thr3ads.net - samba - [Samba] getfacl not have domain name and samba4 not work correctly [Jun 2016]

If this information is useful, please help other people find it:
Share via:

Ulisses Féres

2016-Jun-30 14:24 UTC

[Samba] getfacl not have domain name and samba4 not work correctly

Hi.

Sorry. Today I have a big problem with the samba I can not solve!

My permissions do not work properly. in the RSAT created groups, OU and
users. I configured in Windows the shared directory *TECNOLOGIA* security
settings assigning full permissions to *grupo_tecnologia* (technology
group).

However users who are with *grupo_tecnologia* (primary) to access the share
opens a popup asking for the user / password in which does not accept
access.

I noticed on linux with getfacl that DOMAIN is not properly setted as in
red:


*[root at smb ~]# getfacl /shares/c/tecnologia/*
# file: shares/c/tecnologia/
# owner: root
# group: root
user::rwx
user:root:rwx
user:BUILTIN\134administrators:rwx
user:domain\040admins:rwx
*user:grupo_tecnologia:rwx*
group::---
group:root:---
group:BUILTIN\134administrators:rwx
group:domain\040admins:rwx
*group:grupo_tecnologia:rwx*
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:user:BUILTIN\134administrators:rwx
default:user:domain\040admins:rwx
*default:user:grupo_tecnologia:rwx*
default:group::---
default:group:root:---
default:group:BUILTIN\134administrators:rwx
default:group:domain\040admins:rwx
*default:group:grupo_tecnologia:rwx*
default:mask::rwx
default:other::---


It was not to be:

*default:group:ROPA\grupo_tecnologia:rwx*

I believe all my problem may be due to this.




*IP Server:* 192.168.1.99

*[root at smb ~]# smbd -V*
Version 4.2.13

*[root at smb ~]# smbclient -V*
Version 4.2.13

*I try install version 4.4.4 but this error continues*


*[root at smb ~]# cat /etc/samba/smb.conf*
# Global parameters
[global]
        workgroup = ROPA
        realm = ROPA.INTRANET
        netbios name = SMB
        server role = active directory domain controller
        dns forwarder = 8.8.8.8

[netlogon]
        path = /usr/local/samba/var/locks/sysvol/ropa.intranet/scripts
        read only = No

[sysvol]
        path = /usr/local/samba/var/locks/sysvol
        read only = No


[tecnologia]
        comment = tecnologia
        path = /shares/c/tecnologia
        read only = no



*[root at smb ~]# cat /etc/resolv.conf*
domain ropa.intranet
search ropa.intranet
nameserver 192.168.1.99
nameserver 8.8.8.8

*[root at smb ~]# cat /etc/hosts*
127.0.0.1   localhost localhost.localdomain localhost4
localhost4.localdomain4 smb smb.ropa.intranet


*[root at smb ~]# testparm*
Load smb config files from /usr/local/samba/etc/smb.conf
Processing section "[netlogon]"
Processing section "[sysvol]"
Processing section "[tecnologia]"

Loaded services file OK.
Server role: ROLE_ACTIVE_DIRECTORY_DC

Press enter to see a dump of your service definitions

# Global parameters
[global]
        workgroup = ROPA
        realm = ROPA.INTRANET
        server role = active directory domain controller
        passdb backend = samba_dsdb
        dns forwarder = 8.8.8.8
        rpc_server:tcpip = no
        rpc_daemon:spoolssd = embedded
        rpc_server:spoolss = embedded
        rpc_server:winreg = embedded
        rpc_server:ntsvcs = embedded
        rpc_server:eventlog = embedded
        rpc_server:srvsvc = embedded
        rpc_server:svcctl = embedded
        rpc_server:default = external
        winbindd:use external pipes = true
        idmap config * : backend = tdb
        map archive = No
        map readonly = no
        store dos attributes = Yes
        vfs objects = dfs_samba4 acl_xattr


[netlogon]
        path = /usr/local/samba/var/locks/sysvol/ropa.intranet/scripts
        read only = No


[sysvol]
        path = /usr/local/samba/var/locks/sysvol
        read only = No


[tecnologia]
        comment = tecnologia
        path = /shares/c/tecnologia
        read only = No

*[root at smb ~]# klist*
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator at ROPA.INTRANET

Valid starting       Expires              Service principal
06/24/2016 01:21:09  06/24/2016 11:21:09  krbtgt/ROPA.INTRANET at ROPA.INTRANET
        renew until 06/25/2016 01:21:04

*[root at smb~]# uname -a*
Linux smb.ropa.intranet 3.10.0-123.20.1.el7.x86_64 #1 SMP Thu Jan 29
18:05:33 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux


Thanks i lot!
Ulisses.

Jason Waters

2016-Jun-30 15:10 UTC

head link

[Samba] getfacl not have domain name and samba4 not work correctly

I don't think your hosts file should be
localhost4.localdomain4 smb smb.ropa.intranet

It should be
192.168.1.99 smb smb.ropa.intranet

Then I would check if wbinfo -g returns groups?

also what does your /etc/nsswitch.conf file look like?


