samba - Jan 2015 - W7 client cannot adjust file permissions via ADUC

No, I did not try the alterations but, Louis had me remove the "domain
users" line earlier. 

Put the line back in and try alterations? (If so, I will not have time
until you are asleep, tonight.) 

---

-------------------------

Bob Wooden of Donelson Trophy

615.885.2846 (main)
www.donelsontrophy.com [1]

"Everyone deserves an award!!"

On 2015-01-28 12:34, Rowland Penny wrote: 
> On 28/01/15 17:57, Bob of Donelson Trophy wrote:
> 
>> That was a cut/paste error. I've been thinking (danger, danger)
when I test kerberos it returns the two DC's are available. Should it be
including the member server also? Didn't I see the script setup kerberos on
the member server? (Remember this was installed with the gen one scripts, not
the newest scripts.)
> 
> The DC's are KDC's, member servers are clients, so your member
server will not show up if you run this:
> 
> host -t SRV _kerberos._udp.<DOMAIN.NAME.
> 
> I take it this was what you meant by testing kerberos.
> 
> Did you try the alterations I suggested to your 'admin users' line
?
> 
> Rowland
 

Links:
------
[1] http://www.donelsontrophy.com

On 28/01/15 18:55, Bob of Donelson Trophy wrote:
>   
>
> No, I did not try the alterations but, Louis had me remove the "domain
> users" line earlier.
>
> Put the line back in and try alterations? (If so, I will not have time
> until you are asleep, tonight.)
>
By all means try it, you have nothing to lose :-)

I take it that 'wbinfo -u' shows all the domain users on the member 
server and 'wbinfo -g' shows all the domain groups. Also 'getent
passwd
<domain user> shows the user.

Rowland

Rowland, 

I have tried your various alteration suggestions and it is a
"negative"
result. 

Here is the output from wbinfo -u & wbinfo -g 

root at dtmbr01:~# wbinfo -u
administrator
dns-dtdc02
dns-dtdc01
krbtgt
guest
root at dtmbr01:~# wbinfo -g
allowed rodc password replication group
enterprise read-only domain controllers
denied rodc password replication group
read-only domain controllers
group policy creator owners
ras and ias servers
domain controllers
enterprise admins
domain computers
cert publishers
dnsupdateproxy
domain admins
domain guests
schema admins
domain users
dnsadmins 

root at dtmbr01:~# getent passwd Administrator
administrator:*:50001:50006::/home/samba/DT***RM/users/administratorSERNAME%:/bin/bash


Say what, "administratorSERNAME%"? 

After running the 'generation one' script to create the member server, I
have changed nothing except the suggestions that have been made on this
mailing list. Attempting to gain access to the member server to
re-adjust the file permissions on "profiles" per the instructions on
the
samba wiki. 

Please, thoughts? 
---

-------------------------

Bob Wooden of Donelson Trophy

615.885.2846 (main)
www.donelsontrophy.com [1]

"Everyone deserves an award!!"

On 2015-01-28 13:09, Rowland Penny wrote: 
> On 28/01/15 18:55, Bob of Donelson Trophy wrote:
> 
>> No, I did not try the alterations but, Louis had me remove the
"domain users" line earlier. Put the line back in and try alterations?
(If so, I will not have time until you are asleep, tonight.)
> 
> By all means try it, you have nothing to lose :-)
> 
> I take it that 'wbinfo -u' shows all the domain users on the member
server and 'wbinfo -g' shows all the domain groups. Also 'getent
passwd <domain user> shows the user.
> 
> Rowland
 

Links:
------
[1] http://www.donelsontrophy.com