Stefan G. Weichinger
2022-Oct-20 12:14 UTC
[Samba] editing samba-share ACLs etc from Windows
Am 20.10.22 um 13:14 schrieb Rowland Penny via samba:> > > On 20/10/2022 12:04, Stefan G. Weichinger via samba wrote: >> Am 20.10.22 um 11:13 schrieb Rowland Penny via samba: >> >>>> # Use settings from AD for login shell and home directory >>>> winbind nss info = template >>> >>> That is interesting, mainly because you are using the idmap 'rid' >>> backend, you can only use rfc2307 attributes from AD if you use the >>> idmap 'ad' backend, so you might as well remove those two lines. >>> >>>> template shell = /bin/bash >>>> template homedir = /mnt/samba/Daten/%U >> >> The lines above or below your comment? > > The lines 'above', I would have said 'these' if I meant the lines > 'below', unless I was having another senior moment :-D;-) So I remove this: >>>> # Use settings from AD for login shell and home directory >>>> winbind nss info = template> I suggest you add a 'test' share following the wikipage I pointed to > earlier and see if that works.will do a bit later today. I think I even have one already for testing a backup.>>> You didn't post the share permissions I asked for, is it possible you >>> can do so ? >> >> Where do I take these from? >> > > ls -ld /mnt/sambaNow that was easy: # ls -ld /mnt/samba/ drwxrwsr-x+ 46 administrator domain users 12288 14. Sep 07:42 /mnt/samba/
Stefan G. Weichinger
2022-Oct-20 12:23 UTC
[Samba] editing samba-share ACLs etc from Windows
Am 20.10.22 um 14:14 schrieb Stefan G. Weichinger via samba:>> I suggest you add a 'test' share following the wikipage I pointed to >> earlier and see if that works. > > will do a bit later today. I think I even have one already for testing a > backup.did so Also reran that "grant the SeDiskOperatorPrivilege privilege" step on the server. Connecting from Windows: I am not allowed to see the shares as "BUERO\Administrator" Is that line OK: min domain uid = 0 ?
On 20/10/2022 13:14, Stefan G. Weichinger via samba wrote:> > >>>> You didn't post the share permissions I asked for, is it possible >>>> you can do so ? >>> >>> Where do I take these from? >>> >> >> ls -ld /mnt/samba > > Now that was easy: > > # ls -ld /mnt/samba/ > drwxrwsr-x+ 46 administrator domain users 12288 14. Sep 07:42 /mnt/samba/ >There is your probable problem, Administrator (because you are using the idmap 'rid' backend and '10000' for the start of the BUERO range) will have the Unix ID of '10500' this is not '0'. try using 'chown' to change the directories owner to 'root'. Never, not even ever, use Administrator on a Unix machine. Rowland