Mason Schmitt
2020-Feb-12 11:16 UTC
[Samba] Incorrect group name is displayed in folder permission list in Windows
> > Hi, can we start by seeing your smb.conf from the file server ?###################################################### # Global Config # ###################################################### [global] kerberos method = system keytab workgroup = NAME security = ads realm = NAME.EXAMPLE.COM # Logging log file = /var/log/samba/%m.log log level = 3 # We're using the RID method of mapping SIDs to UID/GID idmap config NAME : range = 2000000-2999999 idmap config NAME : backend = rid idmap config * : range = 10000-999999 idmap config * : backend = tdb # Winbind winbind use default domain = no winbind refresh tickets = yes winbind offline logon = yes winbind enum groups = no winbind enum users = no # Map domain admin account to local root account # and resolve other "net rpc" issues username map = /etc/samba/user.map bind interfaces only = yes interfaces = lo eth0 # Enable Windows ACL support and make ACLs maximally compatible with NTFS ACLs. # Beyond setting the POSIX ownership and permissions for the share directory, all ACLs # should be managed in Windows. See the comment in the Shares section below for details # about our standard share configuration (both on the Linux/POSIX side and on the Windows side vfs objects = acl_xattr recycle acl_xattr:default acl style = windows #acl_xattr:ignore system acls = yes # PURE EVIL! If you value your sanity, don't use this option map acl inherit = yes store dos attributes = yes # Samba version 4.9.x enabled extended attribute support, by default. # This should be a good thing as it enables clients to make more intelligent decisions. # Unfortunately, customer reported that their old Windows 7 CE data collection device, # doesn't like the new settings, so we have to revert this feature. ea support = no ###################################################### # Global Security Settings # ###################################################### # Disable SMB1, it's too old and too insecure to be used anymore server min protocol = SMB2 # Samba AD users will not have access to a shell on linux hosts template shell = /bin/false # Netbios is dead, let's make it explicit disable netbios = yes # Win10 clients, that have negotiated an encrypted connection, # are not able to successfully re-connect to shares, # after being idle for an extended period of time. # Disabling encryption resolves this issue. smb encrypt = off # Hide shares from users that don't have permission to see them access based share enum = yes ###################################################### # Automatic creation of home directories # ###################################################### # !!! Important SELINUX configuration !!! # For automatic creation of home directories to work, # you must set two selinux booleans with the following commands: # setsebool -P samba_create_home_dirs 1 # setsebool -P samba_enable_home_dirs 1 # # Check that the selinux booleans were correctly set # getsebool -a | grep samba | grep home # # For samba to serve the home dirs, they must be labeled with the # selinux type 'samba_share_t' # During the installation of this server a policy was created for the # /srv/samba/ directory, which ensures all sub-folders/files are labeled # with samba_share_t. Therefore, as long as the home folders are located # under /srv/samba/ this labelling will be taken care of. # --- End of SELINUX configuration --- # Home directories will be created at this path with %U being replaced by # the username template homedir = /srv/samba/Shares/Home/%U # This share declaration works in conjunction with a GPO # When a user logs in for the first time, a new home folder will # be created for them on the file server and a mapped drive (H:) will # be created in the Windows profile on their computer. See the samba wiki for # details of how to create the GPO # https://wiki.samba.org/index.php/User_Home_Folders#Using_a_Group_Policy_Preference [Home] path = /srv/samba/Shares/Home comment = Share for user home dirs guest ok = no read only = no # Recyle bin recycle:repository = %U/Recycle_Bin recycle:versions = Yes recycle:keeptree = Yes recycle:touch = Yes recycle:exclude = *.tmp,~$* recycle:exclude_dir = %U/Recycle_Bin ###################################################### # Standard Shares # ###################################################### [Shares] path = /srv/samba/Shares comment = Parent share sets top level Windows file permission inheritance guest ok = no read only = no [Backup] path = /srv/samba/Shares/Backup comment = Create separate folders, with locked down permissions, for each application guest ok = no read only = no [FTL] path = /srv/samba/Shares/FTL comment = FTL tools and documents to help with on-site service guest ok = no read only = no [Software] path = /srv/samba/Shares/Software comment = Software for installation via GPO guest ok = no read only = no [Top] path = /srv/samba/Shares/Top comment = Top level file share guest ok = no read only = no # Recyle bin recycle:repository = Recycle_Bin/%U recycle:versions = Yes recycle:keeptree = Yes recycle:touch = Yes recycle:exclude = *.tmp,~$* recycle:exclude_dir = Recycle_Bin
Rowland penny
2020-Feb-12 11:42 UTC
[Samba] Incorrect group name is displayed in folder permission list in Windows
