Peter Milesson
2023-Dec-12 19:00 UTC
[Samba] Permission denied while trying to setup share with RSAT
On 12.12.2023 19:46, Rowland Penny via samba wrote:> On Tue, 12 Dec 2023 19:34:20 +0100 > Peter Milesson via samba <samba at lists.samba.org> wrote: > >> Hi Rowland, >> >> Just one more bit of information. I don't think it is relevant, but >> who knows. All servers are VMs that I migrated from Xen to Qemu/KVM a >> week ago. The VMs are running off of LVM volumes (like before). >> >> I have also checked Apparmor. Samba is not under Apparmor control. >> >> Best regards, >> >> Peter >> >> > I have heard of VMs where root doesn't work, could this be your problem > ? > > I ask this because I use Oracle virtual box and it works for myself, > with Apparmor ! > > Rowland >Hi Rowland, I have not noticed that the root account is limited in other respects on the VMs. It's just a long shot. If somebody has got information on this, I would be very grateful. Neither are there any firewalls involved (domestic test network). I'm administrator of a larger domain with one Samba AD DC running under Qemu/KVM, and one AD DC under Xen on other hardware. The file server (Samba) is running straight off native hardware. That domain is based on Debian Bookworm backports (Samba 4.18.8), but I have kept updates back, until I know things work for myself. It's not very funny to get phone calls at 6 a.m., that nobody can log in, or other similar problems. Best regards, Peter
Peter Milesson
2023-Dec-13 08:34 UTC
[Samba] Permission denied while trying to setup share with RSAT
On 12.12.2023 20:00, Peter Milesson via samba wrote:> > > On 12.12.2023 19:46, Rowland Penny via samba wrote: >> On Tue, 12 Dec 2023 19:34:20 +0100 >> Peter Milesson via samba <samba at lists.samba.org> wrote: >> >>> Hi Rowland, >>> >>> Just one more bit of information. I don't think it is relevant, but >>> who knows. All servers are VMs that I migrated from Xen to Qemu/KVM a >>> week ago. The VMs are running off of LVM volumes (like before). >>> >>> I have also checked Apparmor. Samba is not under Apparmor control. >>> >>> Best regards, >>> >>> Peter >>> >>> >> I have heard of VMs where root doesn't work, could this be your problem >> ? >> >> I ask this because I use Oracle virtual box and it works for myself, >> with Apparmor ! >> >> Rowland >> >Hi folks, I finally found the culprit. When setting up shares with RSAT you must not activate acl_xattr:ignore system acls = yes until AFTER setting up share security. This statement is incredibly easy to miss in the Samba Wiki! It should be contained in the warning above the section. See https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs Best regards, Peter