Rowland Penny
2018-Jan-08 21:50 UTC
[Samba] R: R: R: R: cannot list/access samba share from Windowsclient
On Mon, 8 Jan 2018 22:38:15 +0100 Andrea Rossetti <andy.ros at gmail.com> wrote:> >Da: Rowland Penny via samba > >Inviato: lunedì 8 gennaio 2018 21:42 > >A: samba at lists.samba.org > >Oggetto: Re: [Samba] R: R: R: cannot list/access samba share from > >Windowsclient > > >I changed the 'idmap config' block on my computer to this: > > > > idmap config *:backend = tdb > > idmap config *:range = 2000-9999 > > idmap config SAMDOM : backend = rid > > idmap config SAMDOM : range = 10000-999999 > > > >Restarted smbd, nmbd and winbind, then: > > > >root at devstation:~# net cache flush > >root at devstation:~# getent passwd samdom\\rowland > >rowland:*:11107:10513:Rowland Penny:/home/rowland:/bin/bash > > > >root at devstation:~# getent group "samdom\\domain admins" > >domain admins:x:10512:administrator,swanadmin,rowland > > > >As you can see, it works ;-) > > I’ve done exactly as you (view /etc/samba/smb.conf below) but nothing > changed! > > >If it isn't working for you, you must have something misconfigured or > >something missing, What do you have in /etc/hostname, /etc/hosts > >and /etc/resolv.conf ? > > root at SRVLNXWINTRA01:~# cat /etc/hostname > SRVLNXWINTRA01 > > root at SRVLNXWINTRA01:~# cat /etc/hosts > 127.0.0.1 localhost > 192.168.23.244 SRVLNXWINTRA01.comune.spoleto.local SRVLNXWINTRA01 > > # The following lines are desirable for IPv6 capable hosts > ::1 ip6-localhost ip6-loopback > fe00::0 ip6-localnet > ff00::0 ip6-mcastprefix > ff02::1 ip6-allnodes > ff02::2 ip6-allrouters > > root at SRVLNXWINTRA01:~# cat /etc/resolv.conf > # Dynamic resolv.conf(5) file for glibc resolver(3) generated by > resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES > WILL BE OVERWRITTEN search comune.spoleto.local > search comune.spoleto.local > nameserver 192.168.23.11 > nameserver 192.168.23.12 > > >What packages did you install with the Samba packages ? (note: not > >the base OS packages, the packages installed when you installed > >Samba) > > I used apt-get install samba > > root at SRVLNXWINTRA01:~# dpkg -l | grep samba > ii python-samba > 2:4.3.11+dfsg-0ubuntu0.16.04.12 amd64 Python > bindings for Samba ii samba > 2:4.3.11+dfsg-0ubuntu0.16.04.12 amd64 SMB/CIFS > file, print, and login server for Unix ii > samba-common > 2:4.3.11+dfsg-0ubuntu0.16.04.12 all common files > used by both the Samba server and client ii > samba-common-bin > 2:4.3.11+dfsg-0ubuntu0.16.04.12 amd64 Samba common > files used by both the server and the client ii > samba-dsdb-modules > 2:4.3.11+dfsg-0ubuntu0.16.04.12 amd64 Samba > Directory Services Database ii samba-libs:amd64 > 2:4.3.11+dfsg-0ubuntu0.16.04.12 amd64 Samba core > libraries ii samba-vfs-modules > 2:4.3.11+dfsg-0ubuntu0.16.04.12 amd64 Samba Virtual > FileSystem plugins > > > -------------------------------------------------------------- > My /etc/samba/smb.conf > # Global parameters > [global] > workgroup = COM_SPOLETO > realm = COMUNE.SPOLETO.LOCAL > server string = %h server (Samba, Ubuntu) > interfaces = lo ens32 > bind interfaces only = Yes > server role = member server > security = ADS > map to guest = Bad User > username map = /etc/samba/user.map > kerberos method = secrets and keytab > log file = /var/log/samba/log.%m > max log size = 1000 > client signing = if_required > dns proxy = No > panic action = /usr/share/samba/panic-action %d > winbind refresh tickets = Yes > idmap config com_spoleto : range = 10000-999999 > idmap config com_spoleto : backend = rid > idmap config * : range = 2000-9999 > idmap config * : backend = tdb > map acl inherit = Yes > store dos attributes = Yes > vfs objects = acl_xattr > > [printers] > comment = All Printers > path = /var/spool/samba > create mask = 0700 > printable = Yes > browseable = No > > [print$] > comment = Printer Drivers > path = /var/lib/samba/printers > > [share] > comment = Progetti QGIS per Lizmap > path = /home/data/share > read only = No > inherit acls = YesI think I understand it now ;-) The debian Samba package used to install winbind as a dependency, it doesn't now, try running this (as root): apt-get install winbind libnss-winbind libpam-winbind The last two packages are the 'glue' between winbind and nsswitch Rowland
Andrea Rossetti
2018-Jan-08 22:20 UTC
[Samba] R: R: R: R: R: cannot list/access samba share fromWindowsclient
