OK, after some other hours of surfing through the net I stubled
accross the needed information:
It looks like to try setting ACLs in smb.conf like it was done on
Samba3 is obsolete in Samba4. You do everything by setting the ACLs on
the share by Windows-GUI.
[testshare]
Comment = Test share
path = /space/testshare
read only = No
is all you need to specify in smb.conf...
regards
Lukas
Zitat von Lukas Gradl <[email protected]>:
Hi!
I created a Samba4 Demo Server to test AD functionality. Basically
it's a Debian Wheezy machine with a manually compiled Samba4
(smbstatus -V: Version 4.1.0pre1-GIT-051a1a9) according to
https://wiki.samba.org/index.php/Samba4/HOWTO but adjusted the paths
to a more debian way.
I can Manage the Server with the Windows Domain Utilities, add
users, add groups, add Machines and so on.
I created some printers and managed to set up Point and Print
Drivers using print$.
So I think the Server basically works as expected.
Now I'm trying to set up a share which can be read by everyone and
written by Domain Admins only. I can see the share on my server as
well as a file created in there on the linux command line, but I'm
not able to enable write Permission for Domain Admins.
I created a directory on the server /space/testshare and did a
"chmod 777 /space/testshare" to be shure there's no problem on the
linux file system. When I set "read only = no" on the share I can
create a file there without any problem. But setting "read only =
yes" and "write list = @"TEST\Domain Admins"" doesn't work - I get
"access denied" on the windows host, despite I'm logged on as
TEST\Administrator
Some additional information:
root@samba:~# smbstatus -V
==========================
Version 4.1.0pre1-GIT-051a1a9
root@samba:~# wbinfo -u
=======================
Administrator
Guest
krbtgt
dns-samba
testuser
root@samba:~# wbinfo -g
=======================
Enterprise Read-Only Domain Controllers
Domain Admins
Domain Users
Domain Guests
Domain Computers
Domain Controllers
Schema Admins
Enterprise Admins
Group Policy Creator Owners
Read-Only Domain Controllers
DnsUpdateProxy
Testgroup
root@samba:~# cat /etc/samba/smb.conf
=====================================
# Global parameters
[global]
workgroup = TEST
server string =
realm = TEST.LOCAL
netbios name = SAMBA
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
drepl, winbind, ntp_signd, kcc, dnsupdate
log level = 3
[netlogon]
path = /var/lib/samba/sysvol/test.local/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[printers]
comment = Printer
path = /var/spool/samba/spool
browseable = Yes
read only = No
printable = Yes
[print$]
path = /var/spool/samba/driver
read only = No
[testshare]
Comment = Test share
path = /space/testshare
read only = Yes
write list = @"TEST\Domain Admins"
Any help what to do next?
regards
Lukas
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
