Good morning,
I have set up a samba file server connected to a samba ad dc.
I have a problem : when I want to set special permissions to a specific folder I have this message error "Unable to contact Active Directory to access or verify claim types". But everything is okay when I want to write or read in the shared folder.
Is there a way to fix it? Because I think I have searched all Google without any solution... And if it can be solved, it will be easier to change rights because I won't have to go on the debian machine to do it.
Thank you.
(Sorry for my English, I'm French)
http://hpics.li/8860874
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
Problem for a special permission entry with a samba share
Problem for a special permission entry with a samba share
Last edited by epsilon_ on 2017-05-05 09:54, edited 1 time in total.
-
- Posts: 32
- Joined: 2016-10-18 13:04
Re: Problem for a special permission entry with a samba shar
I am afraid you have to provide more information on the issue at hand. Could you, perhaps, post your configuration file? To be more precise, i am referring to the contents of the file /etc/samba/smb.conf
(especially the [global] and [the_name_of_your_shared_folder] sections).
edit: If i understood correctly, you are trying to modify your shared samba folder remotely using a windows machine. Have you tried using openshh? It gives you remote terminal control and it is pretty straightforward to set up simple ssh servers and clients. At least that is how i control remotely my debian samba server.
(especially the [global] and [the_name_of_your_shared_folder] sections).
edit: If i understood correctly, you are trying to modify your shared samba folder remotely using a windows machine. Have you tried using openshh? It gives you remote terminal control and it is pretty straightforward to set up simple ssh servers and clients. At least that is how i control remotely my debian samba server.
Last edited by pkladisios on 2017-05-05 09:35, edited 1 time in total.
Re: Problem for a special permission entry with a samba shar
Sorry, I forgot to provide my smb.conf.
[global]
security = ADS
workgroup = DOMAIN
realm = DOMAIN.COM
log file = /var/log/samba/%m.log
log level = 1
# Default ID mapping configuration for local BUILTIN accounts
# and groups on a domain member. The default (*) domain:
# - must not overlap with any domain ID mapping configuration!
# - must use an read-write-enabled back end, such as tdb.
winbind enum users = yes
winbind enum groups = yes
template shell = /bin/bash
idmap config * : backend = tdb
idmap config * : range = 1000000 - 1999999
idmap config DOMAIN : backend = ad
idmap config DOMAIN : range = 1000000 - 1999999
idmap uid = 10000-20000
idmap gid = 10000-20000
username map = /etc/samba/user.map
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
directory mask = 0775
create mask = 0775
veto files = /.*/
[eno profiles]
path = /home/eno/share/
read only = no
inherit acls = yes
inherit permissions = yes
create mask = 700
directory mask = 700
vfs objects = acl_xattr
browseable = Yes
There may be superficial things which I don't really need in the configuration, I am a newbie for this
[global]
security = ADS
workgroup = DOMAIN
realm = DOMAIN.COM
log file = /var/log/samba/%m.log
log level = 1
# Default ID mapping configuration for local BUILTIN accounts
# and groups on a domain member. The default (*) domain:
# - must not overlap with any domain ID mapping configuration!
# - must use an read-write-enabled back end, such as tdb.
winbind enum users = yes
winbind enum groups = yes
template shell = /bin/bash
idmap config * : backend = tdb
idmap config * : range = 1000000 - 1999999
idmap config DOMAIN : backend = ad
idmap config DOMAIN : range = 1000000 - 1999999
idmap uid = 10000-20000
idmap gid = 10000-20000
username map = /etc/samba/user.map
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
directory mask = 0775
create mask = 0775
veto files = /.*/
[eno profiles]
path = /home/eno/share/
read only = no
inherit acls = yes
inherit permissions = yes
create mask = 700
directory mask = 700
vfs objects = acl_xattr
browseable = Yes
There may be superficial things which I don't really need in the configuration, I am a newbie for this
Re: Problem for a special permission entry with a samba shar
I'm trying to change permissions in a specific folder in the shared samba folder. Actually, my goal is to use as little as possible debian and use directly windows for setting permissions on that shared folders to save time. For example, I am completely able to create and change permissions on a user (with Active Directory) thanks to my Samba AD DC but there is that problem contacting active directory on a specific shared folder.pkladisios wrote:I am afraid you have to provide more information on the issue at hand. Could you, perhaps, post your configuration file? To be more precise, i am referring to the contents of the file /etc/samba/smb.conf
(especially the [global] and [the_name_of_your_shared_folder] sections).
edit: If i understood correctly, you are trying to modify your shared samba folder remotely using a windows machine. Have you tried using openshh? It gives you remote terminal control and it is pretty straightforward to set up simple ssh servers and clients. At least that is how i control remotely my debian samba server.
-
- Posts: 32
- Joined: 2016-10-18 13:04
Re: Problem for a special permission entry with a samba shar
I am anything but an expert in configuring samba so i am confused by your [eno profiles] section. The inherit permissions line makes the created subfolders to use the same permissions as the parent folder. Then, what would be the point of using create mask/directory mask? Maybe you should try setting inherit permissions = no. Since permissions differ between windows and linux, another idea would be to start from a simple smb.conf file and build your way up to what you actually want.
On a side note, i found the following useful link, where the parameters are explained in detail:
http://manpages.ubuntu.com/manpages/pre ... onf.5.html
On a side note, i found the following useful link, where the parameters are explained in detail:
http://manpages.ubuntu.com/manpages/pre ... onf.5.html
Re: Problem for a special permission entry with a samba shar
Thank you for your answer. Yes, as I said, there might be informations which are not useful or don't have any sense
I will read the documentation and see if I can find something.
I will read the documentation and see if I can find something.
Re: Problem for a special permission entry with a samba shar
I didn't find any solution... Maybe upgrading samba would be a solution?
My actual version is 4.2.14-Debian
Edit : or maybe there is an alternative to samba file sharing?
My actual version is 4.2.14-Debian
Edit : or maybe there is an alternative to samba file sharing?
-
- Posts: 32
- Joined: 2016-10-18 13:04
Re: Problem for a special permission entry with a samba shar
You should start with a simple configuration. Perhaps there is a conflict somewhere. Typical samba behavior involves ignoring the former out of two conflicting statements. For instance, if you set all home directories as "read only = yes" in the [homes] section and "read only = no" to specific home directory, the global statement will be overridden. Unfortunately i don't know enough to help you, as i am currently learning samba.
There is always shh as an alternative. It is as simple as installing ssh client and server to the windows and linux PCs respectively.
There is always shh as an alternative. It is as simple as installing ssh client and server to the windows and linux PCs respectively.