I created a demo share on my AD DC. After obtaining a copy of Win7 Ultimate I could now verify that the share has all rights granted to anyone (don't know how Windoze call "Jeder" in English). I can read and write the Share using AD\Administrator. AD\StandardUser can mount the share and read, what the Administrator put there. But he cannot create or modify files. AD\StandardUser was created using samba-tool following the Wiki Howto. Is there a howto to systematically troubleshoot permission stuff? I fear it won't be my last time lost in AD. Regards, - lars.
On Fri, 2014-06-27 at 14:42 +0200, Lars Hanke wrote:> I created a demo share on my AD DC. After obtaining a copy of Win7 > Ultimate I could now verify that the share has all rights granted to > anyone (don't know how Windoze call "Jeder" in English). > > I can read and write the Share using AD\Administrator. AD\StandardUser > can mount the share and read, what the Administrator put there. But he > cannot create or modify files. > > AD\StandardUser was created using samba-tool following the Wiki Howto. > > Is there a howto to systematically troubleshoot permission stuff? I fear > it won't be my last time lost in AD. > > Regards, > - lars.Please post: smb.conf /etc/nsswitch.conf getent passwd AS\StandardUser getfacl /path/to/your/demo share Steve
2014-06-27 14:42 GMT+02:00 Lars Hanke <debian at lhanke.de>:> > > Is there a howto to systematically troubleshoot permission stuff? I fear > it won't be my last time lost in AD. > >See this Wiki to get the correct Windows tools in place: https://wiki.samba.org/index.php/Samba_AD_management_from_windows See this one for configuring Shares: https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_Windows_ACLs *Regards,* Marcel de Reuver