[Samba] clients not connecting to samba shares
Rowland Penny
rpenny at samba.org
Tue Apr 11 14:12:16 UTC 2023
On 11/04/2023 13:36, Gary Dale via samba wrote:
> On 2023-04-11 04:15, Rowland Penny via samba wrote:
>>
>>
>> What 'Debian distribution-specific' installation did you follow ?
> The one linked to in AD DC wiki.
Where abouts is this link ?
I checked here:
https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller
But couldn't see one.
If you can supply a link, I will check it it.
>>
> OK. Now it passes the DNS test (again):
>
>> # host -t SRV _ldap._tcp.home.rahim-dale.org
>> _ldap._tcp.home.rahim-dale.org has SRV record 0 100 389
>> dc1.home.rahim-dale.org.
> and
>> # host -t A dc1.home.rahim-dale.org
>> dc1.home.rahim-dale.org has address 192.168.1.13
>>
> But when I use my Windows 10 VM (logged in as HOME\Administrator) to run
> Active Directory Users and Computers I get a pop-up saying "Naming
> information cannot be located for the following reason: The server is
> not operational." It goes on to suggest something about a service pack &
> Windows 2000 in relation to the tools....
>
> I also have to manually change to the DC1 domain controller to access
> the domain accounts.
>
> However once I get past that, I seem to be able to manipulate the domain
> accounts.
>
> Unfortunately I still can't access the shares. I can connect and
> disconnect but I can't actually see the files. I get an error message
> when I connect that says "Windows cannot access
> \\TheLibrarian\Archives\ You do not have permission to access
> \\TheLibrarian\Archives\. Contact your network administrator to request
> access."
>
> The share permissions are:
>
>> drwxrwx---+ 39 root HOME\domain admins 4096 Nov 23 16:32 archives
I will say it again, you are using a Samba AD DC as a fileserver, this
means that you must set the permissions from a Windows machine and those
permissions are stored in an EA, what you see from 'ls' is irrelevant
I will say this again, you will be better off running a separate
fileserver (Unix domain member).
>>
> while the file permissions are (sample):
>
>> # ls -l /home/shares/archives/
>> total 480
>>
> ....
>
>> drwxrwx---+ 12 garydale HOME\domain admins 4096 Nov 2 2021 2021
>> drwxrwx---+ 15 garydale HOME\domain admins 4096 Nov 27 11:10 2022
>> drwxrwx---+ 10 garydale HOME\domain admins 4096 Feb 25 15:30 2023
> This is the same whether I am logged in as the Domain Administrator or
> myself (also in the Domain Admins group).
If you notice, there is a '+' sign at the end of the permissions, this
denotes that there are further permissions that you can read with
getfacl, but these are not the ones set from Windows, you need to use
'samba-tool ntacl' to read those.
Rowland
More information about the samba
mailing list