Hello. According to the "https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_Windows_ACLs", I run my Samba share but can't add permission to directory via admin user or other users that are administrator. My samba config is : [global] workgroup = JASONDOMAIN security = ADS realm = JASONDOMAINI.JJ netbios name = printmah dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab server string = Samba 4 Client %h ## vfs objects = acl_xattr map acl inherit = Yes store dos attributes = Yes ## username map = /etc/samba/user.map ## winbind enum users = no winbind enum groups = no winbind use default domain = yes winbind expand groups = 4 winbind nss info = rfc2307 winbind refresh tickets = Yes winbind offline logon = yes winbind normalize names = Yes ## map id's outside of domain to tdb files. idmap config *:backend = tdb idmap config *:range = 2000-9999 ## map ids from the domain the ranges may not overlap ! idmap config JASONDOMAIN : backend = rid idmap config JASONDOMAIN : range = 10000-999999 wins server = 172.30.9.1, 172.20.1.2, 172.20.1.48 domain master = no local master = no preferred master = no os level = 20 map to guest = bad user host msdfs = no # user Administrator workaround, without it you are unable to set privileges username map = /etc/samba/user.map # For ACL support on member server vfs objects = acl_xattr map acl inherit = Yes store dos attributes = Yes # Share Setting Globally unix extensions = no reset on zero vc = yes veto files = /.bash_logout/.bash_profile/.bash_history/.bashrc/ hide unreadable = yes template shell = /bin/sh template homedir = /home/%U # name resolve order = lmhosts wins bcast host [test] path = /home/jason/Desktop/photo read only = no browseable = yes I had a problem with SElinux that solved by enter below commands : setenforce 0 chcon -t samba_share_t -R /path/to/share setenforce 1 The problem solved but I can't change or add permission to directory via Windows as "Setup share permissions" section.I use "jason" account that is exist in administrator group but Jason can't too. How can I solve it?
Hello. I changed my "smb.conf" as below : [Demo] path = /srv/samba/demo/ read only = no force user = %U force group = "JASONDOMAIN.JJ+domain users" force create mode = 0666 force directory mode = 2777 force directory security mode = 0777 valid users = @"JASONDOMAIN.JJ+domain users" Then I use below command to change owner : # chgrp -R "domain users" demo/ # chmod -R g+rw demo/ # ls -l total 0 drwxrwxr-x. 2 root domain_users 6 Feb 18 05:38 demo But When I want to open the "demo" directory it ask me my username and password and when I enter my username and password it ask me again :( I also have same problem with change permission too. How can I solve it? It is emergency. Thank you. On Tuesday, February 17, 2015 5:49 AM, Jason Long <hack3rcon at yahoo.com> wrote: Hello. According to the "https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_Windows_ACLs", I run my Samba share but can't add permission to directory via admin user or other users that are administrator. My samba config is : [global] workgroup = JASONDOMAIN security = ADS realm = JASONDOMAINI.JJ netbios name = printmah dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab server string = Samba 4 Client %h ## vfs objects = acl_xattr map acl inherit = Yes store dos attributes = Yes ## username map = /etc/samba/user.map ## winbind enum users = no winbind enum groups = no winbind use default domain = yes winbind expand groups = 4 winbind nss info = rfc2307 winbind refresh tickets = Yes winbind offline logon = yes winbind normalize names = Yes ## map id's outside of domain to tdb files. idmap config *:backend = tdb idmap config *:range = 2000-9999 ## map ids from the domain the ranges may not overlap ! idmap config JASONDOMAIN : backend = rid idmap config JASONDOMAIN : range = 10000-999999 wins server = 172.30.9.1, 172.20.1.2, 172.20.1.48 domain master = no local master = no preferred master = no os level = 20 map to guest = bad user host msdfs = no # user Administrator workaround, without it you are unable to set privileges username map = /etc/samba/user.map # For ACL support on member server vfs objects = acl_xattr map acl inherit = Yes store dos attributes = Yes # Share Setting Globally unix extensions = no reset on zero vc = yes veto files = /.bash_logout/.bash_profile/.bash_history/.bashrc/ hide unreadable = yes template shell = /bin/sh template homedir = /home/%U # name resolve order = lmhosts wins bcast host [test] path = /home/jason/Desktop/photo read only = no browseable = yes I had a problem with SElinux that solved by enter below commands : setenforce 0 chcon -t samba_share_t -R /path/to/share setenforce 1 The problem solved but I can't change or add permission to directory via Windows as "Setup share permissions" section.I use "jason" account that is exist in administrator group but Jason can't too. How can I solve it?
Hi Jason, what are the permissions of the folder above - in your case /srv/samba. In the past I needed to chmod from 750 to 755 on that folder for the underlying share paths. Regards Tim Am 18. Februar 2015 13:29:07 MEZ, schrieb Jason Long <hack3rcon at yahoo.com>:>Hello. >I changed my "smb.conf" as below : > >[Demo] >path = /srv/samba/demo/ >read only = no >force user = %U >force group = "JASONDOMAIN.JJ+domain users" >force create mode = 0666 >force directory mode = 2777 >force directory security mode = 0777 >valid users = @"JASONDOMAIN.JJ+domain users" > > >Then I use below command to change owner : > ># chgrp -R "domain users" demo/ ># chmod -R g+rw demo/ > ># ls -l >total 0 >drwxrwxr-x. 2 root domain_users 6 Feb 18 05:38 demo > >But When I want to open the "demo" directory it ask me my username and >password and when I enter my username and password it ask me again :( >I also have same problem with change permission too. > >How can I solve it? It is emergency. > >Thank you. > > > >On Tuesday, February 17, 2015 5:49 AM, Jason Long <hack3rcon at yahoo.com> >wrote: >Hello. >According to the >"https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_Windows_ACLs", >I run my Samba share but can't add permission to directory via admin >user or other users that are administrator. >My samba config is : > >[global] >workgroup = JASONDOMAIN >security = ADS >realm = JASONDOMAINI.JJ >netbios name = printmah > >dedicated keytab file = /etc/krb5.keytab >kerberos method = secrets and keytab >server string = Samba 4 Client %h >## >vfs objects = acl_xattr >map acl inherit = Yes >store dos attributes = Yes >## >username map = /etc/samba/user.map > >## > >winbind enum users = no >winbind enum groups = no >winbind use default domain = yes >winbind expand groups = 4 >winbind nss info = rfc2307 >winbind refresh tickets = Yes >winbind offline logon = yes >winbind normalize names = Yes > >## map id's outside of domain to tdb files. >idmap config *:backend = tdb >idmap config *:range = 2000-9999 >## map ids from the domain the ranges may not overlap ! >idmap config JASONDOMAIN : backend = rid >idmap config JASONDOMAIN : range = 10000-999999 > >wins server = 172.30.9.1, 172.20.1.2, 172.20.1.48 > >domain master = no >local master = no >preferred master = no >os level = 20 >map to guest = bad user >host msdfs = no ># user Administrator workaround, without it you are unable to set >privileges >username map = /etc/samba/user.map > ># For ACL support on member server >vfs objects = acl_xattr >map acl inherit = Yes >store dos attributes = Yes > ># Share Setting Globally >unix extensions = no >reset on zero vc = yes >veto files = /.bash_logout/.bash_profile/.bash_history/.bashrc/ >hide unreadable = yes >template shell = /bin/sh >template homedir = /home/%U ># >name resolve order = lmhosts wins bcast host > >[test] >path = /home/jason/Desktop/photo >read only = no >browseable = yes > > > >I had a problem with SElinux that solved by enter below commands : > > >setenforce 0 > >chcon -t samba_share_t -R /path/to/share >setenforce 1 > > >The problem solved but I can't change or add permission to directory >via Windows as "Setup share permissions" section.I use "jason" account >that is exist in administrator group but Jason can't too. > >How can I solve it? >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba
Possibly Parallel Threads
- Windows Admin user can't change Permission.
- Windows Admin user can't change Permission.
- Use Samba with ACL for read Active Directory and set Permissions via it.
- Windows Admin user can't change Permission.
- Use Samba with ACL for read Active Directory and set Permissions via it.