L.P.H. van Belle
2021-Dec-07 07:48 UTC
[Samba] Fwd: Administrator User Has no access to Remote File Server
Run : getfacl /storage getfacl /storage/netfiles getfacl /storage/netfiles/mis Whats set for the share security? Normaly thats everyone full controll, did you change anything here? Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > ralph strebbing via samba > Verzonden: maandag 6 december 2021 22:12 > Aan: Rowland Penny > CC: sambalist > Onderwerp: Re: [Samba] Fwd: Administrator User Has no access > to Remote File Server > > On Mon, Dec 6, 2021 at 4:04 PM Rowland Penny via samba > <samba at lists.samba.org> wrote: > > Good, never give Administrator a uidNumber attribute, it > just becomes a > > normal user, just try adding 'min domain uid = 0' to the smb.conf on > > the Unix Domain members and restart Samba. > > If that does not work, please define 'Administrator user > has no access' > Just tried on our secondary fileserver and no change. > Has no access is defined as: When I try to access shares using the > Administrator user, it tells me I can't access it, but if I use MY > domain user, it works just fine. > > Ralph > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
ralph strebbing
2021-Dec-07 17:46 UTC
[Samba] Fwd: Administrator User Has no access to Remote File Server
On Tue, Dec 7, 2021 at 2:50 AM L.P.H. van Belle via samba <samba at lists.samba.org> wrote:> > Run : > getfacl /storageroot at filesrv1:/# getfacl storage/ # file: storage/ # owner: root # group: root user::rwx group::r-x other::r-x> getfacl /storage/netfilesroot at filesrv1:/# getfacl storage/netfiles # file: storage/netfiles # owner: root # group: root user::rwx group::r-x group:DOMAIN\\it:rwx mask::rwx other::r-x> getfacl /storage/netfiles/misroot at filesrv1:/# getfacl storage/netfiles/mis # file: storage/netfiles/mis # owner: root # group: DOMAIN\\domadmins # flags: -s- user::rwx user:81:rwx user:DOMAIN\\ralph.strebbing:rwx user:DOMAIN\\dvr:r-x group::rwx group:DOMAIN\\domadmins:rwx group:DOMAIN\\it:rwx mask::rwx other::--- default:user::rwx default:user:81:rwx default:user:DOMAIN\\ralph.strebbing:rwx default:group::rwx default:group:DOMAIN\\domadmins:rwx default:group:DOMAIN\\it:rwx default:mask::rwx default:other::--- The domadmin entries above are a separate group which used to be an Admins group in the NT4 domain (gid 910)> Whats set for the share security?https://imgur.com/a/t4ex8i6> Normaly thats everyone full controll, did you change anything here?Under Share Permissions, nothing's been changed. Only thing we've ever changed has been through setfacl on the commandline. Regards, Ralph
L.P.H. van Belle
2021-Dec-08 07:56 UTC
[Samba] Fwd: Administrator User Has no access to Remote File Server
> > Run : > > getfacl /storage > root at filesrv1:/# getfacl storage/ > # file: storage/ > # owner: root > # group: root > user::rwx > group::r-x > other::r-xGood enough, we use the last r-x.. * if you didnt map root to administrator> > getfacl /storage/netfiles > root at filesrv1:/# getfacl storage/netfiles > # file: storage/netfiles > # owner: root > # group: root > user::rwx > group::r-x > group:DOMAIN\\it:rwx > mask::rwx > other::r-xGood enough, we use the last r-x.. * if you didnt map root to administrator and/or didnt add Administrator in the IT group.> > > getfacl /storage/netfiles/mis > root at filesrv1:/# getfacl storage/netfiles/mis > # file: storage/netfiles/mis > # owner: root > # group: DOMAIN\\domadmins > # flags: -s- > user::rwx > user:81:rwx > user:DOMAIN\\ralph.strebbing:rwx > user:DOMAIN\\dvr:r-x > group::rwx > group:DOMAIN\\domadmins:rwx > group:DOMAIN\\it:rwx > mask::rwx > other::--- > default:user::rwx > default:user:81:rwx > default:user:DOMAIN\\ralph.strebbing:rwx > default:group::rwx > default:group:DOMAIN\\domadmins:rwx > default:group:DOMAIN\\it:rwx > default:mask::rwx > default:other::--- > > The domadmin entries above are a separate group which used to be an > Admins group in the NT4 domain (gid 910) > > > Whats set for the share security? > https://imgur.com/a/t4ex8i6 > > Normaly thats everyone full controll, did you change anything here? > Under Share Permissions, nothing's been changed. Only thing we've ever > changed has been through setfacl on the commandline.Good enough also.. So, looks like /storage/netfiles/ is missing rights. Add in the Permissions. Domain Users, read & execute, Non inherited, Applies to "this folder only" See if that helps, this gives all users, the right to enter that folder/share. The rights on MIS are ok to me. The other pittfall..The recent updates.. Did you add what Rowland also asked? To add 'min domain uid = 0' to the smb.conf And.. Make sure this is set. # user Administrator workaround, without it you are unable to set privileges username map = /etc/samba/samba_usermapping Content : !root = ADDOM_CHANGE_IT\Administrator ADDOM_CHANGE_IT\administrator Greetz, Louis