Hi, I would like to set filesystem permissions on shares (users, at the moment) with Windows 10 (1809). On the Samba side, the filesystem is ext4. I tested the extended attributes usability with setfattr/getfattr, and setfacl/getfacl, and they work. I set the followings in smb.conf: [global] vfs objects = acl_xattr map acl inherit = yes store dos attributes = yes ... [users] path = /home/users read only = no And: chown root:"Domain Admins" /home/users chmod 0770 /home/users I gave SeDiskOperatorPrivilege to the Administrator user (I don't understand, why he doesn't have it default) on dc1, and on the file server too. On Windows, I can connect to the Samba file server, with computer management (it connects immediately, but, when I click on the system tools, it gives me an error message: SRV cannot connect... When I click on the ok, it connects after all). I can see shares in Shared folders/Shares. I can set share permissions, but on the security tab, I see that I need read permission for the object. When I click on Special button, the situation is similar: I don't have permission for the object. What additional settings I need, what should I check?
On 02/07/2019 10:44, Pisch Tam?s via samba wrote:> Hi, > > I would like to set filesystem permissions on shares (users, at the > moment) with Windows 10 (1809). > On the Samba side, the filesystem is ext4. I tested the extended > attributes usability with setfattr/getfattr, and setfacl/getfacl, and > they work. > I set the followings in smb.conf: > [global] > vfs objects = acl_xattr > map acl inherit = yes > store dos attributes = yes > ... > > [users] > path = /home/users > read only = no > > And: > chown root:"Domain Admins" /home/users > chmod 0770 /home/users > > I gave SeDiskOperatorPrivilege to the Administrator user (I don't > understand, why he doesn't have it default) on dc1, and on the file > server too. > > On Windows, I can connect to the Samba file server, with computer > management (it connects immediately, but, when I click on the system > tools, it gives me an error message: SRV cannot connect... When I > click on the ok, it connects after all). I can see shares in Shared > folders/Shares. I can set share permissions, but on the security tab, > I see that I need read permission for the object. When I click on > Special button, the situation is similar: I don't have permission for > the object. > What additional settings I need, what should I check? >Can you start by posting your entire smb.conf Rowland
> > Hi, > > > > I would like to set filesystem permissions on shares (users, at the > > moment) with Windows 10 (1809). > > On the Samba side, the filesystem is ext4. I tested the extended > > attributes usability with setfattr/getfattr, and setfacl/getfacl, and > > they work. > > I set the followings in smb.conf: > > [global] > > vfs objects = acl_xattr > > map acl inherit = yes > > store dos attributes = yes > > ... > > > > [users] > > path = /home/users > > read only = no > > > > And: > > chown root:"Domain Admins" /home/users > > chmod 0770 /home/users > > > > I gave SeDiskOperatorPrivilege to the Administrator user (I don't > > understand, why he doesn't have it default) on dc1, and on the file > > server too. > > > > On Windows, I can connect to the Samba file server, with computer > > management (it connects immediately, but, when I click on the system > > tools, it gives me an error message: SRV cannot connect... When I > > click on the ok, it connects after all). I can see shares in Shared > > folders/Shares. I can set share permissions, but on the security tab, > > I see that I need read permission for the object. When I click on > > Special button, the situation is similar: I don't have permission for > > the object. > > What additional settings I need, what should I check? > > > Can you start by posting your entire smb.confYes: [global] bind interfaces only = Yes dos charset = CP852 interfaces = lo enp0s3 log file = /var/log/samba/%m.log log level = 1 name resolve order = wins bcast realm = A.B.HU security = ADS template homedir = /home/users/%U template shell = /bin/bash unix charset = UTF8 username map = /etc/samba/user.map wins server = 192.168.0.4 workgroup = A idmap config a : range = 10000-999999 idmap config a : backend = rid idmap config * : range = 3000-7999 idmap config * : backend = tdb create mask = 0770 csc policy = disable directory mask = 0770 map acl inherit = Yes store dos attributes = Yes vfs objects = acl_xattr [users] path = /home/users read only = No
