[Samba] Setting permissions on AD member file server
Greg Sloop <gregs@sloop.net>
gregs at sloop.net
Thu Mar 10 19:32:15 UTC 2022
No, that doesn't appear to resolve it.
(Not that it matters a ton, but what is that option - what does it even do?)
On Thu, Mar 10, 2022 at 10:55 AM Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Thu, 2022-03-10 at 10:43 -0800, Greg Sloop <gregs--- via samba
> wrote:
> > So, this is kind of odd.
> >
> > Samba member server;
> > Ubuntu 20.04, with Louis' Samba packages. (4.15.5)
> > Went through setup as described in the wiki for member servers - all
> > seems
> > fine.
> > SeDiskOperatorPrivilege is granted to Domain Admins too.
> >
> > Initially I chowned the dirs/files as root:domain admins
> > and chmod 0770
> > getfacl shows:
> > # file: .
> > # owner: root
> > # group: AD\\domain\040admins
> > user::rwx
> > group::rwx
> > other::---
> >
> > However,
> > When I try to set permissions from a Windows 10 machine, using
> > windows file
> > explorer, I get this message:
> >
> > "Failed to enumerate objects in the container. Access is denied."
> >
> > I'm logged into the domain on the station where I'm trying to mod
> > permissions as a user that's a member of "Domain Admins"
> >
> > ---
> > smb.conf from the member/file server
> > ---
> > [global]
> > realm = AD.SAMDOM.LOCAL
> > security = ADS
> > server role = member server
> > server string = FileServer
> > username map = /etc/samba/user.map
> > workgroup = AD
> > idmap config ad : range = 10000-999999
> > idmap config ad : backend = rid
> > idmap config * : range = 3000-7999
> > idmap config * : backend = tdb
> > map acl inherit = Yes
> > vfs objects = acl_xattr
> >
> >
> > [root-share]
> > comment = root-share
> > path = /abc-zfs-01/ad-shared-folders/
> > read only = No
> >
> > ---
> > Any good pointers?
>
> Try adding 'min domain uid = 0' to global and reload the config or
> restart Samba
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list