Shares and permissions with UCS... confused


#1

Hey everyone, I have built a test in a lab environment and performed AD takeover from a cloned image of my existing Zentyal Server… After verifying all users and groups were created on UCS I went ahead and created the shares to match my existing network… each share was given ownership of dmadmin:Domain Admins (my current setup).

after created each directory I SCP’d the directory content and used the Security settings from a joined computer, with the dmadmin credentials. I manually assigned each share with the permissions I need with access… some groups have RW (full control) others have RO permissions… This seems to only work halfway… All users can view shares they are supposed to have access too, and denied access to folders they should not have access too based on the group membership.

The problem I am seeing is users cannot open any files, each attempt is denied. Further, I can’t seem to apply security setting to all files/folders in the share from the security settings on the Windows client using the dmadmin account (ownership and full permissions)

I have tried a multitude of settings and can’t seem to figure it out. I have attempted to use the “valid groups” in the Advanced Settings / Samba Permissions and still cannot get the permissions I need.

Does anyone have any suggestions on what I should check? I have checked Inherit ACL, and also enabled “Users with write access may modify permissions”, although I don’t want any user with write access to be able to modify permissions…

Thanks!!


UCS domain takeover of Samba4 server AD Domain
#2

Hey,

sounds like the file or directory permission themselves are to blame. Please post the output of "getfacl " and “getfacl /” with being the full path to the directory that you’ve shared and being one of the files you cannot access via Samba. Thanks.

Kind regards,
Moritz