Problem for a special permission entry with a samba share

[epsilon_]

Good morning,

I have set up a samba file server connected to a samba ad dc.
I have a problem : when I want to set special permissions to a specific folder I have this message error "Unable to contact Active Directory to access or verify claim types". But everything is okay when I want to write or read in the shared folder.
Is there a way to fix it? Because I think I have searched all Google without any solution... And if it can be solved, it will be easier to change rights because I won't have to go on the debian machine to do it.

Thank you.
(Sorry for my English, I'm French)

http://hpics.li/8860874

[pkladisios]

I am afraid you have to provide more information on the issue at hand. Could you, perhaps, post your configuration file? To be more precise, i am referring to the contents of the file /etc/samba/smb.conf
(especially the [global] and [the_name_of_your_shared_folder] sections).

edit: If i understood correctly, you are trying to modify your shared samba folder remotely using a windows machine. Have you tried using openshh? It gives you remote terminal control and it is pretty straightforward to set up simple ssh servers and clients. At least that is how i control remotely my debian samba server.

[epsilon_]

Sorry, I forgot to provide my smb.conf.


[global]
security = ADS
workgroup = DOMAIN
realm = DOMAIN.COM

log file = /var/log/samba/%m.log
log level = 1

# Default ID mapping configuration for local BUILTIN accounts
# and groups on a domain member. The default (*) domain:
# - must not overlap with any domain ID mapping configuration!
# - must use an read-write-enabled back end, such as tdb.

winbind enum users = yes
winbind enum groups = yes

template shell = /bin/bash

idmap config * : backend = tdb
idmap config * : range = 1000000 - 1999999
idmap config DOMAIN : backend = ad
idmap config DOMAIN : range = 1000000 - 1999999
idmap uid = 10000-20000
idmap gid = 10000-20000

username map = /etc/samba/user.map
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
directory mask = 0775
create mask = 0775
veto files = /.*/

[eno profiles]
path = /home/eno/share/
read only = no
inherit acls = yes
inherit permissions = yes
create mask = 700
directory mask = 700
vfs objects = acl_xattr
browseable = Yes

There may be superficial things which I don't really need in the configuration, I am a newbie for this

[epsilon_]

I am afraid you have to provide more information on the issue at hand. Could you, perhaps, post your configuration file? To be more precise, i am referring to the contents of the file /etc/samba/smb.conf
(especially the [global] and [the_name_of_your_shared_folder] sections).

edit: If i understood correctly, you are trying to modify your shared samba folder remotely using a windows machine. Have you tried using openshh? It gives you remote terminal control and it is pretty straightforward to set up simple ssh servers and clients. At least that is how i control remotely my debian samba server.

I'm trying to change permissions in a specific folder in the shared samba folder. Actually, my goal is to use as little as possible debian and use directly windows for setting permissions on that shared folders to save time. For example, I am completely able to create and change permissions on a user (with Active Directory) thanks to my Samba AD DC but there is that problem contacting active directory on a specific shared folder.

[pkladisios]

I am anything but an expert in configuring samba so i am confused by your [eno profiles] section. The inherit permissions line makes the created subfolders to use the same permissions as the parent folder. Then, what would be the point of using create mask/directory mask? Maybe you should try setting inherit permissions = no. Since permissions differ between windows and linux, another idea would be to start from a simple smb.conf file and build your way up to what you actually want.

On a side note, i found the following useful link, where the parameters are explained in detail:

http://manpages.ubuntu.com/manpages/pre ... onf.5.html

[epsilon_]

Thank you for your answer. Yes, as I said, there might be informations which are not useful or don't have any sense

I will read the documentation and see if I can find something.

[epsilon_]

I didn't find any solution... Maybe upgrading samba would be a solution?
My actual version is 4.2.14-Debian

Edit : or maybe there is an alternative to samba file sharing?

[pkladisios]

You should start with a simple configuration. Perhaps there is a conflict somewhere. Typical samba behavior involves ignoring the former out of two conflicting statements. For instance, if you set all home directories as "read only = yes" in the [homes] section and "read only = no" to specific home directory, the global statement will be overridden. Unfortunately i don't know enough to help you, as i am currently learning samba.

There is always shh as an alternative. It is as simple as installing ssh client and server to the windows and linux PCs respectively.