Fix sharing ACL

classic Classic list List threaded Threaded
50 messages Options
123
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Fix sharing ACL

Samba - General mailing list
Gentlemen,

I am struggling to solve this problem.
My file server Samba 4.4.5.
Even the administrator user (domain admin) could not write to the share.
Could someone give me a hint, in order to solve this problem?

shared folder: /mnt/data

Folder permissions:

# getfacl /mnt/data/teste/
getfacl: Removing leading '/' from absolute path names
# file: mnt/data/teste/
# owner: ricardo
# group: domain\040admins
user::rwx
user:domain\040admins:rwx
user:ricardo:rwx
group::rwx
mask::rwx
other::r-x
default:user::rwx
default:user:domain\040admins:rwx
default:user:ricardo:rwx
default:group::rwx
default:group:domain\040admins:rwx
default:group:ti-infra:rwx
default:mask::rwx
default:other::r-x



The smb.conf the fileserver:


[data]
comment = Folder data
path = /mnt/data
read only = no
browseable = yes
#
map acl inherit = yes
store dos attributes = yes
#
inherit acls = Yes
inherit permissions = Yes
guest account = guest
guest ok=yes
writeable = Yes
# Recycle
vfs objects = acl_xattr, recycle, shadow_copy2, full_audit
#vfs objects = recycle, shadow_copy2
recycle:facility = LOCAL1
recycle:priority = NOTICE
recycle:maxsize = 0
recycle:directory_mode = 0774
recycle:subdir_mode = 0774
recycle:keeptree = true
recycle:touch = true
recycle:versions = true
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.exe, *.bin
recycle:exclude_dir = tmp, temp, cache
create mask = 0774
directory mask = 0774
# SHADOW COPY / SNAPSHOT
shadow:mountpoint = /mnt/data/
shadow:snapdir = .snapshot
shadow:basedir = /mnt/
shadow:sort = desc
shadow:localtime = yes
shadow:format = @GMT-%Y.%m.%d-%H.%M.%S
# AUDIT FILESERVER
full_audit:prefix = %u|%I|%S|%g
full_audit:success = all
full_audit:failure = all !open
full_audit:facility = local1
full_audit:priority = ALERT

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Fix sharing ACL

Samba - General mailing list
On Mon, 24 Oct 2016 14:00:21 +0000 (UTC)
Ricardo Pardim Claus via samba <[hidden email]> wrote:

> Gentlemen,
>
> I am struggling to solve this problem.
> My file server Samba 4.4.5.
> Even the administrator user (domain admin) could not write to the
> share. Could someone give me a hint, in order to solve this problem?
>
> shared folder: /mnt/data
>
> Folder permissions:
>
> # getfacl /mnt/data/teste/
> getfacl: Removing leading '/' from absolute path names
> # file: mnt/data/teste/
> # owner: ricardo
> # group: domain\040admins
> user::rwx
> user:domain\040admins:rwx
> user:ricardo:rwx
> group::rwx
> mask::rwx
> other::r-x
> default:user::rwx
> default:user:domain\040admins:rwx
> default:user:ricardo:rwx
> default:group::rwx
> default:group:domain\040admins:rwx
> default:group:ti-infra:rwx
> default:mask::rwx
> default:other::r-x
>
>
>
> The smb.conf the fileserver:
>
>
> [data]
> comment = Folder data
> path = /mnt/data
> read only = no
> browseable = yes
> #
> map acl inherit = yes
> store dos attributes = yes
> #
> inherit acls = Yes
> inherit permissions = Yes
> guest account = guest
> guest ok=yes
> writeable = Yes
> # Recycle
> vfs objects = acl_xattr, recycle, shadow_copy2, full_audit
> #vfs objects = recycle, shadow_copy2
> recycle:facility = LOCAL1
> recycle:priority = NOTICE
> recycle:maxsize = 0
> recycle:directory_mode = 0774
> recycle:subdir_mode = 0774
> recycle:keeptree = true
> recycle:touch = true
> recycle:versions = true
> recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.exe, *.bin
> recycle:exclude_dir = tmp, temp, cache
> create mask = 0774
> directory mask = 0774
> # SHADOW COPY / SNAPSHOT
> shadow:mountpoint = /mnt/data/
> shadow:snapdir = .snapshot
> shadow:basedir = /mnt/
> shadow:sort = desc
> shadow:localtime = yes
> shadow:format = @GMT-%Y.%m.%d-%H.%M.%S
> # AUDIT FILESERVER
> full_audit:prefix = %u|%I|%S|%g
> full_audit:success = all
> full_audit:failure = all !open
> full_audit:facility = local1
> full_audit:priority = ALERT
>

