Web lists-archives.com

Re: [Samba] NT_STATUS_NO_MEMORY accessing a DC shared resource




On Thu, 5 Jul 2018 15:29:01 +0200
"Ing. Claudio Nicora" <claudio.nicora@xxxxxxxxx> wrote:

> 
> > Your glasses (or lack of) ;-)
> I usually agree, but in this case I've seen that warning and
> voluntarily ignored it because it worked for 2 days...
> I thought I was lucky ;-)
> 
> > Or to put it another way, you must set the permissions from Windows
> >
> > This is one of the problems/features of using a DC as a fileserver.
> >
> > Remove everything after the 'read only = No' line and read this:
> >
> > https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
> >
> > Rowland
> I've changed smb.conf as suggested, then changed permissions from
> Linux (Windows Explorer gave access denied when enumerating object
> content):

You need to find out why this is happening.

> 
> # setfacl -m "default:group:SAMDOM:rwx" /
> # setfacl -m "group:SAMDOM\Domain Admins:rwx" /
> # ... restricted access at minimum ...
> # setfacl -m "default:other::" /
> # setfacl -m "other::" /
> 
> Now the share works and I can edit/copy/delete files without issues.
> 
> There's a last thing I'd like to fix:
> when I create a new file, it got created with these permissions:
> 
> -----
> # ls -l
> -rwxrwx---+   1 3000000 users     0 Jul  5 15:11 'New text
> document.txt'* -----
> 
> Is there a way to force it being created with root:root as owner and 
> possibly with more strict permissions (I'm scared I'll forgot the 
> permission issue in the near future)?

Undoubtedly '3000000' will be Administrator, who will be mapped to ID
'0' (root) in idmap.ldb and 'users' is mapped from 'Domain Users' in
idmap.ldb. 

There is a slight problem with the way you have set the permissions
(okay, a large one), the permissions, when set from Windows, are stored
in a file called NTACL.security

Rowland

> 
> Rowland, thanks for your help and patience ;-)


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba