# Global parameters [global] interfaces = bond0 log file = /var/log/samba/%m.log log level = 5 auth:5 winbind:8 printcap name = /dev/null realm = SOMEDOM.AT security = ADS username map = /etc/samba/user.map winbind refresh tickets = Yes winbind use default domain = Yes workgroup = ARBEITSGRUPPE idmap config arbeitsgruppe:unix_nss_info = yes idmap config arbeitsgruppe:range = 10000-9999999 idmap config arbeitsgruppe:backend = ad idmap config * : range = 2000-3999 idmap config * : backend = tdb map acl inherit = Yes store dos attributes = Yes vfs objects = acl_xattr [Daten] comment = Daten create mask = 0660 directory mask = 0770 path = /mnt/daten read only = No [Scans_Plotter] comment = Scans vom Plotter create mask = 0660 directory mask = 0770 path = /mnt/daten/Allgemeines/_Scans/Plotter read only = No
On Thu, 21 Feb 2019 14:45:21 +0100 "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:> > # Global parameters > [global] > interfaces = bond0 > log file = /var/log/samba/%m.log > log level = 5 auth:5 winbind:8 > printcap name = /dev/null > realm = SOMEDOM.AT > security = ADS > username map = /etc/samba/user.map > winbind refresh tickets = Yes > winbind use default domain = Yes > workgroup = ARBEITSGRUPPE > idmap config arbeitsgruppe:unix_nss_info = yes > idmap config arbeitsgruppe:range = 10000-9999999 > idmap config arbeitsgruppe:backend = ad > idmap config * : range = 2000-3999 > idmap config * : backend = tdb > map acl inherit = Yes > store dos attributes = Yes > vfs objects = acl_xattr > > [Daten] > comment = Daten > create mask = 0660 > directory mask = 0770 > path = /mnt/daten > read only = No > > [Scans_Plotter] > comment = Scans vom Plotter > create mask = 0660 > directory mask = 0770 > path = /mnt/daten/Allgemeines/_Scans/Plotter > read only = No >Apart from a missing line: idmap config arbeitsgruppe : schema_mode = rfc2307 There doesn't seem to be anything really wrong. Rowland
Am 21.02.19 um 15:00 schrieb Rowland Penny via samba:> Apart from a missing line: > > idmap config arbeitsgruppe : schema_mode = rfc2307 > > There doesn't seem to be anything really wrong.Added, thanks. Since my last mail I tested more and we found that ACLs were missing wrong, so I applied an ACL to give group "domain users" rwx here. Is create mask still needed, btw? The users work again now, and I wait for feedback.