Hi, can we see the rest of your smb.conf ?

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Fix sharing ACL

Samba - General mailing list
In reply to this post by Samba - General mailing list
Dear Rowland,
Follow my smb.conf

The smb.conf the fileserver:


# Global parameters
[global]
netbios name = SRV16
server string = Samba4 Server
security = ADS
encrypt passwords = yes
realm = domain.local
workgroup = DOMAIN
server services = smb
log file = /var/log/samba/samba.log
log level = 9
#
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = Yes
winbind nss info = RFC2307
#idmap_ldb: Use
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
# Idmap config for domain DOMAIN
#idmap config DOMAIN: backend = ad
idmap config DOMAIN: backend = rid
#idmap config DOMAIN: schema_mode = RFC2307
idmap config DOMAIN: range = 10000-99999
idmap config * : backend = tdb
idmap config * : range = 2000-9999

[data]
comment = Folder data
path = /mnt/data
read only = no
browseable = yes
#
map acl inherit = yes
store dos attributes = yes
#
inherit acls = Yes
inherit permissions = Yes
guest account = guest
guest ok=yes
writeable = Yes
# Recycle
vfs objects = acl_xattr, recycle, shadow_copy2, full_audit
#vfs objects = recycle, shadow_copy2
recycle:facility = LOCAL1
recycle:priority = NOTICE
recycle:maxsize = 0
recycle:directory_mode = 0774
recycle:subdir_mode = 0774
recycle:keeptree = true
recycle:touch = true
recycle:versions = true
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.exe, *.bin
recycle:exclude_dir = tmp, temp, cache
create mask = 0774
directory mask = 0774
# SHADOW COPY / SNAPSHOT
shadow:mountpoint = /mnt/data/
shadow:snapdir = .snapshot
shadow:basedir = /mnt/
shadow:sort = desc
shadow:localtime = yes
shadow:format = @GMT-%Y.%m.%d-%H.%M.%S
# AUDIT FILESERVER
full_audit:prefix = %u|%I|%S|%g
full_audit:success = all
full_audit:failure = all !open
full_audit:facility = local1
full_audit:priority = ALERT

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Fix sharing ACL

Samba - General mailing list
On Mon, 24 Oct 2016 15:42:43 +0000 (UTC)
Ricardo Pardim Claus via samba <[hidden email]> wrote:

> Dear Rowland,
> Follow my smb.conf
>
> The smb.conf the fileserver:
>
>

Can I suggest you try this smb.conf:

# Global parameters
[global]
workgroup = DOMAIN
security = ADS
realm = domain.local

netbios name = SRV16
server string = Samba4 Server

winbind enum users = yes
winbind enum groups = yes
winbind use default domain = Yes
winbind nss info = RFC2307

idmap config * : backend = tdb
idmap config * : range = 2000-9999
idmap config DOMAIN: backend = rid
idmap config DOMAIN: range = 10000-99999

log file = /var/log/samba/samba.log
log level = 9

vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
guest account = guest

[data]
comment = Folder data
path = /mnt/data
read only = no
browseable = yes
guest ok=yes

vfs objects = acl_xattr, recycle, shadow_copy2, full_audit
#inherit acls = Yes # NOTE: using acl_xattr turns this on
inherit permissions = Yes # NOTE: this overides the next two lines
create mask = 0774
directory mask = 0774

