Web lists-archives.com

Re: [Samba] explorer.exe crashes on security tab access




On Thu, 16 Aug 2018 20:16:03 +0200
Kacper <kacper@xxxxxxxxx> wrote:

> The OS is Windows 7 Enterprise (build 7601, SP1). Samba version 4.8.3,
> compiled on Centos 7.4.
> 
> smb.conf:
> # Global parameters
> [global]
>         dns forwarder = none

Why have you not set a forwarder ? does this domain (and its clients)
not connect to the internet ?

>         log level = 1
>         netbios name = DC1
>         realm = SAMDOM.TEST
>         server role = active directory domain controller
>         workgroup = SAMDOM
>         idmap_ldb:use rfc2307 = yes
> 
> [netlogon]
> path = /usr/local/samba/var/locks/sysvol/samdom.test/scripts
>         read only = No
> 
> [sysvol]
>         path = /usr/local/samba/var/locks/sysvol
>         read only = No
> 
> [Demo]
>       path = /srv/samba/Demo
>         read only = No
>         create mask = 0666
>         directory mask = 0777
>         inherit permissions = Yes
>         inherit acls = Yes
>         browsable = Yes

And there is probably your problem, this is a DC and you shouldn't
use the 'create mask', 'directory mask' lines, the last three lines
should be removed as well.

> 
> The shared directory looks like this:
> [root@dc1 Demo]# ls -la /srv/samba/Demo
> total 0
> drwxr-xr-x. 2 root root 31 Aug 16 19:54 .
> drwxr-xr-x. 3 root root 18 Aug 16 19:49 ..
> -rw-r--r--. 1 root root  0 Aug 16 19:54 alpha
> -rw-r--r--. 1 root root  0 Aug 16 19:54 beta
> 
> getfacl returns:
> [root@dc1 Demo]# getfacl /srv/samba/Demo/alpha
> # file: alpha
> # owner: root
> # group: root
> user::rw-
> group::r--
> other::r--
> 
> The crash only happens when a local unix group (in this case root) is
> set as the group for the shared file.

There is one very big problem with that theory, Administrator is
mapped (in idmap.ldb) to root, so when you read 'root' on a DC, you
can also read 'Administrator' (Which is most definitely a Domain
user) ;-)

Rowland

  

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba