NextCloud Appliance + Samba: Non-Admin User Unable to CIFS

UCS - Univention Corporate Server
1

I tried configuring a share via domain / shares, and just never got my Univention NextCloud appliance to be browsable from my Windows 7 PC & Windows Server 2016 VM, until I installed Active Directory compatible domain controller. Which seemed like overkill, but that’s what worked. Firstly, if that’s not the ‘right’ way to get Samba working, I would appreciate being pointed in a better direction.

With the NextCloud Windows client logged in as Administrator, I created a folder (called Pictures), and then I shared it with User1, a user in NextCloud. I tried to connect to the CIFS share as NextCloudVM\Administrator (using the VM IP for now), and it worked splendidly. Next, I tried to connect to the CIFS share as User1, and was unable to log on. Which makes sense: I created User1 as a NextCloud application user, but not as an account in Univention, so Samba wouldn’t recognize him. So I created User1 in Users (not LDAP), and I proceeded to try to share Pictures with "Domain Users’ (didn’t work), and “Authenticated Users” (still not working). While connected as User1 I am able to browse \NextCloudVM\ and see the shares “netlogon” and “sysvol” as well as “Pictures”, but when I double-click Pictures it says “You do not have permission to access” and to contact my administrator, which is a bit insulting when you’re that admin. Help?

My share is set up as follows:
Name = Pictures
Host = my FQDN (DDNS) which I have set in the hosts file on my Windows 7 PC for home use.
Directory = /var/lib/univention-appcenter/apps/nextcloud/data/nextcloud-data/Administrator/files/Pictures
Directory Owner = Administrator (tried root, User1, and several others, no dice)
Directory Group = Authenticated Users (tried several options there as well)
Permissions = Every box is checked at this moment.

I also tried going in through WinSCP (SSH/SFTP) and setting permissions on that folder. Nothing I did made much difference. I am wondering if I should’ve restart Samba daemons whenever I made changes?

2

When I last left my appliance, I found that I had pooched the permissions well enough that I could no longer access my files from Nextcloud, but I’m still able to connect with WinSCP as root and download/view the files. Today I started over so I could better document what I have and haven’t done.

I deployed a new Univention Nextcloud appliance. Software Update, I updated UCS and Nextcloud to their latest respective versions. I rebooted and took a snapshot in the ESXi interface. I installed the “Active Directory Connection” app, (which I swear wasn’t there before). I logged into Nextcloud as ‘Administrator’, who is both a Nextcloud and Samba user. I created a folder called Pictures. I connected to the new appliance with WinSCP and confirmed the location of this new Pictures folder ("/var/lib/univention-appcenter/apps/nextcloud/data/nextcloud-data/Administrator/files/Pictures"). I also looked at the default permissions: ‘www-data [33]’ is both group and owner, and permissions is 0755. I went to share the folder via Univention, Shares, and it wants me to assign a “directory owner” and “directory owner group”. “www-data” is not a selectable option for either. Leaving it blank is not an option. I presume that setting the folder to anything other than www-data might be a problem.

Does anyone have any suggestions how I configure this folder to be shared via Samba/CIFS without breaking the folder access for Nextcloud users? Also, I don’t need a domain controller on my home network, but it seems the “Active Directory Connection” app doesn’t successfully share my files via CIFS like “Active Directory-compatible Domain Controller” does. I assume all I really need is Samba, but I don’t see that in any other packages. Thoughts?