Web lists-archives.com

Re: [Samba] Computer Management - Share Security - No Read Access





On 2019-02-20 7:12 am, Rowland Penny wrote:
On Wed, 20 Feb 2019 11:02:55 +0000
Rowland Penny via samba <samba@xxxxxxxxxxxxxxx> wrote:

On Tue, 19 Feb 2019 22:05:12 +0000
Rowland Penny via samba <samba@xxxxxxxxxxxxxxx> wrote:

> OK, it is late here, but just in case something has changed, I will
> set up a new Debian 9 VM tommorrow, install the distro Samba
> Packages and follow the Samba wiki page.
>
> Can you confirm that you are using Samba from Debian 9.
> You seem to be using '/server' as the shared directory, is this
> correct ?
> What Windows version are you using ? (I know you may have already
> said, but it saves me looking it up)
>
> Rowland
>

OK, it (as I expected) works, I will clean up my notes and send the OP
a copy.

Rowland

Sorry to be a pain on this, but something just refuses to work
as I would expect.  I've tried the following:

1) remove the share definition from smb.conf
2) Restart smbd
3) Remove (delete) the share directory from Linux
4) Check "Computer Management" on windows - Share is Gone
5) mkdir -p /server/share-files
6) chown root:"Domain Admins" /server/share-files
7) chmod 0770 /server/share-files
8) getfacl /server/share-files
   -> permissions match 0770
8) Restore (un-comment) share definition in smb.conf
   -> [share-files]
   ->     path = /server/share-files
   ->     read only = no
9) smbcontrol all reload-config
10) restart smbd
11) Go into "Computer Management" on windows & get to
    "Shares" on machine253

Here is what I find odd.  The "Share permissions" tab lists
one of the groups I previously defined.  It is not a windows
"built-in" group.  I created it using samba-tool on the AD.

If I removed the share and then recreated it, I would expect
a 'default' listing of groups.  Instead I seem to be getting a
previous "historical" group listing if I reuse the same
share names or directory names.

Two more things:

After all of this clicking and changing, I do not get the
'+' on the directory permissions.  It still reads as a
basic 0770.  It seems having this in the share is critical
to normal behavior.  At least once that appeared on my
other server - those shares started exhibiting normal
behavior.

Second, I've discovered that if I add the "Everyone" group
to the "Share Permissions" then suddenly I can modify
the Security tab.  If I remove the "Everyone group" then
it eventually reverts to giving me the following error:

"You must have Read permissions to view the properties
 of this object" where the object in question
is "\\Machine253\share.

Nothing is appearing in the log.smbd file after the last

"daemon_ready: STATUS=daemon 'smbd' finished starting up and ready to serve connections "

Thoughts?

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba