Fred Matthiesen
2025-Apr-04 11:07 UTC
[Samba] Berechtigung lokaler User auf Verzeichnis Samba-User gleichen Namens
The same output for both:
fred:x:1001:1001:Fred,,:/home/fred:/bin/bash
here the smb.conf:
# Global parameters
[global]
netbios name = DC1
realm = MATLAB.LAN
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
drepl, winbindd, ntp_signd, kcc, dnsupdate
workgroup = MATLAN
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[netlogon]
path = /var/lib/samba/sysvol/matlab.lan/scripts
read only = No
[homes]
comment = Home Directories
browsable = yes
read only = no
create mode = 0750
valid users = %S
[Public]
path = /home/MATLAB/sambadaten
browseable = yes
read only = no
# guest ok = yes
guest ok = no
# force user = nobody
valid users = @smbuser g eine Freigabe mit chmod 0600
force group = smbuser
# create mask = 0660
directory mask = 0770
[privatssd]
path = /srv/samba/samssduser
guest ok = no
writeable = yes
browseable = yes
create mask = 0664
directory mask = 0775
force group = smbuser
------ Originalnachricht ------
Von "Rowland Penny via samba" <samba at lists.samba.org>
An samba at lists.samba.org
Cc "Rowland Penny" <rpenny at samba.org>
Datum 04.04.2025 11:54:10
Betreff Re: [Samba] Berechtigung lokaler User auf Verzeichnis Samba-User
gleichen Namens
>On Fri, 04 Apr 2025 08:57:11 +0000
>Fred Matthiesen via samba <samba at lists.samba.org> wrote:
>
>> Correctly guessed:
>>
>> have provided I am going to guess that this is a domain joined
>> machine.
>>
>> Tried, doesn't work.
>> Server: Samba 4.17 Debian 12
>> Client system: Windows 11
>> User: Fritz
>> Joined and logged in to the domain.
>> Samba directory/share can be seen in Windows Explorer.
>> However, the user Fritz cannot access the Samba share
>
>Then it is possible your smb.conf isn't set up correctly, it works
>for myself:
>
>rowland at devstation:~$ grep 'rowland' /etc/passwd
>rowland at devstation:~$
>
>Note that nothing is being returned, but I am a 'local' user:
>
>rowland at devstation:~$ getent passwd rowland
>rowland:*:11104:10513:Rowland Penny:/home/rowland:/bin/bash
>
>Please post the 'global' portion of your smb.conf file (sanitised if
>you must).
>
>Rowland
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
Rowland Penny
2025-Apr-04 11:42 UTC
[Samba] Berechtigung lokaler User auf Verzeichnis Samba-User gleichen Namens
On Fri, 04 Apr 2025 11:07:16 +0000 Fred Matthiesen via samba <samba at lists.samba.org> wrote:> The same output for both: > > fred:x:1001:1001:Fred,,:/home/fred:/bin/bash > > here the smb.conf: > > # Global parameters > [global] > netbios name = DC1 > realm = MATLAB.LAN > server role = active directory domain controller > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, > drepl, winbindd, ntp_signd, kcc, dnsupdate > workgroup = MATLANWhat I didn't guess was that you are running Samba as an AD DC, using Bind9 for the dns. I was trying to show that if a user is not in /etc/passwd (yours is), then it is still a 'local' user if the user is in AD and the OS is configured correctly. If the username is in /etc/passwd, that user will ALWAYS be the default user and the user in AD will be ignored.> > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > [netlogon] > path = /var/lib/samba/sysvol/matlab.lan/scripts > read only = No > > [homes] > comment = Home Directories > browsable = yes > read only = no > create mode = 0750 > valid users = %S > > [Public] > path = /home/MATLAB/sambadaten > browseable = yes > read only = no > # guest ok = yes > guest ok = no > # force user = nobody > valid users = @smbuser g eine Freigabe mit chmod 0600 > force group = smbuser > # create mask = 0660 > directory mask = 0770Using a Samba AD DC as a fileserver isn't recommended, but if you do, you have to set them up correctly, not like you have, I suggest you read this: https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs Rowland