[Samba] Windows ACLs
Sonic
sonicsmith at gmail.com
Thu Sep 22 18:38:58 UTC 2022
I'm trying to set up a new Samba install as a Domain Member to a
Windows AD to act as a fileserver and am having little success
following the Wiki in setting up a share using Windows ACLs.
First problem was even connecting to the system with the Administrator
account as it was mapped to the root user via the user.map per the
wiki. Setting "min domain uid = 0" solved that but this seems a bit
counterintuitive and maybe dangerous.
All seems fine until I connect to the share via Computer Management as
shown on https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
under the heading "Setting Share Permissions and ACLs". When I right
click share and select properties the properties box comes up but the
smbd log does indicate NT_STATUS_PRIVILEGE_NOT_HELD. The Share
Permissions tab looks fine but when I select the security tab the smbd
log indicates NT_STATUS_BUFFER_TOO_SMALL and attempts to add
permissions fail, the smbd log indicates NT_STATUS_ACCESS_DENIED.
smb.conf:
===================================
[global]
log level = 3
min domain uid = 0
map to guest = Bad User
printcap name = /dev/null
realm = PIZZA.EXAMPLE.COM
security = ADS
server role = member server
server string = Quinine Data
username map = /etc/samba/user.map
workgroup = PIZZA3
idmap config pizza3 : backend = rid
idmap config pizza3 : range = 50000-89999
idmap config quinine : range = 5000-5999
idmap config quinine : backend = tdb
idmap config * : range = 10000-19999
idmap config * : backend = tdb
map acl inherit = Yes
vfs objects = acl_xattr
[data1]
comment = Data1 on Quinine
path = /srv/terra/terra1
acl_xattr:ignore system acls = yes
===================================
SeDiskOperatorPrivilege:
PIZZA3\Domain Admins
PIZZA3\Administrator
BUILTIN\Administrators
===================================
drwxrwx--- 2 root PIZZA3\domain admins 6 Sep 19 23:42 terra1
===================================
Version 4.16.5-Debian
Debian GNU/Linux 11 \n \l
Please assist.
Thank you,
Chris
More information about the samba
mailing list