On 12/02/2020 11:16, Mason Schmitt wrote:> > Hi, can we start by seeing your smb.conf from the file server ? > > > ###################################################### > # ? ? ? ? ? ? ? ? ? ? Global Config ? ? ? ? ? ? ? ? ?# > ###################################################### > > [global] > kerberos method = system keytab > workgroup = NAME > security = ads > realm = NAME.EXAMPLE.COM <http://NAME.EXAMPLE.COM> > > # Logging > log file = /var/log/samba/%m.log > log level = 3 > > # We're using the RID method of mapping SIDs to UID/GID > idmap config NAME : range = 2000000-2999999 > idmap config NAME : backend = rid > idmap config * : range = 10000-999999 > idmap config * : backend = tdb > > # Winbind > winbind use default domain = no > winbind refresh tickets = yes > winbind offline logon = yes > winbind enum groups = no > winbind enum users = no > > # Map domain admin account to local root account > # and resolve other "net rpc" issues > username map = /etc/samba/user.map > bind interfaces only = yes > interfaces = lo eth0 > > # Enable Windows ACL support and make ACLs maximally compatible with > NTFS ACLs. > # Beyond setting the POSIX ownership and permissions for the share > directory, all ACLs > # should be managed in Windows.? See the comment in the Shares section > below for details > # about our standard share configuration (both on the Linux/POSIX side > and on the Windows side > vfs objects = acl_xattr recycle > acl_xattr:default acl style = windows > #acl_xattr:ignore system acls = yes ? ? # PURE EVIL!? If you value > your sanity, don't use this option > map acl inherit = yes > store dos attributes = yes > > # Samba version 4.9.x enabled extended attribute support, by default. > # This should be a good thing as it enables clients to make more > intelligent decisions. > # Unfortunately, customer reported that their old Windows 7 CE data > collection device, > # doesn't like the new settings, so we have to revert this feature. > ea support = no > > > ###################################################### > # ? ? ? ? ? ? Global Security Settings ? ? ? ? ? ? ? # > ###################################################### > > # Disable SMB1, it's too old and too insecure to be used anymore > server min protocol = SMB2 > > # Samba AD users will not have access to a shell on linux hosts > template shell = /bin/false > > # Netbios is dead, let's make it explicit > disable netbios = yes > > # Win10 clients, that have negotiated an encrypted connection, > # are not able to successfully re-connect to shares, > # after being idle for an extended period of time. > # Disabling encryption resolves this issue. > smb encrypt = off > > # Hide shares from users that don't have permission to see them > access based share enum = yes > > > ###################################################### > # ? ? ? Automatic creation of home directories ? ? ? # > ###################################################### > > # !!! Important SELINUX configuration !!! > # For automatic creation of home directories to work, > # you must set two selinux booleans with the following commands: > # setsebool -P samba_create_home_dirs 1 > # setsebool -P samba_enable_home_dirs 1 > # > # Check that the selinux booleans were correctly set > # getsebool -a | grep samba | grep home > # > # For samba to serve the home dirs, they must be labeled with the > # selinux type 'samba_share_t' > # During the installation of this server a policy was created for the > # /srv/samba/ directory, which ensures all sub-folders/files are labeled > # with samba_share_t.? Therefore, as long as the home folders are located > # under /srv/samba/ this labelling will be taken care of. > # --- End of SELINUX configuration --- > > # Home directories will be created at this path with %U being replaced by > # the username > template homedir = /srv/samba/Shares/Home/%U > > # This share declaration works in conjunction with a GPO > # When a user logs in for the first time, a new home folder will > # be created for them on the file server and a mapped drive (H:) will > # be created in the Windows profile on their computer.? See the samba > wiki for > # details of how to create the GPO > # > https://wiki.samba.org/index.php/User_Home_Folders#Using_a_Group_Policy_Preference > [Home] > ? ? ? ? path = /srv/samba/Shares/Home > ? ? ? ? comment = Share for user home dirs > ? ? ? ? guest ok = no > ? ? ? ? read only = no > ? ? ? ? # Recyle bin > ? ? ? ? recycle:repository = %U/Recycle_Bin > ? ? ? ? recycle:versions = Yes > ? ? ? ? recycle:keeptree = Yes > ? ? ? ? recycle:touch = Yes > ? ? ? ? recycle:exclude = *.tmp,~$* > ? ? ? ? recycle:exclude_dir = %U/Recycle_Bin > > ###################################################### > # ? ? ? ? ? ? ? ? ?Standard Shares ? ? ? ? ? ? ? ? ? # > ###################################################### > > [Shares] > ? ? ? ?path = /srv/samba/Shares > ? ? ? ?comment = Parent share sets top level Windows file permission > inheritance > ? ? ? ?guest ok = no > ? ? ? ?read only = no > > [Backup] > ? ? ? ?path = /srv/samba/Shares/Backup > ? ? ? ?comment = Create separate folders, with locked down > permissions, for each application > ? ? ? ?guest ok = no > ? ? ? ?read only = no > > [FTL] > ? ? ? ?path = /srv/samba/Shares/FTL > ? ? ? ?comment = FTL tools and documents to help with on-site service > ? ? ? ?guest ok = no > ? ? ? ?read only = no > > [Software] > ? ? ? ?path = /srv/samba/Shares/Software > ? ? ? ?comment = Software for installation via GPO > ? ? ? ?guest ok = no > ? ? ? ?read only = no > > [Top] > ? ? ? ?path = /srv/samba/Shares/Top > ? ? ? ?comment = Top level file share > ? ? ? ?guest ok = no > ? ? ? ?read only = no > ? ? ? ? # Recyle bin > ? ? ? ? recycle:repository = Recycle_Bin/%U > ? ? ? ? recycle:versions = Yes > ? ? ? ? recycle:keeptree = Yes > ? ? ? ? recycle:touch = Yes > ? ? ? ? recycle:exclude = *.tmp,~$* > ? ? ? ? recycle:exclude_dir = Recycle_BinWhat is in the username map ? Rowland
Seemingly Similar Threads
- Incorrect group name is displayed in folder permission list in Windows
- Question regarding Recycle
- Incorrect group name is displayed in folder permission list in Windows
- Question regarding Recycle
- Incorrect group name is displayed in folder permission list in Windows