I installed and configure a Samba 4 as AD and I shared Homes. I can log in the Samba server and a Windows 2008 server with my users. However, on Windows, when I type "\IPSambaServer\user1" when logged with user1, I get access denied with error code : 0x80070005.
Of course I don't wan't a 777 on home directories and.
Linux permissions on Samba Server :
ls -dl /home/user1
drwx------. 6 user1 users 4096 Aug 26 14:04 /home/user1/
testparm :
[global]
workgroup = DOMAIN
ream = enterprise.com
server string = Samba Server
server role = active directory domain controller
security = AUTO
passdb backend = samba_dsdb
log file = /usr/local/samba/var/log.samba
max log size = 50
dns proxy = No
rpc_server:tcpip = no
rpc_daemon:spoolssd = embedded
rpc_server:spoolss = embedded
rpc_server:winreg = embedded
rpc_server:ntsvcs = embedded
rpc_server:eventlog = embedded
rpc_server:srvsvc = embedded
rpc_server:svcctl = embedded
rpc_server:default = external
idmap config * : backend = tdb
map archive = No
map readonly = no
store dos attributes = Yes
vfs objects = dfs_samba4, acl_xattr
[homes]
comment = Home Directories
read only = No
create mask = 0660
directory mask = 0771
I add the user_xattr,acl
in my /etc/fstab
Weird thing is that administrator can access (read and write) to his home, and every user's homes. But maybe it's because I mapped root = DOMAIN\administrator
For test, I created dir /tmp/test with 777 rights then shared it. With my user1 from Windows I created a directory in it. Then ls -l /tmp/test/
tell me the owner of the new directory instead of user1, is 3000040. I tried with an other user and it was 3000043.
In security tab of homes' share, "Creator and Propri" have read / write access. How can I do to grant access to user's homes ?
I find the solution !
When a user was created, I used a script to add an uidNumber to Samba (with an ldif file and command ldbmodify). The problem was that Samba creates its own uidNumber (the "300040" for user1 in my case) and with a Windows machine used it for access rights.
The only way I find to get this number is with wbinfo -i user1
. So I put for each users this number in the uidNumber and it works !
User contributions licensed under CC BY-SA 3.0