[Samba] Permission denied while trying to setup share with RSAT
Peter Milesson
miles at atmos.eu
Tue Dec 12 18:31:06 UTC 2023
On 12.12.2023 19:12, Rowland Penny via samba wrote:
> On Tue, 12 Dec 2023 18:59:33 +0100
> Peter Milesson via samba <samba at lists.samba.org> wrote:
>
>>
>> On 12.12.2023 18:42, Rowland Penny via samba wrote:
>>> On Tue, 12 Dec 2023 13:11:14 +0100
>>> Peter Milesson via samba <samba at lists.samba.org> wrote:
>>>
>>>> Hi folks,
>>>>
>>>> AD Member server with Samba 4.19.3 from Debian Bookworm backports.
>>>> AD DC also Samba 4.19.3 from Debian Bookworm backports. smb.conf
>>>> last in the message.
>>>>
>>>> When trying to setup a share with RSAT as Administrator, every
>>>> operation fails with the error message:
>>>>
>>>> "An error occurred while applying security information to:"
>>>> \\DATASRV\groble$
>>>> Failed to enumerate objects in the container. Access is denied.
>>>>
>>>> The only operation that succeeds is changing ownership
>>>>
>>>> I setup the directory the usual way according to the Samba Wiki
>>>>
>>>> mkdir -p /data/groble
>>>> chown root:"Domain Admins" /data/groble
>>>> chmod 0770 /data/groble
>>>>
>>>> and defined it in smb.conf as
>>>>
>>>> [groble$]
>>>> comment = Roaming profiles
>>>> path = /data/groble/
>>>> read only = no
>>>> acl_xattr:ignore system acls = yes
>>>> hide dot files = no
>>>> csc policy = disable
>>>>
>>> That share appears to be for 'roaming profiles', so I suggest you
>>> read this wiki page and then follow it to the letter:
>>>
>>> https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles
>>>
>>> Follow the 'Using Windows ACLs' section.
>>>
>>> I also suggest you connect from Windows as a member of Domain
>>> Admins.
>>>
>>> Rowland
>>>
>>>
>> Hi Rowland,
>>
>> I have already done that, a zillion times. Still does not work. The
>> basic problem is, that I cannot modify anything as Administrator.
>> Whether the share will be used for roaming profiles or not, is
>> secondary, and not the problem.
>>
>> As I reported, if I set the owner on the directory I want to share as
>> PRIVATE\myadmin:"Domain Admins" with permissions 0770, I can manage
>> the share properties as that user. If I create it as root:"Domain
>> Admins", no way. Neither as PRIVATE\myadmin, nor as
>> PRIVATE\Administrator.
>>
> From my testing, you no longer seem to need the user.map, try reading
> this:
>
> https://lists.samba.org/archive/samba/2023-November/247267.html
>
> Rowland
>
Hi Rowland,
I have also tried that, still the same error.
I did also check if there is some old cruft in the local samba user
database. That one is empty.
Best regards,
Peter
More information about the samba
mailing list