Rommel Rodriguez Toirac
2017-Apr-06 19:19 UTC
[Samba] Can not change the share permissions
El 6 de abril de 2017 12:37:35 GMT-04:00, Marc Muehlfeld via samba <samba at lists.samba.org> escribió:>Hi Rommel, > >Am 06.04.2017 um 15:47 schrieb Rommel Rodriguez Toirac via samba: >> The problem is that I can not share directory using Windows > > or POSIX ACLs. Trying with Windows ACL: I use the Windows 7 > > RSAT. I use the Computer Management and the option Share > > Folders. There I changes the folder permission using the > > Share Permission tab with no problem, but when I > > try with the Security tab never let me, because of > > Not access, permission denied. From the network, I can > > see the share, but can not access to it or the content. > >Can you please verify that your setup matches everything described in >our guides: >https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member >https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs > > > >> Here is where I see some problem. "Could not connect to server >127.0.0.1" > > I suppouse that must be 192.168.41.17 that is the IP addreess > > of samba4 AD DC. > >Privileges are stored on each host locally. Therefore you set it on >your >file server and not on the DC. > > > >> [root at gtmpve ~]# net rpc rights list privileges >SeDiskOperatorPrivilege -U 'ATGM00\administrator' >> Enter ATGM00\administrator's password: >> Bad SMB2 signature for message >> [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ >........ >> [0000] 85 28 83 F4 26 78 EB 45 1C DE 05 C1 EE E1 C3 84 .(..&x.E >........ >> Could not connect to server 127.0.0.1 >> Connection failed: NT_STATUS_ACCESS_DENIED > >Have a look at this thread: >https://lists.samba.org/archive/samba/2015-September/194284.html >There was a solution for the "Bad SMB2 signature for message" error at >the end of the thread. > > > >Regards, >MarcI follow your guides to configure the Domain member server and the file server. In this message I send the result of some checks that you propouse in this guide plus other that I read in some messages of the list. Refered to smb2 error I used the solution propupoused, "server signing" with all option (default, mandatory, disabled and auto) and always the same answer. Rommel Rodriguez Toirac rommelrt at nauta.cu
On Thu, 06 Apr 2017 15:19:04 -0400 Rommel Rodriguez Toirac via samba <samba at lists.samba.org> wrote:> > I follow your guides to configure the Domain member server and the > file server. In this message I send the result of some checks that > you propouse in this guide plus other that I read in some messages of > the list. > > Refered to smb2 error I used the solution propupoused, "server > signing" with all option (default, mandatory, disabled and auto) and > always the same answer. > > Rommel Rodriguez Toirac > rommelrt at nauta.cu >OK, if I do this: sudo net rpc rights list privileges [sudo] password for rowland: Enter root's password: I get this: Bad SMB2 signature for message [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0000] E7 45 31 59 C0 1A 77 A8 F1 FB 5B 74 9F F6 8D 79 .E1Y..w. ..[t...y Could not connect to server 127.0.0.1 Connection failed: NT_STATUS_ACCESS_DENIED So that doesn't work This didn't either: net rpc rights list privileges -UAdministrator Failed to init messaging context But this does: sudo net rpc rights list privileges -UAdministrator Enter Administrator's password: SeMachineAccountPrivilege Add machines to domain SeTakeOwnershipPrivilege Take ownership of files or other objects SeBackupPrivilege Back up files and directories SeRestorePrivilege Restore files and directories SeRemoteShutdownPrivilege Force shutdown from a remote system SePrintOperatorPrivilege Manage printers SeAddUsersPrivilege Add users and groups to the domain SeDiskOperatorPrivilege Manage disk shares SeSecurityPrivilege System security These were all run a Unix domain member, so it sounds like your problems are down to a permissions problem. Rowland
Rommel Rodriguez Toirac
2017-Apr-06 21:24 UTC
[Samba] Can not change the share permissions
El 6 de abril de 2017 15:43:11 GMT-04:00, Rowland Penny via samba <samba at lists.samba.org> escribió:>On Thu, 06 Apr 2017 15:19:04 -0400 >Rommel Rodriguez Toirac via samba <samba at lists.samba.org> wrote: > >> >> I follow your guides to configure the Domain member server and the >> file server. In this message I send the result of some checks that >> you propouse in this guide plus other that I read in some messages of >> the list. >> >> Refered to smb2 error I used the solution propupoused, "server >> signing" with all option (default, mandatory, disabled and auto) and >> always the same answer. >> >> Rommel Rodriguez Toirac >> rommelrt at nauta.cu >> > >OK, if I do this: >sudo net rpc rights list privileges >[sudo] password for rowland: >Enter root's password: > >I get this: > >Bad SMB2 signature for message >[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ >........ >[0000] E7 45 31 59 C0 1A 77 A8 F1 FB 5B 74 9F F6 8D 79 .E1Y..w. >..[t...y >Could not connect to server 127.0.0.1 >Connection failed: NT_STATUS_ACCESS_DENIED > >So that doesn't work > >This didn't either: > >net rpc rights list privileges -UAdministrator >Failed to init messaging context > >But this does: > >sudo net rpc rights list privileges -UAdministrator >Enter Administrator's password: > SeMachineAccountPrivilege Add machines to domain > SeTakeOwnershipPrivilege Take ownership of files or other objects > SeBackupPrivilege Back up files and directories > SeRestorePrivilege Restore files and directories > SeRemoteShutdownPrivilege Force shutdown from a remote system > SePrintOperatorPrivilege Manage printers > SeAddUsersPrivilege Add users and groups to the domain > SeDiskOperatorPrivilege Manage disk shares > SeSecurityPrivilege System security > >These were all run a Unix domain member, so it sounds like your >problems are down to a permissions problem. > >RowlandThank Rowland for answer my email; You right, my mistake: root at gtmpve ~]# net rpc rights list privileges -UAdministrator Enter Administrator's password: SeMachineAccountPrivilege Add machines to domain SeTakeOwnershipPrivilege Take ownership of files or other objects SeBackupPrivilege Back up files and directories SeRestorePrivilege Restore files and directories SeRemoteShutdownPrivilege Force shutdown from a remote system SePrintOperatorPrivilege Manage printers SeAddUsersPrivilege Add users and groups to the domain SeDiskOperatorPrivilege Manage disk shares SeSecurityPrivilege System security But, the problems still there. I can not set Security permissions (using the Security tab) to shared folders or directory using Windows ACL because say Access denied; but in the Shared permissions tab I can change, add or something else permissions or groups or users. Rommel Rodriguez Toirac rommelrt at nauta.cu