samba - Nov 2023 - samba4 active directory - all permissions seem to be messed up

Hi,

i have a big issue here.

I have 3 samba addc domain controllers (Version 4.19.2) and one member server
(Version 4.17.5).

Out of the blue i cannot delete my own files anymore - access denied - user
DOMAIN/administrator has to give you permission to do so.

If i type in a windows cmd 'whoami' i get domain/administrator, so i am
the user which hold the permsissions on the files. Security tab looks good to me
- Domain Admins - Full Access, Administrator - Full Access

If i check the permissions on the share itself everything is looking like i set
it up (i check in windows on the security tab). If i try to redo the permission
from within windows i get 'cannot enumerate objects in container - access
denied.'

ls -alh on the member server tells me root:"SAMDOM/Domain Admins" is
the owner of the directory.

smb.conf on the member server:

[share]
path = /srv/samba/share
acl_xattr:ignore system acls = yes

Shares where created like this wiki entry tells me to do:
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs

Everything worked until today where i wanted to check why another share
isn't inheriting the permissions to subfolders.

I only touched the share which didn't work as expected, so i have no clue
why out of the sudden all my permissions seem to have messed up.

I also removed an old DC 2 weeks ago and added a new one. So i guess this has
nothing to do with it either.

I really would appreciate any helping hand here. I can provide screenshots or
whatever is needed. The error messages may be not accurate as i translated the
german error messages i got.

Thanks for listening and hopefully some hints what could have gone wrong with my
setup.

Juergen

It would be easier if you shared your smb.conf file for DCs and member server.

LP
On 9 Nov 2023 at 22:12 +0000, J?rgen Echter via samba <samba at
lists.samba.org>, wrote:
>
> Hi,
>
> i have a big issue here.
>
> I have 3 samba addc domain controllers (Version 4.19.2) and one member
server (Version 4.17.5).
>
> Out of the blue i cannot delete my own files anymore - access denied - user
DOMAIN/administrator has to give you permission to do so.
>
> If i type in a windows cmd 'whoami' i get domain/administrator, so
i am the user which hold the permsissions on the files. Security tab looks good
to me - Domain Admins - Full Access, Administrator - Full Access
>
> If i check the permissions on the share itself everything is looking like i
set it up (i check in windows on the security tab). If i try to redo the
permission from within windows i get 'cannot enumerate objects in container
- access denied.'
>
> ls -alh on the member server tells me root:"SAMDOM/Domain Admins"
is the owner of the directory.
>
> smb.conf on the member server:
>
> [share]
> path = /srv/samba/share
> acl_xattr:ignore system acls = yes
>
> Shares where created like this wiki entry tells me to do:
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
>
> Everything worked until today where i wanted to check why another share
isn't inheriting the permissions to subfolders.
>
> I only touched the share which didn't work as expected, so i have no
clue why out of the sudden all my permissions seem to have messed up.
>
> I also removed an old DC 2 weeks ago and added a new one. So i guess this
has nothing to do with it either.
>
> I really would appreciate any helping hand here. I can provide screenshots
or whatever is needed. The error messages may be not accurate as i translated
the german error messages i got.
>
> Thanks for listening and hopefully some hints what could have gone wrong
with my setup.
>
> Juergen
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba