This is my smb.conf # Global parameters [global] security = ADS workgroup = ROBINOOD realm = ROBINOOD.TST #dns forwarder = 192.168.1.6 log file = /var/log/samba/%m.log log level = 1 vfs objects = acl_xattr map acl inherit = yes store dos attributes = yes # Default ID mapping configuration for local BUILTIN accounts # and groups on a domain member. The default (*) domain: # - must not overlap with any domain ID mapping configuration! # - must use a read-write-enabled back end, such as tdb. idmap config * : backend = tdb idmap config * : range = 3000-7999 # - You must set a DOMAIN backend configuration # idmap config for the SAMDOM domain idmap config ROBINOOD : backend = rid idmap config ROBINOOD : range = 10000-999999 winbind use default domain = yes username map = /etc/samba/user.map [samba] path = /home/samba/samba/ read only = no #valid user = +"domain users" Il 11/02/2019 10:16, Rowland Penny via samba ha scritto:> On Mon, 11 Feb 2019 09:24:54 +0100 > marco pirola via samba <samba at lists.samba.org> wrote: > >> IF I try modificad the permission on the share I get a nice: >> impossible to enumerate objects in the counter: access denied from >> the amministration account. How I resolved it's? >> > If this is the message box that comes up when you try to connect to a > share from Windows, just click 'OK' and it should go away and connect. > > If it isn't, try reading this: > > https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs > > For anything else, we are going to have to see your smb.conf. > > Rowland >
On Mon, 11 Feb 2019 10:50:06 +0100 marco pirola via samba <samba at lists.samba.org> wrote:> This is my smb.conf > > # Global parameters > [global] > security = ADS > workgroup = ROBINOOD > realm = ROBINOOD.TST > #dns forwarder = 192.168.1.6 > log file = /var/log/samba/%m.log > log level = 1 > vfs objects = acl_xattr > map acl inherit = yes > store dos attributes = yes > # Default ID mapping configuration for local BUILTIN accounts > # and groups on a domain member. The default (*) domain: > # - must not overlap with any domain ID mapping configuration! > # - must use a read-write-enabled back end, such as tdb. > idmap config * : backend = tdb > idmap config * : range = 3000-7999 > # - You must set a DOMAIN backend configuration > # idmap config for the SAMDOM domain > idmap config ROBINOOD : backend = rid > idmap config ROBINOOD : range = 10000-999999 > winbind use default domain = yes > username map = /etc/samba/user.map > > [samba] > path = /home/samba/samba/ > read only = no > #valid user = +"domain users" >What is in '/etc/samba/user.map' ? It should be: !root = ROBINOOD\Administrator If you log into a Windows machine as Administrator, open 'Computer Manager' you should be able to navigate to the share and set permissions. See here: https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs If whilst following that it fails, where does it fail and how ? Rowland
Witch Administrator user, if i check enter in the share samba, I optain a window in which he tells me to enter a username that has permission to access the share Il 11/02/2019 11:19, Rowland Penny via samba ha scritto:> On Mon, 11 Feb 2019 10:50:06 +0100 > marco pirola via samba <samba at lists.samba.org> wrote: > >> This is my smb.conf >> >> # Global parameters >> [global] >> security = ADS >> workgroup = ROBINOOD >> realm = ROBINOOD.TST >> #dns forwarder = 192.168.1.6 >> log file = /var/log/samba/%m.log >> log level = 1 >> vfs objects = acl_xattr >> map acl inherit = yes >> store dos attributes = yes >> # Default ID mapping configuration for local BUILTIN accounts >> # and groups on a domain member. The default (*) domain: >> # - must not overlap with any domain ID mapping configuration! >> # - must use a read-write-enabled back end, such as tdb. >> idmap config * : backend = tdb >> idmap config * : range = 3000-7999 >> # - You must set a DOMAIN backend configuration >> # idmap config for the SAMDOM domain >> idmap config ROBINOOD : backend = rid >> idmap config ROBINOOD : range = 10000-999999 >> winbind use default domain = yes >> username map = /etc/samba/user.map >> >> [samba] >> path = /home/samba/samba/ >> read only = no >> #valid user = +"domain users" >> > What is in '/etc/samba/user.map' ? > > It should be: > > !root = ROBINOOD\Administrator > > If you log into a Windows machine as Administrator, open 'Computer > Manager' you should be able to navigate to the share and set > permissions. > > See here: > > https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs > > If whilst following that it fails, where does it fail and how ? > > Rowland >