# Recycle
recycle:facility = LOCAL1
recycle:priority = NOTICE
recycle:maxsize = 0
recycle:directory_mode = 0774
recycle:subdir_mode = 0774
recycle:keeptree = true
recycle:touch = true
recycle:versions = true
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.exe, *.bin
recycle:exclude_dir = tmp, temp, cache
# SHADOW COPY / SNAPSHOT
shadow:mountpoint = /mnt/data/
shadow:snapdir = .snapshot
shadow:basedir = /mnt/
shadow:sort = desc
shadow:localtime = yes
shadow:format = @GMT-%Y.%m.%d-%H.%M.%S
# AUDIT FILESERVER
full_audit:prefix = %u|%I|%S|%g
full_audit:success = all
full_audit:failure = all !open
full_audit:facility = local1
full_audit:priority = ALERT

Can I also suggest you read these two Samba wiki pages:

https://wiki.samba.org/index.php/Shares_with_Windows_ACLs
https://wiki.samba.org/index.php/Shares_with_POSIX_ACLs

Decide which of the two ways you want to use and then set the share up
that way.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Fix sharing ACL

Samba - General mailing list
In reply to this post by Samba - General mailing list
Dear Rowland,
I changed smb.conf as its tip.
I had already read about the ACL's Windows and Posix.
Even changing the smb.conf and using the ACL methods, I still do not write access to the folder.

Example:


# mkdir /mnt/data/teste1
# ls -all  /mnt/data/teste1
total 12
drwxrws---+  2 administrator domain admins    6 Out 25 10:05 .
drwxrwxr-x+ 10 root          domain admins 4096 Out 25 10:05 ..

# chmod 2770 /mnt/data/teste1
# chown administrator:"Domain Admins" /mnt/data/teste1

Logged in as administrator / domain admin, still I get access denied error when I try to create a file in this folder.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Fix sharing ACL

Samba - General mailing list
On Tue, 25 Oct 2016 12:16:29 +0000 (UTC)
Ricardo Pardim Claus via samba <[hidden email]> wrote:

> Dear Rowland,
> I changed smb.conf as its tip.
> I had already read about the ACL's Windows and Posix.
> Even changing the smb.conf and using the ACL methods, I still do not
> write access to the folder.
>
> Example:
>
>
> # mkdir /mnt/data/teste1
> # ls -all  /mnt/data/teste1
> total 12
> drwxrws---+  2 administrator domain admins    6 Out 25 10:05 .
> drwxrwxr-x+ 10 root          domain admins 4096 Out 25 10:05 ..
>
> # chmod 2770 /mnt/data/teste1
> # chown administrator:"Domain Admins" /mnt/data/teste1
>
> Logged in as administrator / domain admin, still I get access denied
> error when I try to create a file in this folder.
>

What ID does 'Administrator' have ? it should be '0'

If you are following the windows ACLs page on the wiki, you shouldn't
use the Unix tools on the share directory, do any changes from windows.

Can I suggest you add this line to smb.conf:

username map = /etc/samba/user.map

Where '/etc/samba' is the path to smb.conf.

create /etc/samba/user.map with this content:

!root = DOMAIN\Administrator DOMAIN\administrator Administrator
administrator

Replace 'DOMAIN' with your workgroup name.

This will map 'Administrator' to the Unix user 'root'

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Fix sharing ACL

Samba - General mailing list
In reply to this post by Samba - General mailing list


Dear Rowland,
I changed smb.conf as its tip.
username map = /etc/samba/user.map
create /etc/samba/user.map with this content and filled the information.

The above changes, I realized in DC and fileserver.
Now, when I try to manipulate the permissions through Windows ACL method, the "Security" tab no longer displays the groups/permissions. Displays "You do not have permission to view or edit the permission settings of this object."

I tried to remove all permissions with the command below, however, the permission is not changed:

setfacl -x user: "xxxx" /mnt/data

As I mixed the ACL permissions through Windows and Posix, I would like to remove all permissions and do it all again. Luckily, this server is in the testing phase.
I want to work with permissions using Windows ACL method.It is possible to remove all permissions and reconfigures them again?

