Re: [Samba] problems with share permissions
- Date: Tue, 12 Dec 2017 23:03:23 -0200
- From: Elias Pereira via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] problems with share permissions
After following Rowland's and Luke's instructions, you need to enter a unix
attribute for each user and group.
- Default groups: domain admins and domain users
- Security groups: acctcui, tradecui, sales, etc.
- Normal Users like tiana, bob and carol must have a unix attribute too.
- Administrator does not need unix attribute.
In addition,try leaving the shares as follows,
path = /cui/admin/sales
comment = Admin access for sales
read only = no
and use windows ntfs permissions via Computer Management - RSAT Tools or
On Tue, Dec 12, 2017 at 8:09 PM, Rowland Penny via samba <
> On Tue, 12 Dec 2017 14:01:03 -0800
> Jerry Lowry <jlowry@xxxxxxx> wrote:
> > Sorry didn't scroll up far enough :)
> > samba version : 4.4.4-14.el7_3
> > also forgot that pictures don't transfer....it has been a tough week,
> > this is Friday right?
> > thanks
> > Here is the global section:
> > [global]
> > workgroup = Accounting
> > security = ADS
> > realm = Accounting.edt.local
> > log file = /var/log/samba/%m.log
> > log level = 1
> > # Default ID mapping configuration for local BUILTIN accounts
> > # and groups on a domain member. The default (*) domain:
> > # - must not overlap with any domain ID mapping configuration!
> > # - must use a read-write-enabled back end, such as tdb.
> > # - Adding just this is not enough
> > # - You must set a DOMAIN backend configuration, see below
> > idmap config * : backend = ad
> > idmap config * : range = 1000000-2000000
> > #
> This is wrong, you cannot use the 'ad' backend for the default domain,
> it should be 'tdb'.
> You should also have 'idmap config' lines for the 'ACCOUNTING' domain,
> can I suggest you go and read this wikipage again:
> Just a thought, have you given your users a unique number inside the
> '1000000-2000000' range and Domain Users a gidNumber inside the same
> range, these attributes are not added automatically.
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
To unsubscribe from this list go to the following URL and read the