similar to: Question about old samba 3 domain controller

Hello Dale, Set inherit acls = yes locally to my share groups, and remove map acl inherit = yes from global parameters of smb.conf does not solve my issue. I still have acl "Domain Users" added to new folders/files. As i write in my previous email, the only way i found to disable acl "Domain Users" to be added was with : inherit owner = yes With some disavantages for users

Edouard, These are the 4 available parameters containing the word "inherit". inherit acls (S) inherit owner (S) inherit permissions (S) map acl inherit (S) Would "inherit acls" work for you? Dale On 12/10/18 10:56 AM, Edouard Guigné via samba wrote: > Hello, > > I add to my previous mail, the only way i found to disable acl

On 18/06/2019 19:49, Edouard Guign? via samba wrote: > ?gidNumber for 'Domain Users' is 513 > > not in range? '10000-14999' of uidNumber > > Is it a problem ? Oh yes, ALL user uidNumber's and Domain Users gidNumber MUST be inside the DOMAIN range you set in smb.conf, if they aren't, all your users WILL be ignored by Samba. Find the next available

Hello, I set a share on a samba 4.7.1 as domain member with an Active Directory controler, this share is used by all domain users. All users from the AD domain have a primary group "Domain Users", and secondary groups to filter access on the folders of the share. I noticed that when a user create a sub-folder/file inside a "Top folder", the default permissions from the

Hello, I performed a test in order to get access to my samba share with winbindd (and not sssd). For that, 1. I change the gid of domain users from 513 to 15513 (to match with the domain range 10000 - 14999) And verify my test user is part of 15513 2. Stop sssd and change nsswitch.conf like this : /passwd:???? files winbind// //shadow:???? files// //group:????? files //winbind// / 3.

Is it possible to make start DOMAIN range from 500 instead of 10000 ? I realized that all my gid are in range 500 to 600 and not in range 10000 - 14999 I thought? DOMAIN range 10000 - 14999 was reserved for DOMAIN users -------- Message transf?r? -------- Sujet?: Re: [Samba] Fwd: Re: Fwd: Re: Kerberos and NTLMv2 authentication Date?: Tue, 18 Jun 2019 16:25:39 -0300 De?: Edouard Guign? via

Edouard, No, that won't work for you.  "inherit acls" is intended for posix ACL's. Since you are using Windows ACL's, try setting the permissions/inheritance you want from a Windows system. Dale On 12/10/18 12:40 PM, Edouard Guigné wrote: > > Hello Dale, > > Set inherit acls = yes locally to my share groups, and remove map acl > inherit = yes from global

I did not set max protocol to SMB2 in smb.cnf, I don't want to force SMB2 selection if SMB3 can be used by a client. The machine is a Windows 7, so is SMB2 compliant. Le 22/07/2019 ? 11:44, Gaiseric Vandal via samba a ?crit?: > I would guess that changing the min protocol does not affect existing > connections unless you were to restart samba. > > Is the max protocol set to at

Hello Dale, I set map acl inherit = yes in global parameters of smb.conf and set inherit owner = yes locally to my share "groups" of smb.conf I have followed the wiki https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs It is indicated : "To configure shares using extended access control lists (ACL), you must enable the support in the |smb.conf| file. To enable

Hello, Thank you ! I add server min protocol = SMB2_02 to smb.cnf All clients are now using SMB2_10 as minimum protocol version May you indicate me the difference between "client min protocol" and "server min protocol" ? "server min protocol" is to use on a domain member "client min protocol" is to use in which case ? Should I also set client min

Hello Rowland, Sorry for the workgroup and realm name, I put MYDOMAIN to anonymize, should be : realm = MYDOMAIN.LOCAL workgroup = MYDOMAIN About libpam-krb5 installed, I have on my system : yum list krb5-workstation pam_krb5 krb5-workstation.x86_64 1.15.1-37.el7_6 @updates pam_krb5.x86_64 2.4.8-6.el7 @base Is pam_krb5

Hello, I am facing issues to keep samba share to be mapping in Windows 10 After computer start, and first login, the share is mounted correctly. Then user logout, wait for 5 min, and log in windows again, the share cannot be mounted. An "error 64" occurs, with then "the specified network path is not available"... My samba server is in version 3.5.6 (SMB1) My Windows 10

The 2 commands works : # getent passwd MYDOMAIN\\usertest MYDOMAIN\\usertest:*:10430:14513:user TEST:/home/usertest:/bin/bash # getent group MYDOMAIN\\"Utilisateurs du domaine" MYDOMAIN\utilisateurs du domaine:x:14513: I have to put "Utilisateurs du domaine" instead of Domain\ Users because the Windows AD is a french AD. Le 19/06/2019 ? 12:32, Rowland penny via samba a

Hello Rowland, Yes, this is just for this user. I was also thinking it was an issue with Windows 10. But I noticed this error also on others workstations in Windows 7 pro with this user account. I will try to delete and recreate the account. Ed Le 20/06/2018 à 12:43, Rowland Penny via samba a écrit : > On Wed, 20 Jun 2018 12:13:28 -0300 > Edouard Guigné via samba <samba at

Hello, I add to my previous mail, the only way i found to disable acl "Domain Users" to be added is with : */inherit owner = yes/* This has the advantage to recopy exactly the default acl defined on the parent folder. But this has the disavantage to not show which user has created a folder/file and the ownership. Does something like "inherit group owner = yes" exist ?

Hello Dear Samba Users, I have sucessfully set a samba share on a centos 7 box (samba 4.6.2) and succeeded into make work snapshots (vfs_shadow_copy2 with xfs and lvm). The snapshots appears well in windows previous versions. However, I expected to go further with snapshots and use the options "shadow:snapprefix" and "shadow:delimiter"in order to filter daily, weekly

Hello, I set client min protocol = SMB2 in my smb.cnf But I see some clients still connecting in NT1 (smbstatus) : smbstatus -p Mon Jul 22 11:39:36 2019 Samba version 4.8.3 PID???? Username???? Group Machine?????????????????????????????????? Protocol Version Encryption?????????? Signing

Hello, I have set up audit logging and I find many entries of this type : ./auth/auth_log.c:760(log_authentication_event_human_readable) Auth: [SMB2,(null)] user [MYDOMAIN]\[MYWORKSTATION$] at [mar., 23 juil. 2019 07:49:43.486619 -03] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] workstation [MYWORKSTATION] remote host [ipv4:10.x.x.x:49472] mapped to [MYDOMAIN]\[MYWORKSTATION$]. local host

My idea is to replace default "cifs_idmap_sss.so" plugin by "idmapwb.so" winbind plugin, in order to SSSD becomes a client of winbind. To avoid to change nsswitch.conf : passwd:???? files sss shadow:???? files sss group:????? files sss into passwd:???? files winbind shadow:???? files winbind group:????? files winbind because I need an other access in sftp, this is using

hello, My 2nd issue is about acls which are added by "Domain users". May you help me to solve it again ? Concerning this issue, on my samba share, I set permissions for the share "groups" located on /var/datashared for "domain admins" (rwx) and "domain users" (r-x) /var]# getfacl datashared/ # file: datashared/ # owner: root # group: root user::rwx