Horace
2014-Jan-24 21:05 UTC
[Samba] Can't get permission on a share to work problem with groups
Hello, 1. I have created a directory /srv/samba4/Public Applications. 2. I created a group 'Domain Admins' with gid 1003 3. I setfacl -m group:1003:rwx on Public Applications 4. I created a share [Public Applications] read list = @ACCOUNTSAD\"Domain Users" write list = @"Domain Admins" comment = Public Applications path = /srv/samba4/Public Applications #admin users = @"Domain Admins" 5. wbinfo --group-info 'Domain Admins' ACCOUNTSAD\Domain Admins:*:1003: Debug level # Debug logging information #log level = 10 log level = 3 #log file = /var/log/samba.log.%m #max log size = 50 debug timestamp = yes syslog only = yes As anyone can see, I like Domain Admins read write access and Domain Users read access only. For whatever reason, when I access the share \\PDC-S2\Public Applications and try to create a folder, I get Permission denied. I have tailed both syslog's and log.smbd and there is NO relevant information regarding why this is failing. Am I doing something wrong here ?
me at electronico.nc
2014-Jan-24 23:10 UTC
[Samba] Can't get permission on a share to work problem with groups
Le 25/01/2014 08:05, Horace a ?crit :> Hello, > > 1. I have created a directory /srv/samba4/Public Applications. > 2. I created a group 'Domain Admins' with gid 1003 > 3. I setfacl -m group:1003:rwx on Public Applications > 4. I created a share > [Public Applications] > read list = @ACCOUNTSAD\"Domain Users" > write list = @"Domain Admins" > comment = Public Applications > path = /srv/samba4/Public Applications > #admin users = @"Domain Admins" > 5. wbinfo --group-info 'Domain Admins' > ACCOUNTSAD\Domain Admins:*:1003: > > Debug level > # Debug logging information > #log level = 10 > log level = 3 > #log file = /var/log/samba.log.%m > #max log size = 50 > debug timestamp = yes > syslog only = yes > > > As anyone can see, I like Domain Admins read write access and Domain > Users read access only. For whatever reason, when I access the share > \\PDC-S2\Public Applications and try to create a folder, I get > Permission denied. > > I have tailed both syslog's and log.smbd and there is NO relevant > information regarding why this is failing. > > Am I doing something wrong here ?Not sure if it's relevent, but I never use shares with space in filename, so you don't have to double-quote them. This avoids lot of errors. Nicolas
Rowland Penny
2014-Feb-09 10:19 UTC
[Samba] Can't get permission on a share to work problem with groups
On 24/01/14 21:05, Horace wrote:> Hello, > > 1. I have created a directory /srv/samba4/Public Applications. > 2. I created a group 'Domain Admins' with gid 1003When you say that you created a group called 'Domain Admins', just how did you create it? or do you mean that you added the gidNumber '1003' to the already existing group in AD? Rowland> 3. I setfacl -m group:1003:rwx on Public Applications > 4. I created a share > [Public Applications] > read list = @ACCOUNTSAD\"Domain Users" > write list = @"Domain Admins" > comment = Public Applications > path = /srv/samba4/Public Applications > #admin users = @"Domain Admins" > 5. wbinfo --group-info 'Domain Admins' > ACCOUNTSAD\Domain Admins:*:1003: > > Debug level > # Debug logging information > #log level = 10 > log level = 3 > #log file = /var/log/samba.log.%m > #max log size = 50 > debug timestamp = yes > syslog only = yes > > > As anyone can see, I like Domain Admins read write access and Domain > Users read access only. For whatever reason, when I access the share > \\PDC-S2\Public Applications and try to create a folder, I get > Permission denied. > > I have tailed both syslog's and log.smbd and there is NO relevant > information regarding why this is failing. > > Am I doing something wrong here ?