Inviato da Posta per Windows 10 Da: Rowland Penny via samba Inviato: lunedì 8 gennaio 2018 22:52 A: samba at lists.samba.org Oggetto: Re: [Samba] R: R: R: R: cannot list/access samba share fromWindowsclient>I think I understand it now ;-) > >The debian Samba package used to install winbind as a dependency, it >doesn't now, try running this (as root): > >apt-get install winbind libnss-winbind libpam-winbind > >The last two packages are the 'glue' between winbind and nsswitchOk now I can Look up Domain Users and Groups root at SRVLNXWINTRA01:/home/data# getent passwd com_spoleto\andrea.rossetti COM_SPOLETO\andrea.rossetti:*:11212:10513:Andrea Rossetti:/home/COM_SPOLETO/andrea.rossetti:/bin/false root at SRVLNXWINTRA01:/home/data# getent group "com_spoleto\\domain admins" COM_SPOLETO\domain admins:x:10512: I can set permission tu shared folder root at SRVLNXWINTRA01:/home/data# chown root:"com_spoleto\domain admins" share root at SRVLNXWINTRA01:/home/data# chmod 2770 share/ root at SRVLNXWINTRA01:/home/data# ls -la totale 20 drwxrws--- 2 root COM_SPOLETO\domain admins 4096 gen 8 19:39 share But I have the same problem that I have before when I had sssd instead of winbind 1. Execute computer management from a Windows domain member client as a domain admin user (run as com_spoleto\rossetti.admin that is a “domain admins” member 2. Right click on computer management -> connect to another computer -> srvlnxwintra01 (the Linux server member) 3. I expand “System Tools” -> I expand “Shared Folders” -> click on “Shares” right click on “share” -> Click Properties -> click on tab “Security”. In this tab I have the message “You musr have Read permission to view the properties of this object” even if I have granted SeDiskOperatorPrivilege to “com_spoleto\domain admins” Group. But If I execute “Computer Management” as “com_spoleto\adminserver” user (I explained below the reason I used this user) I can view/modify the ACLs. 4. Even if I change the permission, using adminserver, adding domainadmins full control this folder subfolder and files and adding domain users read and execute this folder subfolder and files, neither a simple user nor a domain admin users can list the shares in \\servermember Please help me thanks! I’ve more and more and more confused. ☹
Andrea Rossetti
2018-Jan-09 08:58 UTC
[Samba] I: R: R: R: R: cannot list/access samba sharefromWindowsclient
>Da: Rowland Penny via samba >Inviato: lunedì 8 gennaio 2018 22:52 >A: samba at lists.samba.org >Oggetto: Re: [Samba] R: R: R: R: cannot list/access samba share fromWindowsclient > >>I think I understand it now ;-) >> >>The debian Samba package used to install winbind as a dependency, it >>doesn't now, try running this (as root): >> >>apt-get install winbind libnss-winbind libpam-winbind >> >>The last two packages are the 'glue' between winbind and nsswitch > >Ok now I can Look up Domain Users and Groups > >root at SRVLNXWINTRA01:/home/data# getent passwd com_spoleto\andrea.rossetti >COM_SPOLETO\andrea.rossetti:*:11212:10513:Andrea Rossetti:/home/COM_SPOLETO/andrea.rossetti:/bin/false >root at SRVLNXWINTRA01:/home/data# getent group "com_spoleto\\domain admins" >COM_SPOLETO\domain admins:x:10512: > >I can set permission tu shared folder > >root at SRVLNXWINTRA01:/home/data# chown root:"com_spoleto\domain admins" share >root at SRVLNXWINTRA01:/home/data# chmod 2770 share/ >root at SRVLNXWINTRA01:/home/data# ls -la >totale 20 >drwxrws--- 2 root COM_SPOLETO\domain admins 4096 gen 8 19:39 share > >But I have the same problem that I have before when I had sssd instead of winbind >1. Execute computer management from a Windows domain member client as a domain admin user (run as >com_spoleto\rossetti.admin that is a “domain admins” member >2. Right click on computer management -> connect to another computer -> srvlnxwintra01 (the Linux server >member) >3. I expand “System Tools” -> I expand “Shared Folders” -> click on “Shares” right click on “share” -> Click >Properties -> click on tab “Security”. In this tab I have the message “You must have Read permission to view the properties of this object” even if I have granted SeDiskOperatorPrivilege to “com_spoleto\domain admins” Group. But If I execute “Computer Management” as “com_spoleto\adminserver” user (I explained below the >reason I used this user) I can view/modify the ACLs. >4. Even if I change the permission, using adminserver, adding domainadmins full control this folder subfolder and files and adding domain users read and execute this folder subfolder and files, neither a simple user nor a domain admin users can list the shares in \\servermember >Please help me thanks! >I’ve more and more and more confused. ☹I tried again, this morning, only point 4 and now I can do things that last night did not make me do without change any configuration. That night brings advice? 😊 😊 😊 Seriously… now both the “domain users” and “domain admins” can list share on \\linuxservermember the “domain admins” full control and the “domain users” read only. Do the ACLs configurations take time to be transposed by samba when done from a vindows client via “computer management” snap-in??
Reasonably Related Threads
- I: R: R: R: R: cannot list/access samba sharefromWindowsclient
- R: cannot list/access samba share from Windows client
- R: R: cannot list/access samba share from Windows client
- R: cannot list/access samba share from Windows client
- R: R: R: R: cannot list/access samba share from Windowsclient