Zentyal Forum, Linux Small Business Server

Zentyal Server => Directory and Authentication => Topic started by: mjohnson on June 14, 2021, 06:40:56 pm

Title: Windows users can't access Zentyal Samba file shares.
Post by: mjohnson on June 14, 2021, 06:40:56 pm
Zentyal 7.0 licensed server edition as a VM on VMWare.

Users have been created.
A group for each company department has been created (Accounting, Marketing, Technology, etc.)
Users have been assigned to the appropriate groups.
File sharing module is installed and file shares have been created for each company department matching the groups listed above. The file shares are under the Zentyal home path.
Each group has been assigned to a file share with Read and Write permission.

Problem: Users are authenticating properly on the domain when they log into their Windows computer. When a user on a Windows client (desktop or laptop) on the domain attempts to create a network map to their department's file share, the Windows userid/password dialog appears when the share is opened.

The odd thing is, in Zentyal, if I assign a user directly to a file share rather than assigning the user's group to a file share, the user can on their Windows desktop, create a network map to the file share without the Windows userid/password dialog to connect to the share with the privileges I assign them in Zentyal file sharing, either Read, or Read and Write.

On the Zentyal domain controller, some of the file shares are owned by root:adm, some by <domain>\Administrator:adm. and some by <domain>\Administrator:<domain>\<group> like this:

drwxrwx---+   root:adm    4096  /home/zentyal/shares/accounting
drwxrwx---+   XYZ\Administrator:adm    4096  /home/zentyal/shares/marketing
drwxrwx---+   XYZ\Administrator:XYZ\marketing    4096  /home/zentyal/shares/technology

Accessing the share from the Windows client doesn't seem to differ based on the owner:group. It doesn't work when the user's group is assigned to the share, but works when the user is assigned to the share.

Lastly of what I can think that might be pertinent, if I run the "id <user>" command on the domain controller to see the groups per user, the groups per user match the groups to which the user is assigned in Zentyal.

Help greatly appreciated in advance.