Greg Dickie
2023-Oct-27 19:07 UTC
[Samba] Permissions issue on domain member server (samba as an appliance)
Hi, We have a rat's nest of windows servers all sharing little bits of storage which I'm trying to consolidate on one biggish linux server. I've install a fresh Ubuntu 22.04 and samba 4.15 that comes standard. I've also joined the domain using autorid as the backend and users are getting UID and GIDs correctly as evidenced by wbinfo -i USER and id USER. I've also mapped a domain admin user to root using username map and the connection shows up as root in smbstatus. Created a share, changed the group of the directory to "Domain Admins" and did a g+rwx on the share root dir. Everything looks good. But. When I connect to the share as that admin user and try a mkdir tt I get access denied. robocopy from one of the windows servers give me "A required privilege is not help by the client". Level 10 logs are pretty verbose but I did not see a cause. What am I missing? Where should I look next? Thanks, Greg -- Greg Dickie just a guy 514-983-5400
Luis Peromarta
2023-Oct-27 19:20 UTC
[Samba] Permissions issue on domain member server (samba as an appliance)
These are my notes. I?d rather use xattr and configure shares from windows. http://samba.bigbird.es/doku.php?id=samba:configuring-shares Also, have you assigned privileges ? http://samba.bigbird.es/doku.php?id=samba:server-privileges Using autorid as the idmap backend has some limitations. I recommend using rid. Regards. On 27 Oct 2023 at 20:08 +0100, Greg Dickie via samba <samba at lists.samba.org>, wrote:> Hi, > > We have a rat's nest of windows servers all sharing little bits of > storage which I'm trying to consolidate on one biggish linux server. I've > install a fresh Ubuntu 22.04 and samba 4.15 that comes standard. I've also > joined the domain using autorid as the backend and users are getting UID > and GIDs correctly as evidenced by wbinfo -i USER and id USER. I've also > mapped a domain admin user to root using username map and the connection > shows up as root in smbstatus. Created a share, changed the group of the > directory to "Domain Admins" and did a g+rwx on the share root dir. > Everything looks good. > > But. When I connect to the share as that admin user and try a mkdir tt I > get access denied. robocopy from one of the windows servers give me "A > required privilege is not help by the client". > > Level 10 logs are pretty verbose but I did not see a cause. > > What am I missing? Where should I look next? > > Thanks, > Greg > > -- > > > Greg Dickie > just a guy > 514-983-5400 > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Rowland Penny
2023-Oct-27 19:30 UTC
[Samba] Permissions issue on domain member server (samba as an appliance)
On Fri, 27 Oct 2023 15:07:56 -0400 Greg Dickie via samba <samba at lists.samba.org> wrote:> Hi, > > We have a rat's nest of windows servers all sharing little bits of > storage which I'm trying to consolidate on one biggish linux server. > I've install a fresh Ubuntu 22.04 and samba 4.15 that comes standard. > I've also joined the domain using autorid as the backend and users > are getting UID and GIDs correctly as evidenced by wbinfo -i USER and > id USER. I've also mapped a domain admin user to root using username > map and the connection shows up as root in smbstatus.Could you please point out where it says to map a domain admin to root instead of mapping Administrator to root ? Rowland> Created a > share, changed the group of the directory to "Domain Admins" and did > a g+rwx on the share root dir. Everything looks good. > > But. When I connect to the share as that admin user and try a mkdir > tt I get access denied. robocopy from one of the windows servers give > me "A required privilege is not help by the client". > > Level 10 logs are pretty verbose but I did not see a cause. > > What am I missing? Where should I look next? > > Thanks, > Greg >
Possibly Parallel Threads
- Permissions issue on domain member server (samba as an appliance)
- Permissions issue on domain member server (samba as an appliance)
- Permissions issue on domain member server (samba as an appliance)
- Permissions issue on domain member server (samba as an appliance)
- Choosing a backend idamp and example scenarios for each one