Web lists-archives.com

Re: [Samba] I: R: R: R: R: cannot list/access samba sharefromWindowsclient




On Tue, 9 Jan 2018 09:58:44 +0100
Andrea Rossetti <andy.ros@xxxxxxxxx> wrote:

> >Da: Rowland Penny via samba
> >Inviato: lunedì 8 gennaio 2018 22:52
> >A: samba@xxxxxxxxxxxxxxx
> >Oggetto: Re: [Samba] R: R: R: R: cannot list/access samba share
> >fromWindowsclient
> >
> >>I think I understand it now ;-)
> >>
> >>The debian Samba package used to install winbind as a dependency, it
> >>doesn't now, try running this (as root):
> >>
> >>apt-get install winbind libnss-winbind libpam-winbind
> >>
> >>The last two packages are the 'glue' between winbind and nsswitch
> >
> >Ok now I can Look up Domain Users and Groups
> >
> >root@SRVLNXWINTRA01:/home/data# getent passwd
> >com_spoleto\andrea.rossetti
> >COM_SPOLETO\andrea.rossetti:*:11212:10513:Andrea
> >Rossetti:/home/COM_SPOLETO/andrea.rossetti:/bin/false
> >root@SRVLNXWINTRA01:/home/data# getent group "com_spoleto\\domain
> >admins" COM_SPOLETO\domain admins:x:10512:
> >
> >I can set permission tu shared folder
> >
> >root@SRVLNXWINTRA01:/home/data# chown root:"com_spoleto\domain
> >admins" share root@SRVLNXWINTRA01:/home/data# chmod 2770 share/
> >root@SRVLNXWINTRA01:/home/data# ls -la
> >totale 20
> >drwxrws---  2 root     COM_SPOLETO\domain admins 4096 gen  8 19:39
> >share
> >
> >But I have the same problem that I have before when I had sssd
> >instead of winbind 1. Execute computer management from a Windows
> >domain member client as a domain admin user (run as
> >>com_spoleto\rossetti.admin that is a “domain admins” member 2.
> >>Right click on computer management -> connect to another computer
> >>-> srvlnxwintra01 (the Linux server >member) 3. I expand “System
> >>Tools” -> I expand “Shared Folders” -> click on “Shares”  right
> >>click on “share” -> Click >Properties -> click on tab “Security”.
> >>In this tab I have the message “You must have Read permission to
> >>view the properties of this object” even if I have granted
> >>SeDiskOperatorPrivilege to “com_spoleto\domain admins” Group. But
> >>If I execute “Computer Management” as “com_spoleto\adminserver”
> >>user (I explained below the >reason I used this user) I can
> >>view/modify the ACLs.
> >4. Even if I change the permission, using adminserver, adding
> >domainadmins full control this folder subfolder and files and adding
> >domain users read and execute this folder subfolder and files,
> >neither a simple user nor a domain admin users can list the shares
> >in \\servermember Please help me thanks! I’ve more and more and more
> >confused. ☹
> 
> I tried again, this morning, only point 4 and now I can do things
> that last night did not make me do without change any configuration.
> That night brings advice? 😊 😊 😊 Seriously… now both the “domain
> users” and “domain admins” can list share on \\linuxservermember the
> “domain admins” full control and the “domain users” read only. Do the
> ACLs configurations take time to be transposed by samba when done
> from a vindows client via “computer management” snap-in??

We have a wiki page for this:

https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba