In addition to Rowlands answer. About . [samba] path = /samba/ What are the rights on /samba/ ? My guess here, the rights on /samba does not allow you to set rights on that and subfolders. I also suggest, if you share a folder share a subfolder in /samba/share1 Makes it more easy to manage your ACL. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Marco Pirola via samba > Verzonden: dinsdag 29 januari 2019 11:26 > Aan: Rowland Penny; samba at lists.samba.org > Onderwerp: Re: [Samba] error witch rsat > > This is my selinux conf. > > # Authors: Jason Tang <jtang at tresys.com> > # > # Copyright (C) 2004-2005 Tresys Technology, LLC > # > # This library is free software; you can redistribute it and/or > # modify it under the terms of the GNU Lesser General Public > # License as published by the Free Software Foundation; either > # version 2.1 of the License, or (at your option) any later version. > # > # This library is distributed in the hope that it will be useful, > # but WITHOUT ANY WARRANTY; without even the implied warranty of > # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > # Lesser General Public License for more details. > # > # You should have received a copy of the GNU Lesser General Public > # License along with this library; if not, write to the Free Software > # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA > 02110-1301 USA > # > # Specify how libsemanage will interact with a SELinux policy manager. > # The four options are: > # > # "source" - libsemanage manipulates a source SELinux policy > # "direct" - libsemanage will write directly to a module store. > # /foo/bar - Write by way of a policy management server, whose > # named socket is at /foo/bar. The path must begin > # with a '/'. > # foo.com:4242 - Establish a TCP connection to a remote policy > # management server at foo.com. If there is a colon > # then the remainder is interpreted as a port number; > # otherwise default to port 4242. > module-store = direct > > # When generating the final linked and expanded policy, by default > # semanage will set the policy version to POLICYDB_VERSION_MAX, as > # given in <sepol/policydb.h>. Change this setting if a different > # version is necessary. > #policy-version = 19 > > # expand-check check neverallow rules when executing all > semanage commands. > # Large penalty in time if you turn this on. > expand-check=0 > > # By default, semanage will generate policies for the SELinux target. > # To build policies for Xen, uncomment the following line. > #target-platform = xen > > the other files are ok, otherwise I would not be able to make > the join > the machine or to do the query via nslooch of the machine dc > 192.168.1.5 > > Il 29/01/2019 10:05, Rowland Penny via samba ha scritto: > > On Tue, 29 Jan 2019 06:59:45 +0100 > > Marco Pirola <mapirola81 at gmail.com> wrote: > > > >> This is the content of my smb.conf. Can you check if something is > >> missing? Otherwise I do not know how to behave anymore. Thanks and > >> have a good day. > > The only problem I can see is this line: > > > > valid user = +"domain users" > > > > You shouldn't set this line if using Windows ACL's > > > > Can we try checking a few things (I know you might have > already posted > > them, but lets get them in one place), please add them to > the post,do > > not attach them. > > > > OS > > /etc/hostname > > /etc/hosts > > /etc/resolv.conf > > /etc/krb5.conf > > /etc/nsswitch.conf > > > > Is a firewall running ? > > Is selinux/apparmor running ? > > What is the AD DC ? > > What Windows computer are you connecting from ? > > > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Witch your suggest the my problem persisted Il 29/01/2019 12:06, L.P.H. van Belle via samba ha scritto:> In addition to Rowlands answer. > > About . > [samba] > path = /samba/ > > What are the rights on /samba/ ? > My guess here, the rights on /samba does not allow you to set rights on that and subfolders. > > I also suggest, if you share a folder share a subfolder in /samba/share1 > Makes it more easy to manage your ACL. > > > Greetz, > > Louis > > > > > >> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens >> Marco Pirola via samba >> Verzonden: dinsdag 29 januari 2019 11:26 >> Aan: Rowland Penny; samba at lists.samba.org >> Onderwerp: Re: [Samba] error witch rsat >> >> This is my selinux conf. >> >> # Authors: Jason Tang <jtang at tresys.com> >> # >> # Copyright (C) 2004-2005 Tresys Technology, LLC >> # >> # This library is free software; you can redistribute it and/or >> # modify it under the terms of the GNU Lesser General Public >> # License as published by the Free Software Foundation; either >> # version 2.1 of the License, or (at your option) any later version. >> # >> # This library is distributed in the hope that it will be useful, >> # but WITHOUT ANY WARRANTY; without even the implied warranty of >> # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU >> # Lesser General Public License for more details. >> # >> # You should have received a copy of the GNU Lesser General Public >> # License along with this library; if not, write to the Free Software >> # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA >> 02110-1301 USA >> # >> # Specify how libsemanage will interact with a SELinux policy manager. >> # The four options are: >> # >> # "source" - libsemanage manipulates a source SELinux policy >> # "direct" - libsemanage will write directly to a module store. >> # /foo/bar - Write by way of a policy management server, whose >> # named socket is at /foo/bar. The path must begin >> # with a '/'. >> # foo.com:4242 - Establish a TCP connection to a remote policy >> # management server at foo.com. If there is a colon >> # then the remainder is interpreted as a port number; >> # otherwise default to port 4242. >> module-store = direct >> >> # When generating the final linked and expanded policy, by default >> # semanage will set the policy version to POLICYDB_VERSION_MAX, as >> # given in <sepol/policydb.h>. Change this setting if a different >> # version is necessary. >> #policy-version = 19 >> >> # expand-check check neverallow rules when executing all >> semanage commands. >> # Large penalty in time if you turn this on. >> expand-check=0 >> >> # By default, semanage will generate policies for the SELinux target. >> # To build policies for Xen, uncomment the following line. >> #target-platform = xen >> >> the other files are ok, otherwise I would not be able to make >> the join >> the machine or to do the query via nslooch of the machine dc >> 192.168.1.5 >> >> Il 29/01/2019 10:05, Rowland Penny via samba ha scritto: >>> On Tue, 29 Jan 2019 06:59:45 +0100 >>> Marco Pirola <mapirola81 at gmail.com> wrote: >>> >>>> This is the content of my smb.conf. Can you check if something is >>>> missing? Otherwise I do not know how to behave anymore. Thanks and >>>> have a good day. >>> The only problem I can see is this line: >>> >>> valid user = +"domain users" >>> >>> You shouldn't set this line if using Windows ACL's >>> >>> Can we try checking a few things (I know you might have >> already posted >>> them, but lets get them in one place), please add them to >> the post,do >>> not attach them. >>> >>> OS >>> /etc/hostname >>> /etc/hosts >>> /etc/resolv.conf >>> /etc/krb5.conf >>> /etc/nsswitch.conf >>> >>> Is a firewall running ? >>> Is selinux/apparmor running ? >>> What is the AD DC ? >>> What Windows computer are you connecting from ? >>> >>> Rowland >>> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> >
On Tue, 29 Jan 2019 13:01:06 +0100 Marco Pirola via samba <samba at lists.samba.org> wrote:> Witch your suggest the my problem persisted >Marco, Please either post the info I have asked for, or go away. There is something going on with your particular domain and without the info, we cannot begin to sort your problem. We are more than willing to try and help you, but without the info, we cannot. It will also probably help if you give us detailed explanations of what error messages etc you get, rather than just saying 'it doesn't work' Rowland Penny Samba team member