On 02/07/2019 12:38, Pisch Tam?s via samba wrote:>>> Hi, >>> >>> I would like to set filesystem permissions on shares (users, at the >>> moment) with Windows 10 (1809). >>> On the Samba side, the filesystem is ext4. I tested the extended >>> attributes usability with setfattr/getfattr, and setfacl/getfacl, and >>> they work. >>> I set the followings in smb.conf: >>> [global] >>> vfs objects = acl_xattr >>> map acl inherit = yes >>> store dos attributes = yes >>> ... >>> >>> [users] >>> path = /home/users >>> read only = no >>> >>> And: >>> chown root:"Domain Admins" /home/users >>> chmod 0770 /home/users >>> >>> I gave SeDiskOperatorPrivilege to the Administrator user (I don't >>> understand, why he doesn't have it default) on dc1, and on the file >>> server too. >>> >>> On Windows, I can connect to the Samba file server, with computer >>> management (it connects immediately, but, when I click on the system >>> tools, it gives me an error message: SRV cannot connect... When I >>> click on the ok, it connects after all). I can see shares in Shared >>> folders/Shares. I can set share permissions, but on the security tab, >>> I see that I need read permission for the object. When I click on >>> Special button, the situation is similar: I don't have permission for >>> the object. >>> What additional settings I need, what should I check? >>> >> Can you start by posting your entire smb.conf > Yes: > > [global] > bind interfaces only = Yes > dos charset = CP852 > interfaces = lo enp0s3 > log file = /var/log/samba/%m.log > log level = 1 > name resolve order = wins bcast > realm = A.B.HU > security = ADS > template homedir = /home/users/%U > template shell = /bin/bash > unix charset = UTF8 > username map = /etc/samba/user.map > wins server = 192.168.0.4 > workgroup = A > idmap config a : range = 10000-999999 > idmap config a : backend = rid > idmap config * : range = 3000-7999 > idmap config * : backend = tdb > create mask = 0770 > csc policy = disable > directory mask = 0770 > map acl inherit = Yes > store dos attributes = Yes > vfs objects = acl_xattr > > [users] > path = /home/users > read only = No >Have you read this: https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs Does '/etc/samba/user.map' contain this: !root = A\Administrator The only thing 'wrong' with your smb.conf is the use of 'wins', this isn't used any more. Rowland
> >>> Hi, > >>> > >>> I would like to set filesystem permissions on shares (users, at the > >>> moment) with Windows 10 (1809). > >>> On the Samba side, the filesystem is ext4. I tested the extended > >>> attributes usability with setfattr/getfattr, and setfacl/getfacl, and > >>> they work. > >>> I set the followings in smb.conf: > >>> [global] > >>> vfs objects = acl_xattr > >>> map acl inherit = yes > >>> store dos attributes = yes > >>> ... > >>> > >>> [users] > >>> path = /home/users > >>> read only = no > >>> > >>> And: > >>> chown root:"Domain Admins" /home/users > >>> chmod 0770 /home/users > >>> > >>> I gave SeDiskOperatorPrivilege to the Administrator user (I don't > >>> understand, why he doesn't have it default) on dc1, and on the file > >>> server too. > >>> > >>> On Windows, I can connect to the Samba file server, with computer > >>> management (it connects immediately, but, when I click on the system > >>> tools, it gives me an error message: SRV cannot connect... When I > >>> click on the ok, it connects after all). I can see shares in Shared > >>> folders/Shares. I can set share permissions, but on the security tab, > >>> I see that I need read permission for the object. When I click on > >>> Special button, the situation is similar: I don't have permission for > >>> the object. > >>> What additional settings I need, what should I check? > >>> > >> Can you start by posting your entire smb.conf > > Yes: > > > > [global] > > bind interfaces only = Yes > > dos charset = CP852 > > interfaces = lo enp0s3 > > log file = /var/log/samba/%m.log > > log level = 1 > > name resolve order = wins bcast > > realm = A.B.HU > > security = ADS > > template homedir = /home/users/%U > > template shell = /bin/bash > > unix charset = UTF8 > > username map = /etc/samba/user.map > > wins server = 192.168.0.4 > > workgroup = A > > idmap config a : range = 10000-999999 > > idmap config a : backend = rid > > idmap config * : range = 3000-7999 > > idmap config * : backend = tdb > > create mask = 0770 > > csc policy = disable > > directory mask = 0770 > > map acl inherit = Yes > > store dos attributes = Yes > > vfs objects = acl_xattr > > > > [users] > > path = /home/users > > read only = No > > > Have you read this: > > https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLsYes.> Does '/etc/samba/user.map' contain this: > > !root = A\AdministratorYes.> The only thing 'wrong' with your smb.conf is the use of 'wins', this > isn't used any more.Thanks, I changed the necessary parameters. Problem still exists.