> Can I suggest you keep upgrading, Samba 4.3.11 is EOL and I suppose the > version of Ubuntu you are running it on will be as well ;-)It's Ubuntu 16 LTS, so it's supported until 2021.> Probably because that is the old way of doing things ;-)I said that's the old installation, in the new one we remapped all the single user entries to the new ACL from RSAT. So we opened the shares on RSAT and added allowed users and group from the Security tab of the share/directory. It works, share access is enforced correctly, but for some shares we have this forbidden access I cannot explain with the printed ACL. -- Lorenzo Milesi - lorenzo.milesi at yetopen.it YetOpen S.r.l. - https://www.yetopen.it/ Via Salerno 18 - 23900 Lecco - ITALY - Tel +39 0341 220 205 - Fax +39 178 6070 222 Think green - Non stampare questa e-mail se non necessario / Don't print this email unless necessary -------- D.Lgs. 196/2003 e GDPR 679/2016 -------- Tutte le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario. Tutte le informazioni ivi contenute, compresi eventuali allegati, sono da ritenere confidenziali e riservate secondo i termini del vigente D.Lgs. 196/2003 in materia di privacy e del Regolamento europeo 679/2016 - GDPR - e quindi ne e' proibita l'utilizzazione ulteriore non autorizzata. Nel caso in cui questo messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo, stamparlo, a non inoltrarlo a terzi e ad avvertirci non appena possibile. Grazie. Confidentiality notice: this email message including any attachment is for the sole use of the intended recipient and may contain confidential and privileged information; pursuant to Legislative Decree 196/2003 and the European General Data Protection Regulation 679/2016 - GDPR - any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recepient please delete this message without copying, printing or forwarding it to others, and alert us as soon as possible. Thank you.
On 02/07/2019 11:27, Lorenzo Milesi wrote:>> Can I suggest you keep upgrading, Samba 4.3.11 is EOL and I suppose the >> version of Ubuntu you are running it on will be as well ;-) > It's Ubuntu 16 LTS, so it's supported until 2021.Well Ubuntu may be supported until 2021, but Samba 4.3.x went EOL just over 2 years ago, the only support you will get is from Ubuntu and probably will only be for security releases.> >> Probably because that is the old way of doing things ;-) > I said that's the old installation, in the new one we remapped all the single user entries to the new ACL from RSAT. So we opened the shares on RSAT and added allowed users and group from the Security tab of the share/directory. > > It works, share access is enforced correctly, but for some shares we have this forbidden access I cannot explain with the printed ACL.The latest Samba version is 4.10.6 and there have been numerous updates since 4.3.11, but you shouldn't be having the problem you have, so lets start be you posting your smb.conf Rowland
> The latest Samba version is 4.10.6 and there have been numerous updates > since 4.3.11, but you shouldn't be having the problem you have, so lets > start be you posting your smb.confThank you very much. Here it is: [global] server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate realm = domain.lan ldap server require strong auth = no netbios name = SERVER1 workgroup = DOMAIN server role = active directory domain controller log level = 5 idmap_ldb:use rfc2307 = yes log file = /var/log/samba/log.%m [users] path = /home/users/ read only = no [profiles] comment = Users profiles path = /home/profiles read only = no browsable = no [CONDIVISIONE] path = /home/condivisa read only = No vfs objects = recycle recycle:keeptree = yes recycle:versions = yes recycle:maxsize = 200000000 recycle:exclude = *.tmp|*.temp|*.o|*.obj|~$*|*.~??|~*.tmp recycle:excludedir recycle:noversions = *.doc|*.xls|*.ppt recycle:directory_mode = 770 recycle:touch = yes recycle:touch_mtime = yes recycle:repository = .cestino/%U #<other shares> [netlogon] path = /var/lib/samba/sysvol/domain.lan/scripts read only = No browsable = no [sysvol] path = /var/lib/samba/sysvol read only = No browsable = no ----- Original Message -----> From: "samba" <samba at lists.samba.org> > To: "samba" <samba at lists.samba.org> > Sent: Tuesday, July 2, 2019 1:02:19 PM > Subject: Re: [Samba] Weird access problem to files-- Lorenzo Milesi - lorenzo.milesi at yetopen.it YetOpen S.r.l. - https://www.yetopen.it/ Via Salerno 18 - 23900 Lecco - ITALY - Tel +39 0341 220 205 - Fax +39 178 6070 222 Think green - Non stampare questa e-mail se non necessario / Don't print this email unless necessary -------- D.Lgs. 196/2003 e GDPR 679/2016 -------- Tutte le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario. Tutte le informazioni ivi contenute, compresi eventuali allegati, sono da ritenere confidenziali e riservate secondo i termini del vigente D.Lgs. 196/2003 in materia di privacy e del Regolamento europeo 679/2016 - GDPR - e quindi ne e' proibita l'utilizzazione ulteriore non autorizzata. Nel caso in cui questo messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo, stamparlo, a non inoltrarlo a terzi e ad avvertirci non appena possibile. Grazie. Confidentiality notice: this email message including any attachment is for the sole use of the intended recipient and may contain confidential and privileged information; pursuant to Legislative Decree 196/2003 and the European General Data Protection Regulation 679/2016 - GDPR - any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recepient please delete this message without copying, printing or forwarding it to others, and alert us as soon as possible. Thank you.