Krish Kay
2021-Jun-03 18:23 UTC
[Samba] Error : You dont have permission to save at this location.
Rowland,
Thanks for responding.
We DO NOT run winbind daemon on RHEL7 at this time, since it is not running
on RHEL6
Below is the smb.conf that we are testing on ver 4.10.16-5 on RHEL7.4, the
contents in < > are redacted.
[global]
workgroup = <WORKGROUP NAME>
netbios name = <NETBIOS NAME>
server string = Samba %v on (%L)
security = ADS
encrypt passwords = Yes
passdb backend = tdbsam:<path to db>
use sendfile = yes
invalid users = @samba_restricted_users
local master = no
preferred master = no
domain master = no
realm = <DOMAIN>.COM
template shell = /bin/bash
msdfs root = yes
log level = 3
log file = <path to logfile>/samba.log.%m
max log size = 4096
name resolve order = wins host
deadtime = 5
keepalive = 900
wins support = no
wins server = <IP 1>, <IP 2>
dns proxy = yes
preserve case = yes
short preserve case = yes
allow trusted domains = yes
client min protocol = SMB2
winbind use default domain = yes
winbind enum users = no
winbind enum groups = no
winbind nested groups = yes
winbind separator = +
winbind cache time = 6000
idmap config * : range = 100-60000
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
client ldap sasl wrapping = sign
client NTLMv2 auth = yes
username map = <path to>/map.txt
allow insecure wide links = yes
follow symlinks = yes
wide links = no
dont descend = .snapshot
hide files = /.snapshot/._*/
veto files = /*.one/*Notebook.onetoc2/.parentlock/
browseable = No
guest ok = No
blocking locks = no
kernel share modes = no
client signing = disabled
vfs objects = full_audit
full_audit:prefix = %D|%u|%g|%m|%I|%R|%p|%S
full_audit:success = connect chdir opendir mkdir rmdir open read
write unlink
full_audit:failure = connect chdir opendir mkdir rmdir open read
write unlink
full_audit:facility = local6
full_audit:priority = NOTICE
Thanks
On Thu, Jun 3, 2021 at 12:19 PM Rowland penny via samba <
samba at lists.samba.org> wrote:
> On 03/06/2021 18:01, Krish Kay via samba wrote:
> > We are running samba ver 4.7.8 on RHEL6.8 in production.
> > And, we are testing samba ver 4.10.16-5 on RHEL7.4
> >
> > Using the samba ver 4.10.16-5, the drives are mapping successfully on
> > Windows10.
> > However, when we try to edit a file in notepad, we are unable to save
the
> > file.
> > "You dont have permission to save at this location"
> >
> > Is there any parameter changes in the smb.conf files with ver
4.10.16-5,
> > that is causing this to happen?
> >
> > Thanks
>
>
> There have been numerous changes between 4.7.4 and 4.10.16, the main one
> probably being that you now must run winbind if you have 'security >
ADS' in smb.conf.
>
> It will probably help if you post your smb.conf
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
Rowland penny
2021-Jun-03 18:48 UTC
[Samba] Error : You dont have permission to save at this location.
On 03/06/2021 19:23, Krish Kay wrote:> > Rowland, > > Thanks for responding. > We DO NOT run winbind daemon on RHEL7 at this time, since it is not > running on RHEL6 > > Below is the smb.conf that we are testing on ver 4.10.16-5 on RHEL7.4, > the contents in < > are redacted. > > [global] > ? ? ? ? workgroup = <WORKGROUP NAME> > ? ? ? ? netbios name = <NETBIOS NAME> > ? ? ? ? server string = Samba %v on (%L) > ? ? ? ? security = ADS > ? ? ? ? encrypt passwords = Yes > > ? ? ? ? passdb backend = tdbsam:<path to db> > > ? ? ? ? use sendfile = yes > ? ? ? ? invalid users = @samba_restricted_users > ? ? ? ? local master = no > ? ? ? ? preferred master = no > ? ? ? ? domain master = no > ? ? ? ? realm = <DOMAIN>.COM > ? ? ? ? template shell = /bin/bash > ? ? ? ? msdfs root = yes > ? ? ? ? log level = 3 > ? ? ? ? log file = <path to logfile>/samba.log.%m > ? ? ? ? max log size = 4096 > ? ? ? ? name resolve order = wins host > ? ? ? ? deadtime = 5 > ? ? ? ? keepalive = 900 > ? ? ? ? wins support = no > ? ? ? ? wins server = <IP 1>, <IP 2> > ? ? ? ? dns proxy = yes > ? ? ? ? preserve case = yes > ? ? ? ? short preserve case = yes > ? ? ? ? allow trusted domains = yes > ? ? ? ? client min protocol = SMB2 > ? ? ? ? winbind use default domain = yes > ? ? ? ? winbind enum users = no > ? ? ? ? winbind enum groups = no > ? ? ? ? winbind nested groups = yes > ? ? ? ? winbind separator = + > ? ? ? ? winbind cache time = 6000 > ? ? ? ? idmap config * : range = 100-60000 > ? ? ? ? load printers = no > ? ? ? ? printing = bsd > ? ? ? ? printcap name = /dev/null > ? ? ? ? disable spoolss = yes > ? ? ? ? client ldap sasl wrapping = sign > ? ? ? ? client NTLMv2 auth = yes > ? ? ? ? username map = <path to>/map.txt > ? ? ? ? allow insecure wide links = yes > ? ? ? ? follow symlinks = yes > ? ? ? ? wide links = no > > ? ? ? ? dont descend = .snapshot > ? ? ? ? hide files = /.snapshot/._*/ > ? ? ? ? veto files = /*.one/*Notebook.onetoc2/.parentlock/ > ? ? ? ? browseable = No > ? ? ? ? guest ok = No > ? ? ? ? blocking locks = no > ? ? ? ? kernel share modes = no > ? ? ? ? client signing = disabled > ? ? ? ? vfs objects = full_audit > > ? ? ? ? full_audit:prefix = %D|%u|%g|%m|%I|%R|%p|%S > ? ? ? ? full_audit:success = connect chdir opendir mkdir rmdir open > read write unlink > ? ? ? ? full_audit:failure = connect chdir opendir mkdir rmdir open > read write unlink > ? ? ? ? full_audit:facility = local6 > ? ? ? ? full_audit:priority = NOTICE > >OK, do you plan to use shares ? You haven't shown any. If you are planning to use shares with Samba, then remove sssd, install winbind and setup your smb.conf, see here: https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member If you just want authentication, then remove Samba and use sssd. If you continue to use Samba >= 4.8.0 with 'security = ADS' , you must run winbind, this will require the removal of sssd. Rowland