[Samba] Setting permissions on AD member file server
Greg Sloop <gregs@sloop.net>
gregs at sloop.net
Thu Mar 10 18:43:53 UTC 2022
So, this is kind of odd.
Samba member server;
Ubuntu 20.04, with Louis' Samba packages. (4.15.5)
Went through setup as described in the wiki for member servers - all seems
fine.
SeDiskOperatorPrivilege is granted to Domain Admins too.
Initially I chowned the dirs/files as root:domain admins
and chmod 0770
getfacl shows:
# file: .
# owner: root
# group: AD\\domain\040admins
user::rwx
group::rwx
other::---
However,
When I try to set permissions from a Windows 10 machine, using windows file
explorer, I get this message:
"Failed to enumerate objects in the container. Access is denied."
I'm logged into the domain on the station where I'm trying to mod
permissions as a user that's a member of "Domain Admins"
---
smb.conf from the member/file server
---
[global]
realm = AD.SAMDOM.LOCAL
security = ADS
server role = member server
server string = FileServer
username map = /etc/samba/user.map
workgroup = AD
idmap config ad : range = 10000-999999
idmap config ad : backend = rid
idmap config * : range = 3000-7999
idmap config * : backend = tdb
map acl inherit = Yes
vfs objects = acl_xattr
[root-share]
comment = root-share
path = /abc-zfs-01/ad-shared-folders/
read only = No
---
Any good pointers?
More information about the samba
mailing list