Rowland Penny
2019-Jan-21 10:11 UTC
[Samba] I have issue in configuring file servers with AD integration.
On Mon, 21 Jan 2019 15:21:03 +0530 venkat ramu <ramut123 at gmail.com> wrote:> Hi Rowland, > > I have created folder /srv/samba/test and > subfolder /srv/samba/test/inherit1 (Inherit1 is inside test folder). > below are the config. When I try to access inherit1 from widows > getting you do not have permission to access > \\xxx.xxx.xxx.xxx\inherit1. Could you please help me on this. > > [test] > comment = Ubuntu File Server Share > path = /srv/samba/test > #valid users = test_groups > #browsable = yes > read only = no > create mask = 0640 > writable = yes > inherit permissions = no > valid users = +"SBX\Test-Group" > > [inherit1] > writeable = yes > comment = inherit1 > valid users = +"SBX\Inherit-Group", at +"SBX\Inherit-Group" > path = /srv/samba/test/inherit1 > inherit permissions = no >Can you please post your entire smb.conf (without any comment lines) Rowland
venkat ramu
2019-Jan-21 10:23 UTC
[Samba] I have issue in configuring file servers with AD integration.
Here is the smb.conf. [global] workgroup = SBX security = ADS realm = SBX.LAN dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab server string = Data %h winbind use default domain = yes winbind expand groups = 4 winbind nss info = rfc2307 winbind refresh tickets = Yes winbind offline logon = yes winbind normalize names = Yes ## map ids outside of domain to tdb files. idmap config *:backend = tdb idmap config *:range = 2000-9999 ## map ids from the domain the ranges may not overlap ! idmap config TESTAD : backend = rid idmap config TESTAD : range = 10000-999999 template shell = /bin/bash template homedir = /home/TESTAD/%U domain master = no local master = no preferred master = no os level = 20 map to guest = bad user host msdfs = no # user Administrator workaround, without it you are unable to set privileges username map = /etc/samba/user.map # For ACL support on domain member vfs objects = acl_xattr map acl inherit = Yes store dos attributes = Yes # Share Setting Globally unix extensions = no reset on zero vc = yes veto files = /.bash_logout/.bash_profile/.bash_history/.bashrc/ hide unreadable = yes # disable printing completely load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes [share] comment = Ubuntu File Server Share path = /srv/samba/share browsable = yes guest ok = yes read only = no valid users = +"SBX\Test-Group" create mask = 0640 [test] comment = Ubuntu File Server Share path = /srv/samba/test #valid users = test_groups #browsable = yes read only = no create mask = 0640 writable = yes inherit permissions = no valid users = +"SBX\Test-Group" [test myfolder] comment = Ubuntu File Server Share, permission inheritance path = /srv/samba/test/myfolder #browsable = yes read only = no create mask = 0640 writable = yes valid users = +"SBX\test_groups" [Folder Name Webmin] path = /srv/samba/new-test writeable = yes comment = Folder Name Webmin valid users = +"SBX\Test-Group" [new-training] path = /srv/samba\new-training valid users = +"SBX\Test-Group", at +"SBX\Test-Group" writeable = yes comment = new-training [New Share] path = /srv/samba/NewShare comment = New Share writeable = yes valid users = +"SBX\Test-Group", at +"SBX\Test-Group" [galaxy-test] valid users = +"SBX\Test-Group", at +"SBX\Test-Group" comment = galaxy-test path = /srv/samba/galaxy-test writeable = yes [inherit] path = /srv/samba/test/inherit valid users = +"SBX\Inherit-Group", at +"SBX\Inherit-Group" invalid users = +"SBX\Test-Group" writeable = yes [inherit1] writeable = yes comment = inherit1 valid users = +"SBX\Inherit-Group", at +"SBX\Inherit-Group" path = /srv/samba/test/inherit1 inherit permissions = no Thanks, Venkat
Rowland Penny
2019-Jan-21 10:48 UTC
[Samba] I have issue in configuring file servers with AD integration.
On Mon, 21 Jan 2019 15:53:47 +0530 venkat ramu <ramut123 at gmail.com> wrote:> > [inherit] > path = /srv/samba/test/inherit > valid users = +"SBX\Inherit-Group", at +"SBX\Inherit-Group" > invalid users = +"SBX\Test-Group" > writeable = yes > > [inherit1] > writeable = yes > comment = inherit1 > valid users = +"SBX\Inherit-Group", at +"SBX\Inherit-Group" > path = /srv/samba/test/inherit1 > inherit permissions = noYour computer appears to be a Unix domain member and if you read the 'invalid users' part of 'man smb.conf' You will find that '+' means look in the Unix group database (/etc/group) and '@' means look in the NIS database. As your computer is a Unix domain member, neither of these will be used and 'Inherit-Group' should exist in AD. There is another possible problem (it could a typo), you posted this: workgroup = SBX and also this: idmap config TESTAD : backend = rid idmap config TESTAD : range = 10000-999999 'TESTAD' should be 'SBX' Can I also suggest you read this: https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs That is a much better way of doing what you require. Rowland
Possibly Parallel Threads
- I have issue in configuring file servers with AD integration.
- I have issue in configuring file servers with AD integration.
- I have issue in configuring file servers with AD integration.
- I have issue in configuring file servers with AD integration.
- I have issue in configuring file servers with AD integration.