[Samba] editing samba-share ACLs etc from Windows
Stefan G. Weichinger
lists at xunil.at
Thu Oct 20 08:28:02 UTC 2022
Am 19.10.22 um 19:07 schrieb Rowland Penny via samba:
>
>
> On 19/10/2022 17:25, Stefan G. Weichinger via samba wrote:
>> I thought 4.16.5, wanted to write 4.16.x to avoid the minor release
>> and failed completely.
>
> Don't worry, I do similar things all the time, I know what I want to
> type, but it doesn't always get through to my fingers, I think it is
> called old age ;-)
Ah, that could be, yes ;-)
> In which case it should work, so lets start with the smb.conf and the
> permissions set on the shares path.
This is a smb.conf the list has seen several times already ;-)
Debian 11.5, btw
I quote the conf, and only the main share for a first view. And I edit
the realm etc
This is a grown config over years, so there are many commented lines in
there already.
->
# cat /etc/samba/smb.conf
# This file is managed remotely, all changes will be lost
[global]
workgroup = BUERO
realm = MYDOM.AT
netbios name = SERVER
security = ADS
map to guest = Bad User
username map = /etc/samba/smbusers
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind refresh tickets = yes
#winbind enum users = Yes
#winbind enum groups = Yes
winbind use default domain = yes
winbind offline logon = yes
# Use settings from AD for login shell and home directory
winbind nss info = template
template shell = /bin/bash
template homedir = /mnt/samba/Daten/%U
# obsolete with 4.8.x
#map untrusted to domain = Yes
#winbind trusted domains only = no
# Default idmap config used for BUILTIN and local accounts/groups
idmap config *:backend = tdb
idmap config *:range = 2000-9999
# idmap config for domain BUERO
idmap config BUERO:backend = rid
idmap config BUERO:range = 10000-99999
load printers = no
printing = bsd
printcap name = /dev/null
# turn off roaming profiles
logon path = ""
logon home = ""
hosts allow = localhost 192.168.16. 172.32.99.
log level = 1
log file = /var/log/samba/%m.log
max log size = 150000
# server min protocol = SMB2
# server max protocol = SMB2
#strict sync = yes
# ACLs
store dos attributes = Yes
map acl inherit = Yes
#vfs objects = acl_xattr full_audit
vfs objects = acl_xattr
# Audit settings
full_audit:prefix = %u|%I|%m|%S
full_audit:failure = connect
full_audit:success = mkdir rmdir read pread write pwrite rename unlink
full_audit:facility = local5
full_audit:priority = notice
# 2021-dec-30 allow domain admin in
min domain uid = 0
[homes]
comment = Home Directory
guest ok = no
read only = no
valid users = %S
invalid users = root, bin, daemon, adm, sync, shutdown, halt,
mailnewsuucp, operator
browseable = No
[daten]
comment = Daten
path = /mnt/samba/
read only = No
create mask = 0775
directory mask = 02775
force directory mode = 0775
#wide links = yes
#veto oplock files = /*.DAT/*.dat/
#oplocks = False
#level2 oplocks = False
More information about the samba
mailing list