Web lists-archives.com

Re: [Samba] problems with share permissions




After following Rowland's and Luke's instructions, you need to enter a unix
attribute for each user and group.

- Default groups: domain admins and domain users
- Security groups: acctcui, tradecui, sales, etc.
- Normal Users like tiana, bob and carol must have a unix attribute too.
- Administrator does not need unix attribute.

In addition,try leaving the shares as follows,

[sales]
        path = /cui/admin/sales
        comment = Admin access for sales
        read only = no

and use windows ntfs permissions via Computer Management - RSAT Tools or
windows explorer.


On Tue, Dec 12, 2017 at 8:09 PM, Rowland Penny via samba <
samba@xxxxxxxxxxxxxxx> wrote:

> On Tue, 12 Dec 2017 14:01:03 -0800
> Jerry Lowry <jlowry@xxxxxxx> wrote:
>
> > Sorry didn't scroll up far enough :)
> >
> > samba version : 4.4.4-14.el7_3
> >
> > also forgot that pictures don't transfer....it has been a tough week,
> > this is Friday right?
> >
> > thanks
> >
> > Here is the global section:
> >
> > [global]
> >          workgroup = Accounting
> >          security = ADS
> >          realm = Accounting.edt.local
> >          log file = /var/log/samba/%m.log
> >          log level = 1
> >         # Default ID mapping configuration for local BUILTIN accounts
> >         # and groups on a domain member. The default (*) domain:
> >         # - must not overlap with any domain ID mapping configuration!
> >         # - must use a read-write-enabled back end, such as tdb.
> >         # - Adding just this is not enough
> >         # - You must set a DOMAIN backend configuration, see below
> >         idmap config * : backend = ad
> >         idmap config * : range = 1000000-2000000
> > #
>
> This is wrong, you cannot use the 'ad' backend for the default domain,
> it should be 'tdb'.
> You should also have 'idmap config' lines for the 'ACCOUNTING' domain,
> can I suggest you go and read this wikipage again:
>
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
>
> Just a thought, have you given your users a unique number inside the
> '1000000-2000000' range and Domain Users a gidNumber inside the same
> range, these attributes are not added automatically.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>



-- 
Elias Pereira
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba