[Samba] Samba4 AD Groups Problem

Mon, 14 Jan 2013 06:26:18 -0800 

Hi!
I created a Samba4 Demo Server to test AD functionality. Basically it's a Debian Wheezy machine with a manually compiled Samba4 (smbstatus -V: Version 4.1.0pre1-GIT-051a1a9) according to https://wiki.samba.org/index.php/Samba4/HOWTO but adjusted the paths to a more debian way. 


I can Manage the Server with the Windows Domain Utilities, add users,  
add groups, add Machines and so on.
I created some printers and managed to set up Point and Print Drivers  
using print$.


So I think the Server basically works as expected.


Now I'm trying to set up a share which can be read by everyone and  
written by Domain Admins only. I can see the share on my server as  
well as a file created in there on the linux command line, but I'm not  
able to enable write Permission for Domain Admins.



I created a directory on the server /space/testshare and did a "chmod  
777 /space/testshare" to be shure there's no problem on the linux file  
system. When I set "read only = no" on the share I can create a file  
there without any problem. But setting "read only = yes" and "write  
list = @"TEST\Domain Admins"" doesn't work - I get "access denied" on  
the windows host, despite I'm logged on as TEST\Administrator


Some additional information:

root@samba:~# smbstatus -V
==========================
Version 4.1.0pre1-GIT-051a1a9


root@samba:~# wbinfo -u
=======================
Administrator
Guest
krbtgt
dns-samba
testuser

root@samba:~# wbinfo -g
=======================
Enterprise Read-Only Domain Controllers
Domain Admins
Domain Users
Domain Guests
Domain Computers
Domain Controllers
Schema Admins
Enterprise Admins
Group Policy Creator Owners
Read-Only Domain Controllers
DnsUpdateProxy
Testgroup

root@samba:~# cat /etc/samba/smb.conf
=====================================
# Global parameters
[global]
    workgroup = TEST
    server string =
    realm = TEST.LOCAL
    netbios name = SAMBA
    server role = active directory domain controller

    server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,  
winbind, ntp_signd, kcc, dnsupdate

    log level = 3

[netlogon]
    path = /var/lib/samba/sysvol/test.local/scripts
    read only = No

[sysvol]
    path = /var/lib/samba/sysvol
    read only = No

[printers]
    comment = Printer
    path = /var/spool/samba/spool
    browseable = Yes
    read only = No
    printable = Yes

[print$]
    path = /var/spool/samba/driver
    read only = No

[testshare]
    Comment = Test share
    path = /space/testshare
    read only = Yes
    write list = @"TEST\Domain Admins"


Any help what to do next?

regards
Lukas
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba






















					Reply via email to