This is my smb.conf of the member of domain # Global parameters [global] security = ADS workgroup = ROBINOOD realm = ROBINOOD.TST #dns forwarder = 192.168.1.6 log file = /var/log/samba/%m.log log level = 1 vfs objects = acl_xattr map acl inherit = yes store dos attributes = yes # Default ID mapping configuration for local BUILTIN accounts # and groups on a domain member. The default (*) domain: # - must not overlap with any domain ID mapping configuration! # - must use a read-write-enabled back end, such as tdb. idmap config * : backend = tdb idmap config * : range = 3000-7999 # - You must set a DOMAIN backend configuration # idmap config for the SAMDOM domain idmap config ROBINOOD : backend = rid idmap config ROBINOOD : range = 10000-999999 winbind use default domain = yes [repository] path = /home/samba/ read only = no Il 24/01/2019 18:17, Rowland Penny via samba ha scritto:> On Thu, 24 Jan 2019 18:07:19 +0100 > marco pirola via samba <samba at lists.samba.org> wrote: > >> hello everyone, I have this problem: I have a machine (debian9) that >> makes me a domain member. The partition where I create the shares >> supports acl. On a machine where windows 10 professional is installed >> where rsat is installed if I try to give a user permission to any >> known share that by logging on the domain member machine the user >> does not appear in the acl of the share. What should I do? >> > Please post your smb.conf from the Debian 9 machine. > > Rowland >
On Thu, 24 Jan 2019 18:19:45 +0100 marco pirola via samba <samba at lists.samba.org> wrote:> This is my smb.conf of the member of domain > > # Global parameters > [global] > security = ADS > workgroup = ROBINOOD > realm = ROBINOOD.TST > #dns forwarder = 192.168.1.6 > log file = /var/log/samba/%m.log > log level = 1 > vfs objects = acl_xattr > map acl inherit = yes > store dos attributes = yes > # Default ID mapping configuration for local BUILTIN accounts > # and groups on a domain member. The default (*) domain: > # - must not overlap with any domain ID mapping configuration! > # - must use a read-write-enabled back end, such as tdb. > idmap config * : backend = tdb > idmap config * : range = 3000-7999 > # - You must set a DOMAIN backend configuration > # idmap config for the SAMDOM domain > idmap config ROBINOOD : backend = rid > idmap config ROBINOOD : range = 10000-999999 > winbind use default domain = yes > > [repository] > path = /home/samba/ > read only = no > > Il 24/01/2019 18:17, Rowland Penny via samba ha scritto: > > On Thu, 24 Jan 2019 18:07:19 +0100 > > marco pirola via samba <samba at lists.samba.org> wrote: > > > >> hello everyone, I have this problem: I have a machine (debian9) > >> that makes me a domain member. The partition where I create the > >> shares supports acl. On a machine where windows 10 professional is > >> installed where rsat is installed if I try to give a user > >> permission to any known share that by logging on the domain member > >> machine the user does not appear in the acl of the share. What > >> should I do? > >> > > Please post your smb.conf from the Debian 9 machine. > > > > Rowland > > >Have you tried reading this: https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs Rowland
I followed this guide: the user who gives permission to the network share is without problems but at the file system level I do not understand the user using the acl. What should I do? Il 24/01/2019 18:32, Rowland Penny via samba ha scritto:> On Thu, 24 Jan 2019 18:19:45 +0100 > marco pirola via samba <samba at lists.samba.org> wrote: > >> This is my smb.conf of the member of domain >> >> # Global parameters >> [global] >> security = ADS >> workgroup = ROBINOOD >> realm = ROBINOOD.TST >> #dns forwarder = 192.168.1.6 >> log file = /var/log/samba/%m.log >> log level = 1 >> vfs objects = acl_xattr >> map acl inherit = yes >> store dos attributes = yes >> # Default ID mapping configuration for local BUILTIN accounts >> # and groups on a domain member. The default (*) domain: >> # - must not overlap with any domain ID mapping configuration! >> # - must use a read-write-enabled back end, such as tdb. >> idmap config * : backend = tdb >> idmap config * : range = 3000-7999 >> # - You must set a DOMAIN backend configuration >> # idmap config for the SAMDOM domain >> idmap config ROBINOOD : backend = rid >> idmap config ROBINOOD : range = 10000-999999 >> winbind use default domain = yes >> >> [repository] >> path = /home/samba/ >> read only = no >> >> Il 24/01/2019 18:17, Rowland Penny via samba ha scritto: >>> On Thu, 24 Jan 2019 18:07:19 +0100 >>> marco pirola via samba <samba at lists.samba.org> wrote: >>> >>>> hello everyone, I have this problem: I have a machine (debian9) >>>> that makes me a domain member. The partition where I create the >>>> shares supports acl. On a machine where windows 10 professional is >>>> installed where rsat is installed if I try to give a user >>>> permission to any known share that by logging on the domain member >>>> machine the user does not appear in the acl of the share. What >>>> should I do? >>>> >>> Please post your smb.conf from the Debian 9 machine. >>> >>> Rowland >>> > Have you tried reading this: > > https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs > > Rowland >
On Thu, 24 Jan 2019 20:28:25 +0100 marco pirola <mapirola81 at gmail.com> wrote:> Very often with rsat installed on windows 10 professional I get the > error that I attach to the email. What is a bug? >And in English ;-) RPC server not available on computer 'DC' This problem may occur if a connection blocked by Windows Firewall can not be established This is a known annoyance, just press 'Enter' and it should connect. Rowland