Rowland Penny
2022-Aug-09 15:35 UTC
[Samba] Cannot set Windows ACL on Sharefolder with other user than Administrator
On Tue, 2022-08-09 at 17:15 +0200, Oliver via samba wrote:> Can I do some test, if there is winbind implemented corretcly in my > machine? > > > Am 04.08.2022 um 20:05 schrieb Rowland Penny via samba: > > If you do not have secrets.ldb and sam.ldb on a DC, then you have > > really big problems. Have you checked if they exist or not ? > > Yes, they are not existing: > > ls -ll /usr/local/samba/private/ > insgesamt 1012 > drwx------ 2 root root 4096 4. Aug 17:20 msg.sock > -rw------- 1 root root 32768 3. Aug 14:27 netlogon_creds_cli.tdb > -rw------- 1 root root 421888 4. Jul 17:11 passdb.tdb > -rw------- 1 root root 577536 30. Jul 10:02 secrets.tdbYou appear to have a major problem if a run a similar command on one of my DC's, I get this: pi at rpidc1:~ $ ls -ll /var/lib/samba/private/ total 20320 -rw-r----- 2 root bind 544 Mar 26 2021 dns.keytab -rw------- 1 root root 2211 Jun 10 2021 dns_update_cache -rw-r--r-- 1 root root 3663 Mar 26 2021 dns_update_list -rw------- 1 root root 16 Mar 26 2021 encrypted_secrets.key -rw------- 1 root root 1286144 Mar 26 2021 hklm.ldb -rw------- 1 root root 4927488 Jul 23 12:07 idmap.ldb -rw-r--r-- 1 root root 216 Mar 26 2021 krb5.conf srwxrwxrwx 1 root root 0 Jul 30 14:34 ldapi drwxr-x--- 2 root root 4096 Jul 30 14:34 ldap_priv drwx------ 2 root root 4096 Aug 9 16:21 msg.sock -rw------- 1 root root 4792 Jul 30 14:34 netlogon_creds_cli.tdb -rw------- 1 root root 421888 Mar 26 2021 passdb.tdb -rw------- 1 root root 1286144 May 7 2021 privilege.ldb -rw------- 1 root root 4694016 Mar 26 2021 sam.ldb drwx------ 2 root root 4096 Apr 24 2021 sam.ldb.d -rw------- 1 root root 12288 Aug 5 10:16 schannel_store.tdb -rw------- 1 root root 785 Mar 26 2021 secrets.keytab -rw------- 1 root root 1286144 Mar 26 2021 secrets.ldb -rw------- 1 root root 430080 Mar 26 2021 secrets.tdb -rw------- 1 root root 1286144 Mar 26 2021 share.ldb drwxr-xr-x 2 root root 4096 Mar 26 2021 smbd.tmp -rw-r--r-- 1 root root 955 Mar 26 2021 spn_update_list drwxr-xr-x 2 root root 4096 Apr 15 2021 tls Was this DC provisioned, or another DC you have joined to an existing domain ? Rowland
Oliver
2022-Aug-10 06:20 UTC
[Samba] Cannot set Windows ACL on Sharefolder with other user than Administrator
Am 09.08.2022 um 17:35 schrieb Rowland Penny via samba:> On Tue, 2022-08-09 at 17:15 +0200, Oliver via samba wrote: >> Can I do some test, if there is winbind implemented corretcly in my >> machine? >> >> >> Am 04.08.2022 um 20:05 schrieb Rowland Penny via samba: >>> If you do not have secrets.ldb and sam.ldb on a DC, then you have >>> really big problems. Have you checked if they exist or not ? >> Yes, they are not existing: >> >> ls -ll /usr/local/samba/private/ >> insgesamt 1012 >> drwx------ 2 root root 4096 4. Aug 17:20 msg.sock >> -rw------- 1 root root 32768 3. Aug 14:27 netlogon_creds_cli.tdb >> -rw------- 1 root root 421888 4. Jul 17:11 passdb.tdb >> -rw------- 1 root root 577536 30. Jul 10:02 secrets.tdb > You appear to have a major problem if a run a similar command on one of > my DC's, I get this: > > pi at rpidc1:~ $ ls -ll /var/lib/samba/private/ > total 20320 > -rw-r----- 2 root bind 544 Mar 26 2021 dns.keytab > -rw------- 1 root root 2211 Jun 10 2021 dns_update_cache > -rw-r--r-- 1 root root 3663 Mar 26 2021 dns_update_list > -rw------- 1 root root 16 Mar 26 2021 encrypted_secrets.key > -rw------- 1 root root 1286144 Mar 26 2021 hklm.ldb > -rw------- 1 root root 4927488 Jul 23 12:07 idmap.ldb > -rw-r--r-- 1 root root 216 Mar 26 2021 krb5.conf > srwxrwxrwx 1 root root 0 Jul 30 14:34 ldapi > drwxr-x--- 2 root root 4096 Jul 30 14:34 ldap_priv > drwx------ 2 root root 4096 Aug 9 16:21 msg.sock > -rw------- 1 root root 4792 Jul 30 14:34 netlogon_creds_cli.tdb > -rw------- 1 root root 421888 Mar 26 2021 passdb.tdb > -rw------- 1 root root 1286144 May 7 2021 privilege.ldb > -rw------- 1 root root 4694016 Mar 26 2021 sam.ldb > drwx------ 2 root root 4096 Apr 24 2021 sam.ldb.d > -rw------- 1 root root 12288 Aug 5 10:16 schannel_store.tdb > -rw------- 1 root root 785 Mar 26 2021 secrets.keytab > -rw------- 1 root root 1286144 Mar 26 2021 secrets.ldb > -rw------- 1 root root 430080 Mar 26 2021 secrets.tdb > -rw------- 1 root root 1286144 Mar 26 2021 share.ldb > drwxr-xr-x 2 root root 4096 Mar 26 2021 smbd.tmp > -rw-r--r-- 1 root root 955 Mar 26 2021 spn_update_list > drwxr-xr-x 2 root root 4096 Apr 15 2021 tls > > Was this DC provisioned, or another DC you have joined to an existing > domain ? > > RowlandI only have got DC1, DC2 and DC3, all of them are build by myself. I got the same files as you, but only on my DC1, which holds the FSMO Roles. DC2 + DC3 which have to work for filesharing are getting this files: ls -ll /usr/local/samba/private/ insgesamt 1012 drwx------ 2 root root 4096 4. Aug 17:20 msg.sock -rw------- 1 root root 32768 3. Aug 14:27 netlogon_creds_cli.tdb -rw------- 1 root root 421888 4. Jul 17:11 passdb.tdb -rw------- 1 root root 577536 30. Jul 10:02 secrets.tdb May I did understand something wrong?: - DC1 has an total other and shorter smb.conf than DC2 and DC3 - Only the DC2 + DC3 has security = ADS with the hole options of idmap and usermap in smb.conf - DC1 has BIND 9.18 DLZ Backend for DNS integraded. Can I add my .conf files as an attachmend if needed? Oliver