Thank you for your response! Here comes the smb.conf… André — smb.conf — # Global parameters [global] workgroup = LOPRODUCTS realm = LOPRODUCTS.LOCAL server role = member server security = ads server string = %h server (Samba, Ubuntu) netbios name = fireball disable netbios = yes wins support = no domain master = no local master = no preferred master = no os level = 0 dns forwarder = 172.24.0.24 name resolve order = lmhosts host wins bcast # password server = lodc02.loproducts.local encrypt passwords = yes passdb backend = tdbsam winbind use default domain = yes winbind trusted domains only = no winbind enum users = yes winbind enum groups = yes winbind refresh tickets = yes winbind cache time = 10 # username map = /etc/samba/usermap.txt idmap config * : backend = tdb idmap config * : range = 31000-35000 idmap config LOPRODUCTS : backend = rid idmap config LOPRODUCTS : range = 35001-40000 template shell = /bin/false template homedir = /home/%U inherit acls = yes map acl inherit = yes store dos attributes = yes vfs objects = acl_xattr unix extensions = no log level = 2 #debug timestamp = yes # [netlogon] # path=/var/lib/samba/sysvol/LOPRODUCTS.LOCAL/scripts # browseable = no # read only=No [sysvol] path = /var/lib/samba/sysvol browseable = no read only = no [3D-Content] path=/opt/data/shared/3d-content valid users = @LOPRODUCTS\wob-admins @LOPRODUCTS\domänen-admins invalid users = @"LOPRODUCTS\authlite 1f tag" browseable = no read only = no writeable = yes create mode = 0660 force create mode = 0660 force user = administrator directory mode = 0770 force directory mode = 0770 force group = wob-admins [CI] path = /opt/data/shared/ci valid users = @LOPRODUCTS\wob-admins @LOPRODUCTS\domänen-admins invalid users = @"LOPRODUCTS\authlite 1f tag" browseable = no read only = no writeable = yes create mode = 0660 force create mode = 0660 force user = administrator directory mode = 0770 force directory mode = 0770 force group = wob-admins [Dokumentation] path = /opt/data/shared/dokumentation valid users = @LOPRODUCTS\wob-admins @LOPRODUCTS\domänen-admins invalid users = @"LOPRODUCTS\authlite 1f tag" browseable = no read only = no writeable = yes create mode = 0660 force create mode = 0660 force user = administrator directory mode = 0770 force directory mode = 0770 force group = wob-admins [Projekte] path = /opt/data/wob/projekte valid users = @LOPRODUCTS\domänen-admins @LOPRODUCTS\wob-admins @LOPRODUCTS\domänen-benutzer invalid users = @"LOPRODUCTS\authlite 1f tag" browseable = no read only = no writeable = yes create mode = 0660 force create mode = 0660 directory mode = 0770 force directory mode = 0770 force group = domänen-benutzer [Projekte_Ablage] path = /opt/data/wob/projekte_ablage valid users = @LOPRODUCTS\wob-admins @LOPRODUCTS\domänen-admins invalid users = @"LOPRODUCTS\authlite 1f tag" browseable = no read only = no writeable = yes create mode = 0660 force create mode = 0660 directory mode = 0770 force directory mode = 0770 force group = wob-admins [Transfer] path = /opt/data/wob/transfer valid users = @LOPRODUCTS\domänen-admins @LOPRODUCTS\wob-admins @LOPRODUCTS\domänen-benutzer invalid users = @"LOPRODUCTS\authlite 1f tag" browseable = no read only = no writeable = yes create mode = 0660 force create mode = 0660 directory mode = 0770 force directory mode = 0770 force group = domänen-benutzer [Software] path = /opt/data/shared/software valid users = @LOPRODUCTS\wob-admins @LOPRODUCTS\domänen-admins invalid users = @"LOPRODUCTS\authlite 1f tag" browseable = no read only = no writeable = yes create mode = 0660 force create mode = 0660 force user = administrator directory mode = 0770 force directory mode = 0770 force group = wob-admins [Exchange_ROL-CHE] path = /opt/data/wob/rol/exchange_rol-che valid users = @LOPRODUCTS\domänen-admins @LOPRODUCTS\wob-rol_004 invalid users = @"LOPRODUCTS\authlite 1f tag" browseable = no read only = no writeable = yes create mode = 0660 force create mode = 0660 directory mode = 0770 force directory mode = 0770 force group = wob-rol_004 [Kundenanfragen] path = /opt/data/wob/rol/kundenanfragen valid users = @LOPRODUCTS\domänen-admins @LOPRODUCTS\wob-rol_003 invalid users = @"LOPRODUCTS\authlite 1f tag" browseable = no read only = no writeable = yes create mode = 0660 force create mode = 0660 directory mode = 0770 force directory mode = 0770 force group = wob-rol_003 [Management_Brain] path = /opt/data/wob/rol/management_brain valid users = @LOPRODUCTS\domänen-admins @LOPRODUCTS\wob-rol_002 invalid users = @"LOPRODUCTS\authlite 1f tag" browseable = no read only = no writeable = yes create mode = 0660 force create mode = 0660 directory mode = 0770 force directory mode = 0770 force group = wob-rol_002 [Management_ROL] path = /opt/data/wob/rol/management_rol valid users = @LOPRODUCTS\domänen-admins @LOPRODUCTS\gf invalid users = @"LOPRODUCTS\authlite 1f tag" browseable = no read only = no writeable = yes create mode = 0660 force create mode = 0660 directory mode = 0770 force directory mode = 0770 force group = gf [Management_ROL-MSA] path = /opt/data/wob/rol/management_rol-msa valid users = @LOPRODUCTS\domänen-admins @LOPRODUCTS\wob-rol_001 invalid users = @"LOPRODUCTS\authlite 1f tag" browseable = no read only = no writeable = yes create mode = 0660 force create mode = 0660 directory mode = 0770 force directory mode = 0770 force group = wob-rol_001 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: Message signed with OpenPGP URL: <http://lists.samba.org/pipermail/samba/attachments/20180525/2e353ff8/signature.sig>
On Fri, 25 May 2018 10:04:49 +0200 André Harms via samba <samba at lists.samba.org> wrote:> Thank you for your response! Here comes the smb.conf… > > André > > — smb.conf — > > # Global parameters > [global] > workgroup = LOPRODUCTS > realm = LOPRODUCTS.LOCAL > server role = member server > security = ads > server string = %h server (Samba, Ubuntu) > netbios name = fireball > disable netbios = yes > wins support = no > domain master = no > local master = no > preferred master = no > os level = 0 > dns forwarder = 172.24.0.24 > name resolve order = lmhosts host wins bcast > # password server = lodc02.loproducts.local > encrypt passwords = yes > passdb backend = tdbsam > winbind use default domain = yes > winbind trusted domains only = no > winbind enum users = yes > winbind enum groups = yes > winbind refresh tickets = yes > winbind cache time = 10 > # username map = /etc/samba/usermap.txt > idmap config * : backend = tdb > idmap config * : range = 31000-35000 > idmap config LOPRODUCTS : backend = rid > idmap config LOPRODUCTS : range = 35001-40000 > template shell = /bin/false > template homedir = /home/%U > inherit acls = yes > map acl inherit = yes > store dos attributes = yes > vfs objects = acl_xattr > unix extensions = no > log level = 2 > #debug timestamp = yesCan I suggest you read 'man smb.conf', whilst there is nothing really wrong with the above, it does have a few default lines.> > # [netlogon] > # path=/var/lib/samba/sysvol/LOPRODUCTS.LOCAL/scripts > # browseable = no > # read only=No > > [sysvol] > path = /var/lib/samba/sysvol > browseable = no > read only = noReally, you have a 'sysvol' share on a Unix domain member ?> [Transfer] > path = /opt/data/wob/transfer > valid users = @LOPRODUCTS\domänen-admins @LOPRODUCTS\wob-admins > @LOPRODUCTS\domänen-benutzer invalid users = @"LOPRODUCTS\authlite 1f > tag" browseable = no > read only = no > writeable = yes > create mode = 0660 > force create mode = 0660 > directory mode = 0770 > force directory mode = 0770 > force group = domänen-benutzer >Did you know that 'read only = no' and 'writeable = yes' mean the same thing ? I think you will probably be better off using Windows ACLs, see here: https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs Rowland