Andrey Repin
2015-Apr-18 00:37 UTC
[Samba] Unable to edit permissions on member server share, users don't have access.
Greetings, All!
The server works somewhat ok', it correctly pull and unwind the data from
AD,
members do login properly remotely and localle, but this one share gives me
nuts.
No members can access it, only domain admins, despite security tab in Windows
claiming that "Everyone" have "read and execute" access to
the share and all
files and folders inside it.
Again, this is a member server, not DC.
Any specific ACLs I should add to it?
Also, a bit OT, but where exactly I should add "barrier=1" ? To the
share
mount or to the mount that contain TDB files?
# mount | grep /nfs
/dev/md2 on /nfs type ext3 (rw,relatime,user_xattr,acl,barrier=1)
# getfacl /nfs{,/netlogon}
# file: nfs
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: nfs/netlogon
# owner: anrdaemon
# group: domain\040admins
user::rwx
group::rwx
other::r-x
default:user::rwx
default:group::rwx
default:group:domain\040admins:rwx
default:mask::rwx
default:other::r-x
# samba-tool testparm --suppress-prompt
# Global parameters
[global]
dos charset = CP866
workgroup = EXAMPLE
realm = ADS.EXAMPLE.LAN
netbios name = SERVER
interfaces = lo, 192.168.35.0/24
bind interfaces only = Yes
security = ADS
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
printcap name = cups
wins server = 127.0.0.1
wins support = Yes
preload = homes
panic action = /usr/share/samba/panic-action %d
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nss info = rfc2307
winbind refresh tickets = Yes
winbind offline logon = Yes
dns forwarder = 192.168.35.1
idmap config example : range = 500-99999
idmap config example : schema_mode = rfc2307
idmap config example : backend = ad
idmap config * : range = 100000-100999
idmap config * : schema_mode = rfc2307
idmap config * : backend = tdb
idmap_ldb:use rfc2307 = yes
map acl inherit = Yes
printing = cups
store dos attributes = Yes
vfs objects = acl_xattr
[netlogon]
comment = Network Logon Service
path = /nfs/netlogon
csc policy = disable
--
With best regards,
Andrey Repin
Saturday, April 18, 2015 03:29:22
Sorry for my terrible english...
Seemingly Similar Threads
- Wheezy member Server - Unable to edit permissions of share without usermapping - shall I add to Wiki?
- Domain Member Server (wheezy) - Unable to edit permissions of share without usermapping - shall I add to Wiki?
- Domain Member Server (wheezy) - Unable to edit permissions of share without usermapping - shall I add to Wiki?
- Domain Member Server (wheezy) - Unable to edit permissions of share without usermapping - shall I add to Wiki?
- *****SPAM***** Re: Domain Member Server (wheezy) - Unable to edit permissions of share without usermapping - shall I add to Wiki?
Wisdom of the Ancients
