Stefan G. Weichinger
2022-Oct-20 12:23 UTC
[Samba] editing samba-share ACLs etc from Windows
Am 20.10.22 um 14:14 schrieb Stefan G. Weichinger via samba:>> I suggest you add a 'test' share following the wikipage I pointed to >> earlier and see if that works. > > will do a bit later today. I think I even have one already for testing a > backup.did so Also reran that "grant the SeDiskOperatorPrivilege privilege" step on the server. Connecting from Windows: I am not allowed to see the shares as "BUERO\Administrator" Is that line OK: min domain uid = 0 ?
Stefan G. Weichinger
2022-Oct-20 12:46 UTC
[Samba] editing samba-share ACLs etc from Windows
maybe relevant: logs on the samba server for the IP of the Windows machine: # tail 192.168.16.207.log [2022/10/20 14:19:59.894209, 1] ../../auth/gensec/spnego.c:1242(gensec_spnego_server_negTokenInit_step) gensec_spnego_server_negTokenInit_step: gse_krb5: parsing NEG_TOKEN_INIT content failed (next[(null)]): NT_STATUS_LOGON_FAILURE [2022/10/20 14:20:56.501820, 1] ../../source3/librpc/crypto/gse.c:695(gse_get_server_auth_token) gss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/PRE01SVDEB01 at MYDOM.AT(kvno 5) in keytab MEMORY:cifs_srv_keytab (aes256-cts-hmac-sha1-96)] [2022/10/20 14:20:56.501931, 1] ../../auth/gensec/spnego.c:1242(gensec_spnego_server_negTokenInit_step) gensec_spnego_server_negTokenInit_step: gse_krb5: parsing NEG_TOKEN_INIT content failed (next[(null)]): NT_STATUS_LOGON_FAILURE [2022/10/20 14:44:31.760331, 1] ../../source3/librpc/crypto/gse.c:695(gse_get_server_auth_token) gss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/PRE01SVDEB01 at MYDOM.AT(kvno 5) in keytab MEMORY:cifs_srv_keytab (aes256-cts-hmac-sha1-96)] [2022/10/20 14:44:31.760433, 1] ../../auth/gensec/spnego.c:1242(gensec_spnego_server_negTokenInit_step) gensec_spnego_server_negTokenInit_step: gse_krb5: parsing NEG_TOKEN_INIT content failed (next[(null)]): NT_STATUS_LOGON_FAILURE Kerberos, right?
On 20/10/2022 13:23, Stefan G. Weichinger via samba wrote:> Am 20.10.22 um 14:14 schrieb Stefan G. Weichinger via samba: > >>> I suggest you add a 'test' share following the wikipage I pointed to >>> earlier and see if that works. >> >> will do a bit later today. I think I even have one already for testing >> a backup. > > did so > > Also reran that "grant the SeDiskOperatorPrivilege privilege" step on > the server. > > Connecting from Windows: I am not allowed to see the shares as > "BUERO\Administrator" > > Is that line OK: > > min domain uid = 0 > > ?Yes Rowland