Hi!

I created a Samba4 Demo Server to test AD functionality. Basically it's a Debian Wheezy machine with a manually compiled Samba4 (smbstatus -V: Version 4.1.0pre1-GIT-051a1a9) according to https://wiki.samba.org/index.php/Samba4/HOWTO but adjusted the paths to a more debian way.

I can Manage the Server with the Windows Domain Utilities, add users, add groups, add Machines and so on. I created some printers and managed to set up Point and Print Drivers using print$.

So I think the Server basically works as expected.

Now I'm trying to set up a share which can be read by everyone and written by Domain Admins only. I can see the share on my server as well as a file created in there on the linux command line, but I'm not able to enable write Permission for Domain Admins.

I created a directory on the server /space/testshare and did a "chmod 777 /space/testshare" to be shure there's no problem on the linux file system. When I set "read only = no" on the share I can create a file there without any problem. But setting "read only = yes" and "write list = @"TEST\Domain Admins"" doesn't work - I get "access denied" on the windows host, despite I'm logged on as TEST\Administrator

Some additional information:

root@samba:~# smbstatus -V
==========================
Version 4.1.0pre1-GIT-051a1a9


root@samba:~# wbinfo -u
=======================
Administrator
Guest
krbtgt
dns-samba
testuser

root@samba:~# wbinfo -g
=======================
Enterprise Read-Only Domain Controllers
Domain Admins
Domain Users
Domain Guests
Domain Computers
Domain Controllers
Schema Admins
Enterprise Admins
Group Policy Creator Owners
Read-Only Domain Controllers
DnsUpdateProxy
Testgroup

root@samba:~# cat /etc/samba/smb.conf
=====================================
# Global parameters
[global]
    workgroup = TEST
    server string =
    realm = TEST.LOCAL
    netbios name = SAMBA
    server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate
    log level = 3

[netlogon]
    path = /var/lib/samba/sysvol/test.local/scripts
    read only = No

[sysvol]
    path = /var/lib/samba/sysvol
    read only = No

[printers]
    comment = Printer
    path = /var/spool/samba/spool
    browseable = Yes
    read only = No
    printable = Yes

[print$]
    path = /var/spool/samba/driver
    read only = No

[testshare]
    Comment = Test share
    path = /space/testshare
    read only = Yes
    write list = @"TEST\Domain Admins"


Any help what to do next?

regards
Lukas
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Reply via email to