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Fix sharing ACL

Samba - General mailing list
On Tue, 25 Oct 2016 18:15:47 +0000 (UTC)
Ricardo Pardim Claus via samba <[hidden email]> wrote:

>
>
> Dear Rowland,
> I changed smb.conf as its tip.
> username map = /etc/samba/user.map
> create /etc/samba/user.map with this content and filled the
> information.
>
> The above changes, I realized in DC and fileserver.
> Now, when I try to manipulate the permissions through Windows ACL
> method, the "Security" tab no longer displays the groups/permissions.
> Displays "You do not have permission to view or edit the permission
> settings of this object."
>
> I tried to remove all permissions with the command below, however,
> the permission is not changed:
>
> setfacl -x user: "xxxx" /mnt/data
>
> As I mixed the ACL permissions through Windows and Posix, I would
> like to remove all permissions and do it all again. Luckily, this
> server is in the testing phase. I want to work with permissions using
> Windows ACL method.It is possible to remove all permissions and
> reconfigures them again?
>

We were discussing a domain member, you only use the 'user.map' on a
domain member, remove it from the DC, it already has a way of mapping
Administrator to root.

As for resetting permissions, it is explained on the windows ACLs wiki
page, at the bottom of the page.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Fix sharing ACL

Samba - General mailing list
In reply to this post by Samba - General mailing list


I removed the vestments of the DC user.map.
I had already trying to reset the permissions, following this session:
https://wiki.samba.org/index.php/Shares_with_Windows_ACLs#Troubleshooting
When I try to reset the permissions as shown in the bottom page of the ACL Windows page, nothing happens.

# ls -l /mnt/data
total 20
drwxrwxr-x+ 3 administrator domain admins 4096 Set 30 09:44 NTI
drwxrwxr-x+ 3 ricardo domain admins   50 Set 14 14:36 rsync
drwxrwxr-x+ 2 administrator domain admins 4096 Set  2 10:40 teste
drwxr-xr-x+ 2 root          domain admins    6 Out 25 15:01 teste1

# setfacl -R -b /mnt/data
# setfacl -R -b /mnt/data/*

# ls -l /mnt/data
total 20
drwxrwxr-x 3 administrator domain admins 4096 Set 30 09:44 NTI
drwxrwxr-x 3 ricardo domain admins   50 Set 14 14:36 rsync
drwxrwxr-x 2 administrator domain admins 4096 Set  2 10:40 teste
drwxr-xr-x 2 root          domain admins    6 Out 25 15:01 teste1

# getfacl /mnt/data/
getfacl: Removing leading '/' from absolute path names
# file: mnt/data/
# owner: administrator
# group: root
user::rwx
group::r-x
other::r-x


# setfacl -R -m default:group:"Domain Admins":rwx /mnt/data/*

# getfacl /mnt/data/
getfacl: Removing leading '/' from absolute path names
# file: mnt/data/
# owner: administrator
# group: root
user::rwx
group::r-x
other::r-x
default:user::rwx
default:group::r-x
default:group:domain\040admins:rwx
default:mask::rwx
default:other::r-x


Have any other tips so I can check?

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Fix sharing ACL

Samba - General mailing list
After mapping the Administrator of the domain, as root on unix, the Administrator lost access to sharing the fileserver. When trying to access the system asked for authentication but does not authenticate.
When I comment the following line in smb.conf, the share opens normally:

username map = /etc/samba/user.map

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Fix sharing ACL

Samba - General mailing list
On Thu, 27 Oct 2016 13:02:04 +0000 (UTC)
Ricardo Pardim Claus via samba <[hidden email]> wrote:

> After mapping the Administrator of the domain, as root on unix, the
> Administrator lost access to sharing the fileserver. When trying to
> access the system asked for authentication but does not authenticate.
> When I comment the following line in smb.conf, the share opens
> normally:
>
> username map = /etc/samba/user.map
>

It should work,
what OS ?
what is the DC running
If Samba, post the smb.conf
Post your smb.conf from the domain member again

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Fix sharing ACL

Samba - General mailing list
In reply to this post by Samba - General mailing list
> It should work,
> what OS ?
> what is the DC running
> If Samba, post the smb.conf
> Post your smb.conf from the domain member again

