Thomas Bauserman
2015-Jun-19 12:50 UTC
[Samba] windows acl not saving, no error, nothing in log file
I'm running samba 4.1.6 as a PDC on ubuntu 14.04. I'm following these guides to setup print shares https://wiki.samba.org/index.php/Samba_as_a_print_server https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_Windows_ACLs When I go to my windows workstation to change the ACL's on the print$ share I can get into the security tab and I can change the security options but when I click apply or ok they don't save. There is no error. I did tailf on /var/log/samba/log.samba while doing this and nothing shows up in the log file. Here is my fstab entry /dev/mapper/homer--vg-root / ext4 defaults,user_xattr,acl,barrier=1,errors=remount-ro 0 1 the only thing I noticed and I wasn't sure if it was an issue or not. When I run "lsof | grep /srv/samba/Printer_drivers" it gives me this lsof: no pwd entry for UID 3000019 lsof: no pwd entry for UID 3000019 lsof: no pwd entry for UID 3000019 lsof: no pwd entry for UID 3000019 lsof: no pwd entry for UID 3000019 lsof: no pwd entry for UID 3000019 lsof: no pwd entry for UID 3000019 lsof: no pwd entry for UID 3000019 I was a little confused by the guide because in one section the group is listed as Domain Admins and in another it's domain_admins so I added SeDiskOperatorPrivilege to both. It wouldn't let me set the group on the folder to Domain Admins it said it was an invalid group so I set it to domain_admins. Other than the Windows ACL's on the shares. Everything else is working great. I've got all my users setup and I'm applying GPO's successfully. I've been hitting my head against the wall for a couple of days now. Any help would be appreciated. Let me know if you need anything else from me. Thanks, Tom Bauserman Technical Support Specialist Teutopolis Unit #50 School District
Rowland Penny
2015-Jun-19 13:27 UTC
[Samba] windows acl not saving, no error, nothing in log file
On 19/06/15 13:50, Thomas Bauserman wrote:> I'm running samba 4.1.6 as a PDC on ubuntu 14.04.OK, are you actually running samba as an NT4-style PDC, or are running samba as an AD DC ? they are very different.> I'm following these guides to setup print shares > > https://wiki.samba.org/index.php/Samba_as_a_print_server > https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_Windows_ACLs > > When I go to my windows workstation to change the ACL's on the print$ share > I can get into the security tab and I can change the security options but > when I click apply or ok they don't save. There is no error. I did tailf on > /var/log/samba/log.samba while doing this and nothing shows up in the log > file.Have you followed the wiki pages fully ?> Here is my fstab entry > > /dev/mapper/homer--vg-root / ext4 > defaults,user_xattr,acl,barrier=1,errors=remount-ro 0 1You do not need 'user_xattr,acl', they are included by 'defaults' on ext4.> > the only thing I noticed and I wasn't sure if it was an issue or not. When > I run > > "lsof | grep /srv/samba/Printer_drivers" > > it gives me this > > lsof: no pwd entry for UID 3000019 > lsof: no pwd entry for UID 3000019 > lsof: no pwd entry for UID 3000019 > lsof: no pwd entry for UID 3000019 > lsof: no pwd entry for UID 3000019 > lsof: no pwd entry for UID 3000019 > lsof: no pwd entry for UID 3000019 > lsof: no pwd entry for UID 3000019Try giving 'Domain Admins' a gidNumber attribute.> I was a little confused by the guide because in one section the group is > listed as Domain Admins and in another it's domain_admins so I > added SeDiskOperatorPrivilege to both. It wouldn't let me set the group on > the folder to Domain Admins it said it was an invalid group so I set it to > domain_admins.'Domain Admins' and domain_admins are usually interchangeable, except on a samba4 AD DC, anywhere else you can set 'winbind normalize names = Yes' in smb.conf and then use the lowercase names. On a DC, you need to escape the space, either by quotes around the entire name i.e. "Domain Admins" or 'Domain Admins', or by using a backslash: Domain\ Admins. If you don't use anything, it tries to use just 'Domain'. Rowland> Other than the Windows ACL's on the shares. Everything else is working > great. I've got all my users setup and I'm applying GPO's successfully. > > I've been hitting my head against the wall for a couple of days now. Any > help would be appreciated. Let me know if you need anything else from me. > > Thanks, > Tom Bauserman > Technical Support Specialist > Teutopolis Unit #50 School District
