Ing. Claudio Nicora
2018-Jul-05 13:29 UTC
[Samba] NT_STATUS_NO_MEMORY accessing a DC shared resource
> Your glasses (or lack of) ;-)I usually agree, but in this case I've seen that warning and voluntarily ignored it because it worked for 2 days... I thought I was lucky ;-)> Or to put it another way, you must set the permissions from Windows > > This is one of the problems/features of using a DC as a fileserver. > > Remove everything after the 'read only = No' line and read this: > > https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs > > RowlandI've changed smb.conf as suggested, then changed permissions from Linux (Windows Explorer gave access denied when enumerating object content): # setfacl -m "default:group:SAMDOM:rwx" / # setfacl -m "group:SAMDOM\Domain Admins:rwx" / # ... restricted access at minimum ... # setfacl -m "default:other::" / # setfacl -m "other::" / Now the share works and I can edit/copy/delete files without issues. There's a last thing I'd like to fix: when I create a new file, it got created with these permissions: ----- # ls -l -rwxrwx---+ 1 3000000 users 0 Jul 5 15:11 'New text document.txt'* ----- Is there a way to force it being created with root:root as owner and possibly with more strict permissions (I'm scared I'll forgot the permission issue in the near future)? Rowland, thanks for your help and patience ;-)
Rowland Penny
2018-Jul-05 13:51 UTC
[Samba] NT_STATUS_NO_MEMORY accessing a DC shared resource
On Thu, 5 Jul 2018 15:29:01 +0200 "Ing. Claudio Nicora" <claudio.nicora at gmail.com> wrote:> > > Your glasses (or lack of) ;-) > I usually agree, but in this case I've seen that warning and > voluntarily ignored it because it worked for 2 days... > I thought I was lucky ;-) > > > Or to put it another way, you must set the permissions from Windows > > > > This is one of the problems/features of using a DC as a fileserver. > > > > Remove everything after the 'read only = No' line and read this: > > > > https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs > > > > Rowland > I've changed smb.conf as suggested, then changed permissions from > Linux (Windows Explorer gave access denied when enumerating object > content):You need to find out why this is happening.> > # setfacl -m "default:group:SAMDOM:rwx" / > # setfacl -m "group:SAMDOM\Domain Admins:rwx" / > # ... restricted access at minimum ... > # setfacl -m "default:other::" / > # setfacl -m "other::" / > > Now the share works and I can edit/copy/delete files without issues. > > There's a last thing I'd like to fix: > when I create a new file, it got created with these permissions: > > ----- > # ls -l > -rwxrwx---+ 1 3000000 users 0 Jul 5 15:11 'New text > document.txt'* ----- > > Is there a way to force it being created with root:root as owner and > possibly with more strict permissions (I'm scared I'll forgot the > permission issue in the near future)?Undoubtedly '3000000' will be Administrator, who will be mapped to ID '0' (root) in idmap.ldb and 'users' is mapped from 'Domain Users' in idmap.ldb. There is a slight problem with the way you have set the permissions (okay, a large one), the permissions, when set from Windows, are stored in a file called NTACL.security Rowland> > Rowland, thanks for your help and patience ;-)
Ing. Claudio Nicora
2018-Jul-05 14:15 UTC
[Samba] NT_STATUS_NO_MEMORY accessing a DC shared resource
> Undoubtedly '3000000' will be Administrator, who will be mapped to ID > '0' (root) in idmap.ldb and 'users' is mapped from 'Domain Users' in > idmap.ldb.Will live with that; that share is only used while playing with samba config easily from Windows clients. I'll remove it just before going to production.> There is a slight problem with the way you have set the permissions > (okay, a large one), the permissions, when set from Windows, are stored > in a file called NTACL.security > > RowlandDo you mean that Linux (other than Samba) could have issues accessing those files? Even if I force them to root:root with chown?