Fred Matthiesen
2025-Apr-04 11:07 UTC
[Samba] Berechtigung lokaler User auf Verzeichnis Samba-User gleichen Namens
The same output for both: fred:x:1001:1001:Fred,,:/home/fred:/bin/bash here the smb.conf: # Global parameters [global] netbios name = DC1 realm = MATLAB.LAN server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate workgroup = MATLAN [sysvol] path = /var/lib/samba/sysvol read only = No [netlogon] path = /var/lib/samba/sysvol/matlab.lan/scripts read only = No [homes] comment = Home Directories browsable = yes read only = no create mode = 0750 valid users = %S [Public] path = /home/MATLAB/sambadaten browseable = yes read only = no # guest ok = yes guest ok = no # force user = nobody valid users = @smbuser g eine Freigabe mit chmod 0600 force group = smbuser # create mask = 0660 directory mask = 0770 [privatssd] path = /srv/samba/samssduser guest ok = no writeable = yes browseable = yes create mask = 0664 directory mask = 0775 force group = smbuser ------ Originalnachricht ------ Von "Rowland Penny via samba" <samba at lists.samba.org> An samba at lists.samba.org Cc "Rowland Penny" <rpenny at samba.org> Datum 04.04.2025 11:54:10 Betreff Re: [Samba] Berechtigung lokaler User auf Verzeichnis Samba-User gleichen Namens>On Fri, 04 Apr 2025 08:57:11 +0000 >Fred Matthiesen via samba <samba at lists.samba.org> wrote: > >> Correctly guessed: >> >> have provided I am going to guess that this is a domain joined >> machine. >> >> Tried, doesn't work. >> Server: Samba 4.17 Debian 12 >> Client system: Windows 11 >> User: Fritz >> Joined and logged in to the domain. >> Samba directory/share can be seen in Windows Explorer. >> However, the user Fritz cannot access the Samba share > >Then it is possible your smb.conf isn't set up correctly, it works >for myself: > >rowland at devstation:~$ grep 'rowland' /etc/passwd >rowland at devstation:~$ > >Note that nothing is being returned, but I am a 'local' user: > >rowland at devstation:~$ getent passwd rowland >rowland:*:11104:10513:Rowland Penny:/home/rowland:/bin/bash > >Please post the 'global' portion of your smb.conf file (sanitised if >you must). > >Rowland > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba
Rowland Penny
2025-Apr-04 11:42 UTC
[Samba] Berechtigung lokaler User auf Verzeichnis Samba-User gleichen Namens
On Fri, 04 Apr 2025 11:07:16 +0000 Fred Matthiesen via samba <samba at lists.samba.org> wrote:> The same output for both: > > fred:x:1001:1001:Fred,,:/home/fred:/bin/bash > > here the smb.conf: > > # Global parameters > [global] > netbios name = DC1 > realm = MATLAB.LAN > server role = active directory domain controller > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, > drepl, winbindd, ntp_signd, kcc, dnsupdate > workgroup = MATLANWhat I didn't guess was that you are running Samba as an AD DC, using Bind9 for the dns. I was trying to show that if a user is not in /etc/passwd (yours is), then it is still a 'local' user if the user is in AD and the OS is configured correctly. If the username is in /etc/passwd, that user will ALWAYS be the default user and the user in AD will be ignored.> > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > [netlogon] > path = /var/lib/samba/sysvol/matlab.lan/scripts > read only = No > > [homes] > comment = Home Directories > browsable = yes > read only = no > create mode = 0750 > valid users = %S > > [Public] > path = /home/MATLAB/sambadaten > browseable = yes > read only = no > # guest ok = yes > guest ok = no > # force user = nobody > valid users = @smbuser g eine Freigabe mit chmod 0600 > force group = smbuser > # create mask = 0660 > directory mask = 0770Using a Samba AD DC as a fileserver isn't recommended, but if you do, you have to set them up correctly, not like you have, I suggest you read this: https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs Rowland