[Samba] Setting permissions on AD member file server

Greg Sloop <gregs@sloop.net> gregs at sloop.net
Thu Mar 10 18:43:53 UTC 2022

So, this is kind of odd.

Samba member server;
Ubuntu 20.04, with Louis' Samba packages. (4.15.5)
Went through setup as described in the wiki for member servers - all seems
SeDiskOperatorPrivilege is granted to Domain Admins too.

Initially I chowned the dirs/files as root:domain admins
and chmod 0770
getfacl shows:
# file: .
# owner: root
# group: AD\\domain\040admins

When I try to set permissions from a Windows 10 machine, using windows file
explorer, I get this message:

"Failed to enumerate objects in the container. Access is denied."

I'm logged into the domain on the station where I'm trying to mod
permissions as a user that's a member of "Domain Admins"

smb.conf from the member/file server
        realm = AD.SAMDOM.LOCAL
        security = ADS
        server role = member server
        server string = FileServer
        username map = /etc/samba/user.map
        workgroup = AD
        idmap config ad : range = 10000-999999
        idmap config ad : backend = rid
        idmap config * : range = 3000-7999
        idmap config * : backend = tdb
        map acl inherit = Yes
        vfs objects = acl_xattr

        comment = root-share
        path = /abc-zfs-01/ad-shared-folders/
        read only = No

Any good pointers?

More information about the samba mailing list