> Rowland

 
Dear Rowland,
In both Samba installed, the version is 4.4.5, rises the Centos7.
We have 2 DC's Samba and fileserver.
If it was missing some information, just ask.
Follows the smb.conf main DC:

[global]
#bind interfaces only = Yes
interfaces = lo eth0
netbios name = SRV14
realm = DOMAIN.LOCAL
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
workgroup = DOMAIN
server role = active directory domain controller
comment =
log file = /var/log/samba/samba.log
log level = 1
max log size = 10000
#
idmap_ldb:use rfc2307 = yes
winbind enum users = yes
winbind enum groups = yes
#
allow dns updates = secure only
nsupdate command =  /usr/bin/nsupdate -g
client ldap sasl wrapping = sign
ldap server require strong auth = no
time server = yes
eventlog list = Application System Security SyslogLinux



[netlogon]
path = /usr/local/samba/var/locks/sysvol/domain.local/scripts
read only = No

[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No



Follows the smb.conf the domain member fileserver:


[global]
workgroup = DOMAIN
security = ADS
realm = domain.local

netbios name = SRV16
server string = Samba4 Server

winbind enum users = yes
winbind enum groups = yes
winbind use default domain = Yes
winbind nss info = RFC2307

idmap config * : backend = tdb
idmap config * : range = 2000-9999
idmap config DOMAIN: backend = rid
idmap config DOMAIN: range = 10000-99999

log file = /var/log/samba/samba.log
log level = 9

vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
guest account = guest
# MAP AS ADMINISTRATOR IN ROOT UNIX
#username map = /etc/samba/user.map

[data]
comment = Folder data
path = /mnt/data
read only = no
browseable = yes
guest ok=yes

vfs objects = acl_xattr, recycle, shadow_copy2, full_audit
#inherit acls = Yes # NOTE: using acl_xattr turns this on
#inherit permissions = Yes # NOTE: this overides the next two lines
create mask = 0774
directory mask = 0774

# Recycle
recycle:facility = LOCAL1
recycle:priority = NOTICE
recycle:maxsize = 0
recycle:directory_mode = 0774
recycle:subdir_mode = 0774
recycle:keeptree = true
recycle:touch = true
recycle:versions = true
recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.exe, *.bin
recycle:exclude_dir = tmp, temp, cache
# SHADOW COPY / SNAPSHOT
shadow:mountpoint = /mnt/data/
shadow:snapdir = .snapshot
shadow:basedir = /mnt/
shadow:sort = desc
shadow:localtime = yes
shadow:format = @GMT-%Y.%m.%d-%H.%M.%S
# AUDIT FILESERVER
full_audit:prefix = %u|%I|%S|%g
full_audit:success = all
full_audit:failure = all !open
full_audit:facility = local1
full_audit:priority = ALERT

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Fix sharing ACL

Samba - General mailing list
Dear,
Does anyone have any other tips to pass me?
I'm still with the permission issue.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Fix sharing ACL

Samba - General mailing list

>> After mapping the Administrator of the domain, as root on unix, the
>> Administrator lost access to sharing the fileserver. When trying to
>> access the system asked for authentication but does not authenticate.
>> When I comment the following line in smb.conf, the share opens
>> normally:
>>
>> username map = /etc/samba/user.map
>>

> It should work,
>what OS ?
>what is the DC running
>If Samba, post the smb.conf
>Post your smb.conf from the domain member again

>Rowland

 


This post is the last month.
https://lists.samba.org/archive/samba/2016-October/204095.html

I still can not solve the problem.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Fix sharing ACL

Samba - General mailing list
On Tue, 1 Nov 2016 18:22:44 +0000 (UTC)
Ricardo Pardim Claus via samba <[hidden email]> wrote:

>
> >> After mapping the Administrator of the domain, as root on unix,
> >> the Administrator lost access to sharing the fileserver. When
> >> trying to access the system asked for authentication but does not
> >> authenticate. When I comment the following line in smb.conf, the
> >> share opens normally:
> >>
> >> username map = /etc/samba/user.map
> >>
>
> > It should work,
> >what OS ?
> >what is the DC running
> >If Samba, post the smb.conf
> >Post your smb.conf from the domain member again
>
> >Rowland
>
>  
>
>
> This post is the last month.
> https://lists.samba.org/archive/samba/2016-October/204095.html
>
> I still can not solve the problem.
>

OK, you are using centos, is sssd running on any of the machines ??
is winbind running on the domain member ?

