Web lists-archives.com

Re: [Samba] Failed to enumerate objects in the container. Access is denied






On 15-01-2018 19:24, Rowland Penny via samba wrote:
On Mon, 15 Jan 2018 18:49:18 -0200
Carlos via samba <samba@xxxxxxxxxxxxxxx> wrote:

HI!

I have one fileserve, has ok but now when change permission(oyher
user not Administrator) with RSAT show me message:

"Failed to enumerate objects in the container. Access is denied"
Fairly obvious, the user doesn't have the required permissions
:-D

Samba Version (Compilated)

4.7.3


Ubuntu 16.04


# smb.conf

[global]
          workgroup = XXXXX
          realm = INTERNO.XXXXX.XXX.BR
          security = ADS
          username map = /usr/local/samba/etc/user.map

          dedicated keytab file = /etc/krb5.keytab
          kerberos method = secrets and keytab
          winbind cache time = 60

          winbind max clients = 600
          winbind enum users = Yes
          winbind enum groups = Yes

Nothing to do with your problem, but you do not need the two lines
above.
OK.
          winbind use default domain = Yes
          winbind nss info = rfc2307
The line above is only required when using the winbind 'ad' backend and
only then when using Samba < 4.6.0

          winbind refresh tickets = Yes
          winbind nss info = template
          template shell = /bin/bash

          idmap config * : backend = tdb
          idmap config * : range = 3000-7999
          idmap config * : backend = tdb
          idmap config * : range = 3000-7999
Why are the lines above duplicated ?
No, i duplicated when copy.
          idmap config XXXXX : backend = rid
          idmap config XXXXX : range = 10000-999999

          # Necessario para Fileserver
          vfs objects = acl_xattr
          map acl inherit = Yes
          store dos attributes = Yes

#
          # Disable Cups
          load printers = no
          printing = bsd
          printcap name = /dev/null
          disable spoolss = yes

          # Lixeira + Auditoria
          vfs objects = recycle,full_audit
Congratulations, you have just turned off the acl_xattr vfs object.
I dont understand....
          recycle:keeptree = yes
          recycle:versions = yes
          recycle:repository = /opt/DADOS/Lixeira/%U
          recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso,
*.exe recycle:exclude_dir = tmp
          recycle:touch = yes
          recycle:touch_mtime = yes
          full_audit:failure = none
          full_audit:facility = local5
          full_audit:priority = notice
          full_audit:prefix = %u|%I|%S
          full_audit:success = rename rmdir unlink

# include
include = /opt/samba/etc/compartilhamento.conf

# compartilhamento.conf

[TEC]
          path= /opt/DADOS/TEC/
          read only = no

# user.map

!root = XXXXX\Administrator


---------------------------------------------------------

Before today i change permission with any user in group "Admins
Domain", but today only Administrator(= root) ir work, any user
receive message the error.


Any Idea ?
If it worked previously, but doesn't now, something must have changed,
have you updated the DC or the windows client ?

Rowland
In fileserver dont change, but on DC103(i Have 3 Dcs) , but i make process
(https://lists.samba.org/archive/samba/2018-January/213262.html)

But i back idmap.ldb original.....

/1) on your first DC (that one that has PDC FSMO, and is the source for />/rsync) create backup of idmap.ldb />//>/tdbbackup -s .bak /path/to/samba/private/idmap.ldb />//>/it will create idmap.ldb.bak />//>/2) stop samba service on second DC />//>/3) copy idmap.ldb.bak from first dc to second dc, lose the .bak suffix />/and just copy it over idmap.ldb on second dc />//>/4) start samba on second dc /



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba