Rowland Penny
2023-Dec-12 17:42 UTC
[Samba] Permission denied while trying to setup share with RSAT
On Tue, 12 Dec 2023 13:11:14 +0100 Peter Milesson via samba <samba at lists.samba.org> wrote:> Hi folks, > > AD Member server with Samba 4.19.3 from Debian Bookworm backports. AD > DC also Samba 4.19.3 from Debian Bookworm backports. smb.conf last in > the message. > > When trying to setup a share with RSAT as Administrator, every > operation fails with the error message: > > "An error occurred while applying security information to:" > \\DATASRV\groble$ > Failed to enumerate objects in the container. Access is denied. > > The only operation that succeeds is changing ownership > > I setup the directory the usual way according to the Samba Wiki > > mkdir -p /data/groble > chown root:"Domain Admins" /data/groble > chmod 0770 /data/groble > > and defined it in smb.conf as > > [groble$] > ??????? comment = Roaming profiles > ??????? path = /data/groble/ > ??????? read only = no > ??????? acl_xattr:ignore system acls = yes > ??????? hide dot files = no > ??????? csc policy = disable >That share appears to be for 'roaming profiles', so I suggest you read this wiki page and then follow it to the letter: https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles Follow the 'Using Windows ACLs' section. I also suggest you connect from Windows as a member of Domain Admins. Rowland
Peter Milesson
2023-Dec-12 17:59 UTC
[Samba] Permission denied while trying to setup share with RSAT
On 12.12.2023 18:42, Rowland Penny via samba wrote:> On Tue, 12 Dec 2023 13:11:14 +0100 > Peter Milesson via samba <samba at lists.samba.org> wrote: > >> Hi folks, >> >> AD Member server with Samba 4.19.3 from Debian Bookworm backports. AD >> DC also Samba 4.19.3 from Debian Bookworm backports. smb.conf last in >> the message. >> >> When trying to setup a share with RSAT as Administrator, every >> operation fails with the error message: >> >> "An error occurred while applying security information to:" >> \\DATASRV\groble$ >> Failed to enumerate objects in the container. Access is denied. >> >> The only operation that succeeds is changing ownership >> >> I setup the directory the usual way according to the Samba Wiki >> >> mkdir -p /data/groble >> chown root:"Domain Admins" /data/groble >> chmod 0770 /data/groble >> >> and defined it in smb.conf as >> >> [groble$] >> ??????? comment = Roaming profiles >> ??????? path = /data/groble/ >> ??????? read only = no >> ??????? acl_xattr:ignore system acls = yes >> ??????? hide dot files = no >> ??????? csc policy = disable >> > That share appears to be for 'roaming profiles', so I suggest you read > this wiki page and then follow it to the letter: > > https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles > > Follow the 'Using Windows ACLs' section. > > I also suggest you connect from Windows as a member of Domain Admins. > > Rowland > >Hi Rowland, I have already done that, a zillion times. Still does not work. The basic problem is, that I cannot modify anything as Administrator. Whether the share will be used for roaming profiles or not, is secondary, and not the problem. As I reported, if I set the owner on the directory I want to share as PRIVATE\myadmin:"Domain Admins" with permissions 0770, I can manage the share properties as that user. If I create it as root:"Domain Admins", no way. Neither as PRIVATE\myadmin, nor as PRIVATE\Administrator. Thanks for you advice, Peter Best regards,