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Fix sharing ACL

Samba - General mailing list
In reply to this post by Samba - General mailing list
> OK, you are using centos, is sssd running on any of the machines ??
> is winbind running on the domain member ?

> Rowland


Dear Rownland,

I can configure ACL using Windows, however, even with written permission, I can not create folders or new files.

Example:
In the folder: /mnt/data/test
My User "ricardo" could delete files, but could not rename or create new files or folders.
Viewing ACLs through the windows, my domain admin user or are "special permission".

# getfacl /mnt/data/teste/
getfacl: Removing leading '/' from absolute path names
# file: mnt/data/teste/
# owner: ricardo
# group: domain\040admins
user::rwx
user:ricardo:rwx
group::---
mask::rwx
other::---
default:user::rwx
default:group::---
default:group:domain\040admins:rwx
default:mask::rwx
default:other::---



In fileserver, following the contents of my /etc/nsswitch.conf

passwd:     files winbind
shadow:     files
group:      files winbind

hosts:      files dns myhostname
bootparams: nisplus [NOTFOUND=return] files
ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files
netgroup:   files
publickey:  nisplus
automount:  files
aliases:    files nisplus

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Fix sharing ACL

Samba - General mailing list
I am in search of solution to this problem.
Looking at the logs, I found the following information.
When I try to create a folder, I view it in the Samba log:

[2016/11/04 14:56:05.180028,  3] ../source3/smbd/vfs.c:1214(check_reduced_name)
check_reduced_name: couldn't get realpath for New Folder
[2016/11/04 14:56:05.180054,  3] ../source3/smbd/filename.c:1426(filename_convert_internal)
filename_convert_internal: check_name failed for name New Folder with NT_STATUS_UNSUCCESSFUL
[2016/11/04 14:56:05.180073,  3] ../source3/smbd/smb2_server.c:3098(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_UNSUCCESSFUL] || at ../source3/smbd/smb2_create.c:293
[2016/11/04 14:56:05.180939,  3] ../source3/winbindd/winbindd_getgrgid.c:50(winbindd_getgrgid_send)
getgrgid 10512
[2016/11/04 14:56:05.182362,  3] ../source3/winbindd/winbindd_getgrgid.c:50(winbindd_getgrgid_send)
getgrgid 10512
[2016/11/04 14:56:05.182550,  3] ../source3/smbd/vfs.c:1214(check_reduced_name)
check_reduced_name: couldn't get realpath for New Folder
[2016/11/04 14:56:05.182575,  3] ../source3/smbd/filename.c:1426(filename_convert_internal)
filename_convert_internal: check_name failed for name New Folder with NT_STATUS_UNSUCCESSFUL
[2016/11/04 14:56:05.182593,  3] ../source3/smbd/smb2_server.c:3098(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_UNSUCCESSFUL] || at ../source3/smbd/smb2_create.c:293



When I tried to rename the file to owncloud.txt owncloud11.txt, these messages appear in the log:


