[Samba] Setting permissions on AD member file server
Rowland Penny
rpenny at samba.org
Thu Mar 10 18:54:39 UTC 2022
On Thu, 2022-03-10 at 10:43 -0800, Greg Sloop <gregs--- via samba
wrote:
> So, this is kind of odd.
>
> Samba member server;
> Ubuntu 20.04, with Louis' Samba packages. (4.15.5)
> Went through setup as described in the wiki for member servers - all
> seems
> fine.
> SeDiskOperatorPrivilege is granted to Domain Admins too.
>
> Initially I chowned the dirs/files as root:domain admins
> and chmod 0770
> getfacl shows:
> # file: .
> # owner: root
> # group: AD\\domain\040admins
> user::rwx
> group::rwx
> other::---
>
> However,
> When I try to set permissions from a Windows 10 machine, using
> windows file
> explorer, I get this message:
>
> "Failed to enumerate objects in the container. Access is denied."
>
> I'm logged into the domain on the station where I'm trying to mod
> permissions as a user that's a member of "Domain Admins"
>
> ---
> smb.conf from the member/file server
> ---
> [global]
> realm = AD.SAMDOM.LOCAL
> security = ADS
> server role = member server
> server string = FileServer
> username map = /etc/samba/user.map
> workgroup = AD
> idmap config ad : range = 10000-999999
> idmap config ad : backend = rid
> idmap config * : range = 3000-7999
> idmap config * : backend = tdb
> map acl inherit = Yes
> vfs objects = acl_xattr
>
>
> [root-share]
> comment = root-share
> path = /abc-zfs-01/ad-shared-folders/
> read only = No
>
> ---
> Any good pointers?
Try adding 'min domain uid = 0' to global and reload the config or
restart Samba
Rowland
More information about the samba
mailing list