On Thu, Jun 30, 2016 at 10:24 AM, Ulisses Féres <uferes2 at gmail.com>
wrote:
> Hi.
>
> Sorry. Today I have a big problem with the samba I can not solve!
>
> My permissions do not work properly. in the RSAT created groups, OU and
> users. I configured in Windows the shared directory *TECNOLOGIA* security
> settings assigning full permissions to *grupo_tecnologia* (technology
> group).
>
> However users who are with *grupo_tecnologia* (primary) to access the share
> opens a popup asking for the user / password in which does not accept
> access.
>
> I noticed on linux with getfacl that DOMAIN is not properly setted as in
> red:
>
>
> *[root at smb ~]# getfacl /shares/c/tecnologia/*
> # file: shares/c/tecnologia/
> # owner: root
> # group: root
> user::rwx
> user:root:rwx
> user:BUILTIN\134administrators:rwx
> user:domain\040admins:rwx
> *user:grupo_tecnologia:rwx*
> group::---
> group:root:---
> group:BUILTIN\134administrators:rwx
> group:domain\040admins:rwx
> *group:grupo_tecnologia:rwx*
> mask::rwx
> other::---
> default:user::rwx
> default:user:root:rwx
> default:user:BUILTIN\134administrators:rwx
> default:user:domain\040admins:rwx
> *default:user:grupo_tecnologia:rwx*
> default:group::---
> default:group:root:---
> default:group:BUILTIN\134administrators:rwx
> default:group:domain\040admins:rwx
> *default:group:grupo_tecnologia:rwx*
> default:mask::rwx
> default:other::---
>
>
> It was not to be:
>
> *default:group:ROPA\grupo_tecnologia:rwx*
>
> I believe all my problem may be due to this.
>
>
>
>
> *IP Server:* 192.168.1.99
>
> *[root at smb ~]# smbd -V*
> Version 4.2.13
>
> *[root at smb ~]# smbclient -V*
> Version 4.2.13
>
> *I try install version 4.4.4 but this error continues*
>
>
> *[root at smb ~]# cat /etc/samba/smb.conf*
> # Global parameters
> [global]
>         workgroup = ROPA
>         realm = ROPA.INTRANET
>         netbios name = SMB
>         server role = active directory domain controller
>         dns forwarder = 8.8.8.8
>
> [netlogon]
>         path = /usr/local/samba/var/locks/sysvol/ropa.intranet/scripts
>         read only = No
>
> [sysvol]
>         path = /usr/local/samba/var/locks/sysvol
>         read only = No
>
>
> [tecnologia]
>         comment = tecnologia
>         path = /shares/c/tecnologia
>         read only = no
>
>
>
> *[root at smb ~]# cat /etc/resolv.conf*
> domain ropa.intranet
> search ropa.intranet
> nameserver 192.168.1.99
> nameserver 8.8.8.8
>
> *[root at smb ~]# cat /etc/hosts*
> 127.0.0.1   localhost localhost.localdomain localhost4
> localhost4.localdomain4 smb smb.ropa.intranet
>
>
> *[root at smb ~]# testparm*
> Load smb config files from /usr/local/samba/etc/smb.conf
> Processing section "[netlogon]"
> Processing section "[sysvol]"
> Processing section "[tecnologia]"
>
> Loaded services file OK.
> Server role: ROLE_ACTIVE_DIRECTORY_DC
>
> Press enter to see a dump of your service definitions
>
> # Global parameters
> [global]
>         workgroup = ROPA
>         realm = ROPA.INTRANET
>         server role = active directory domain controller
>         passdb backend = samba_dsdb
>         dns forwarder = 8.8.8.8
>         rpc_server:tcpip = no
>         rpc_daemon:spoolssd = embedded
>         rpc_server:spoolss = embedded
>         rpc_server:winreg = embedded
>         rpc_server:ntsvcs = embedded
>         rpc_server:eventlog = embedded
>         rpc_server:srvsvc = embedded
>         rpc_server:svcctl = embedded
>         rpc_server:default = external
>         winbindd:use external pipes = true
>         idmap config * : backend = tdb
>         map archive = No
>         map readonly = no
>         store dos attributes = Yes
>         vfs objects = dfs_samba4 acl_xattr
>
>
> [netlogon]
>         path = /usr/local/samba/var/locks/sysvol/ropa.intranet/scripts
>         read only = No
>
>
> [sysvol]
>         path = /usr/local/samba/var/locks/sysvol
>         read only = No
>
>
> [tecnologia]
>         comment = tecnologia
>         path = /shares/c/tecnologia
>         read only = No
>
> *[root at smb ~]# klist*
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: administrator at ROPA.INTRANET
>
> Valid starting       Expires              Service principal
> 06/24/2016 01:21:09  06/24/2016 11:21:09
> krbtgt/ROPA.INTRANET at ROPA.INTRANET
>         renew until 06/25/2016 01:21:04
>
> *[root at smb~]# uname -a*
> Linux smb.ropa.intranet 3.10.0-123.20.1.el7.x86_64 #1 SMP Thu Jan 29
> 18:05:33 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
>
>
> Thanks i lot!
> Ulisses.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

Maybe Matching Threads

Search for more possibly parallel threads

samba - Jun 2016 - getfacl not have domain name and samba4 not work correctly

[Samba] getfacl not have domain name and samba4 not work correctly

[Samba] getfacl not have domain name and samba4 not work correctly

Maybe Matching Threads