[2016/11/04 14:58:05.221587,  3] ../source3/winbindd/winbindd_getgrgid.c:50(winbindd_getgrgid_send)
getgrgid 10512
[2016/11/04 14:58:05.224368,  3] ../source3/smbd/smb2_server.c:3098(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_CANCELLED] || at ../source3/smbd/smb2_notify.c:123
[2016/11/04 14:58:05.233427,  3] ../source3/winbindd/winbindd_getgrgid.c:50(winbindd_getgrgid_send)
getgrgid 10512
[2016/11/04 14:58:05.233644,  2] ../source3/smbd/open.c:1006(open_file)
DOMAIN\ricardo opened file owncloud.txt read=No write=No (numopen=2)
[2016/11/04 14:58:05.233929,  3] ../source3/winbindd/winbindd_getgrgid.c:50(winbindd_getgrgid_send)
getgrgid 10512
[2016/11/04 14:58:05.238914,  3] ../source3/smbd/vfs.c:1214(check_reduced_name)
check_reduced_name: couldn't get realpath for owncloud11.txt
[2016/11/04 14:58:05.238936,  3] ../source3/smbd/filename.c:1426(filename_convert_internal)
filename_convert_internal: check_name failed for name owncloud11.txt with NT_STATUS_UNSUCCESSFUL
[2016/11/04 14:58:05.238963,  3] ../source3/smbd/smb2_server.c:3098(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_UNSUCCESSFUL] || at ../source3/smbd/smb2_create.c:293
[2016/11/04 14:58:05.238992,  3] ../source3/smbd/smb2_server.c:3098(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[5] status[NT_STATUS_FILE_CLOSED] || at ../source3/smbd/smb2_server.c:2512
[2016/11/04 14:58:05.239985,  3] ../source3/smbd/trans2.c:8298(smbd_do_setfilepathinfo)
smbd_do_setfilepathinfo: owncloud.txt (fnum 156833062) info_level=65290 totdata=48
[2016/11/04 14:58:05.241508,  3] ../source3/smbd/vfs.c:1214(check_reduced_name)
check_reduced_name: couldn't get realpath for owncloud11.txt
[2016/11/04 14:58:05.241531,  3] ../source3/smbd/filename.c:1426(filename_convert_internal)
filename_convert_internal: check_name failed for name owncloud11.txt with NT_STATUS_UNSUCCESSFUL
[2016/11/04 14:58:05.241560,  3] ../source3/smbd/smb2_server.c:3098(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_UNSUCCESSFUL] || at ../source3/smbd/smb2_setinfo.c:132
[2016/11/04 14:58:05.242222,  2] ../source3/smbd/close.c:783(close_normal_file)
DOMAIN\ricardo closed file owncloud.txt (numopen=1) NT_STATUS_OK
[2016/11/04 14:58:05.242438,  3] ../source3/winbindd/winbindd_getgrgid.c:50(winbindd_getgrgid_send)
getgrgid 10512
[2016/11/04 14:58:05.242932,  3] ../source3/winbindd/winbindd_getgrgid.c:50(winbindd_getgrgid_send)
getgrgid 10512
[2016/11/04 14:58:05.250632,  2] ../source3/smbd/open.c:1006(open_file)
DOMAIN\ricardo opened file owncloud.txt read=No write=No (numopen=2)
[2016/11/04 14:58:05.250907,  3] ../source3/winbindd/winbindd_getgrgid.c:50(winbindd_getgrgid_send)
getgrgid 10512
[2016/11/04 14:58:05.256954,  2] ../source3/smbd/close.c:783(close_normal_file)
DOMAIN\ricardo closed file owncloud.txt (numopen=1) NT_STATUS_OK
[2016/11/04 14:58:05.257129,  3] ../source3/winbindd/winbindd_getgrgid.c:50(winbindd_getgrgid_send)
getgrgid 10512

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Modules Shadow Copy and Full Audit

Samba - General mailing list
Gentlemen,

Can anyone tell me if the modules below are working normally in versions later than 4.4.5?

Shadow Copy service
full_audit
I'm in version 4.4.5. However, when I had to use these modules, they presented several problems. So I was warned that these modules would be rewritten.
Anyone know if these modules have been updated?
Thank you!

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Update Samba4 version

Samba - General mailing list
Dear,
I have three installations of Samba 4, version 4.4.5.
Being two DC's and a file server (domain member).
I would like to update Samba to the latest version.

The current installation was done by compiling the Samba packages.
Could someone tell me if I can upgrade directly to the latest version available?
Should I compile the new package to overlap the previous version?
Thank you!

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Update Samba4 version

Samba - General mailing list
Dear,

I have three installations of Samba 4, version 4.4.5.
Being two DC's and a file server (domain member).
I would like to update Samba to the latest version.

The current installation was done by compiling the Samba packages.
Could someone tell me if I can upgrade directly to the latest version available?
Should I compile the new package to overlap the previous version?

Thank you!

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
123
Loading...