[Samba] permission denied with windows acls

Rowland Penny rpenny at samba.org
Sun Jan 28 18:06:21 UTC 2024


On Sun, 28 Jan 2024 09:40:22 -0800
Peter Carlson via samba <samba at lists.samba.org> wrote:

> 
> On 1/28/24 09:27, Rowland Penny via samba wrote:
> > On Sun, 28 Jan 2024 08:47:28 -0800
> > Peter Carlson via samba<samba at lists.samba.org>  wrote:
> >
> >> On 1/27/24 03:19, Rowland Penny via samba wrote:
> >>> You are close, but are missing a parameter, try opening a terminal
> >>> on u2gui (which I take it is the hostname for the domain joined
> >>> client you are trying to mount the share to). Then type this:
> >>>
> >>> sudo mount -t cifs //fs.carlson.lab/test /mnt/test -o
> >>> sec=krb5,username=U2GUI$,multiuser
> >>>
> >>> Now go and look at /mnt/test
> >>>
> >>> Rowland
> >>>
> >> I am still getting permission denied.  Does the machine need a user
> >> account? I thought that with multiuser it just needed a computer
> >> account
> > It does just need a computer account and a computer account is just
> > a user account with an extra objectclass.
> except that the computer isn't normally a member of Domain Users, but 
> Domain Computers...so...that got me thinking and I added the computer
> to Domain Users and now it can mount.  But is that the right thing to
> do?

I come back to the fact that it works for myself without doing anything
like that:
sudo ldbsearch -H /var/lib/samba/private/sam.ldb -P -b
dc=samdom,dc=example,dc=com
'(&(objectCategory=computer)(primaryGroupID=515))' dn | grep TESTDM12
dn: CN=TESTDM12,CN=Computers,DC=samdom,DC=example,DC=com

Rowland



More information about the samba mailing list