Bob of Donelson Trophy
2015-Jun-19 14:14 UTC
[Samba] windows acl not saving, no error, nothing in log file
Regarding the insertion of "user_xattr,acl,barrier=1" in to /etc/fstab file. The Sambawiki page 'https://wiki.samba.org/index.php/OS_Requirements' has instructions there for ext4 to include this. I seen it commented here, in the mailing list, many time that this is now default for ext4. Maybe the wiki page should be changed? (Just a suggestion, you guys always give great advice.) --- ------------------------- Bob Wooden of Donelson Trophy 615.885.2846 (main) www.donelsontrophy.com [3] "Everyone deserves an award!!" On 2015-06-19 08:27, Rowland Penny wrote:> On 19/06/15 13:50, Thomas Bauserman wrote: > >> I'm running samba 4.1.6 as a PDC on ubuntu 14.04. > > OK, are you actually running samba as an NT4-style PDC, or are running samba as an AD DC ? they are very different. > >> I'm following these guides to setup print shares https://wiki.samba.org/index.php/Samba_as_a_print_server [1] https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_Windows_ACLs [2] When I go to my windows workstation to change the ACL's on the print$ share I can get into the security tab and I can change the security options but when I click apply or ok they don't save. There is no error. I did tailf on /var/log/samba/log.samba while doing this and nothing shows up in the log file. > > Have you followed the wiki pages fully ? > >> Here is my fstab entry /dev/mapper/homer--vg-root / ext4 defaults,user_xattr,acl,barrier=1,errors=remount-ro 0 1 > > You do not need 'user_xattr,acl', they are included by 'defaults' on ext4. > >> the only thing I noticed and I wasn't sure if it was an issue or not. When I run "lsof | grep /srv/samba/Printer_drivers" it gives me this lsof: no pwd entry for UID 3000019 lsof: no pwd entry for UID 3000019 lsof: no pwd entry for UID 3000019 lsof: no pwd entry for UID 3000019 lsof: no pwd entry for UID 3000019 lsof: no pwd entry for UID 3000019 lsof: no pwd entry for UID 3000019 lsof: no pwd entry for UID 3000019 > > Try giving 'Domain Admins' a gidNumber attribute. > >> I was a little confused by the guide because in one section the group is listed as Domain Admins and in another it's domain_admins so I added SeDiskOperatorPrivilege to both. It wouldn't let me set the group on the folder to Domain Admins it said it was an invalid group so I set it to domain_admins. > > 'Domain Admins' and domain_admins are usually interchangeable, except on a samba4 AD DC, anywhere else you can set 'winbind normalize names = Yes' in smb.conf and then use the lowercase names. On a DC, you need to escape the space, either by quotes around the entire name i.e. "Domain Admins" or 'Domain Admins', or by using a backslash: Domain Admins. If you don't use anything, it tries to use just 'Domain'. > > Rowland > >> Other than the Windows ACL's on the shares. Everything else is working great. I've got all my users setup and I'm applying GPO's successfully. I've been hitting my head against the wall for a couple of days now. Any help would be appreciated. Let me know if you need anything else from me. Thanks, Tom Bauserman Technical Support Specialist Teutopolis Unit #50 School DistrictLinks: ------ [1] https://wiki.samba.org/index.php/Samba_as_a_print_server [2] https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_Windows_ACLs [3] http://www.donelsontrophy.com
Possibly Parallel Threads
- windows acl not saving, no error, nothing in log file
- windows acl not saving, no error, nothing in log file
- Use Samba with ACL for read Active Directory and set Permissions via it.
- Use Samba with ACL for read Active Directory and set Permissions via it.
- Use Samba with ACL for read Active Directory and set Permissions via it.