by-label-Storage/users/
read only = No
vfs objects =
Thanks,
Kris Lou
klou at themusiclink.net
More information about the samba
mailing list