samba - Dec 2016 - Files get created as BUILTIN\administrators

Hi All,

I've got a problem on a Samba Active Directory domain controller. This
is the third controller in our network, and the only one with this
problem. When I try to create a file, it is created with this persmissions:

-rwxrwxr-x+  1 BUILTIN\administrators users          0 dec  2 08:28 test*

On the other machines, it gets created as dirk.users, which is how I
would like it to work.

I am a domain admin. The 'normal' users have no problem.

I'm running samba 4.5.1-9.

Any Ideas?

Thank you in advance,

Dirk

Hai Dirk, 

Your os is? 
And this happens on what share?  
I'm guessing sysvol, since this is a default sysvol right. 

Its also handy to provide a saniticed smb.conf that helps. 

And last, what does : getfact testfile_or_folder 
show as right?

For example, all my user homedirs show : 
drwxrwx---+ 13 root  root 4096 Apr 11  2016 testuser
but the windows acl is used in the background. 

So this does not have to be a problem. 

Just find where the difference is. 
Compair all share security settings on you DC.s correct them. 
!!! BE VERY CAREFULL IF THESE SERVERS ARE IN PRODUCTION !!! 
Then check all rights on  security ( file/folder ) 



Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Dirk Bonenkamp
-
> ProActive via samba
> Verzonden: vrijdag 2 december 2016 10:28
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Files get created as BUILTIN\administrators
> 
> Hi All,
> 
> I've got a problem on a Samba Active Directory domain controller. This
> is the third controller in our network, and the only one with this
> problem. When I try to create a file, it is created with this
> persmissions:
> 
> -rwxrwxr-x+  1 BUILTIN\administrators users          0 dec  2 08:28 test*
> 
> On the other machines, it gets created as dirk.users, which is how I
> would like it to work.
> 
> I am a domain admin. The 'normal' users have no problem.
> 
> I'm running samba 4.5.1-9.
> 
> Any Ideas?
> 
> Thank you in advance,
> 
> Dirk
> 
> 
> 
> 
> 
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

Hi Louis & list,

Thank you for your answer.

I'm running Ubuntu 12.04 64 bit on this machine and I'm using the sernet
packages. The others are 14.04 and 16.04, using stock ubuntu packages.

It's a share called 'developers' and it works as users homedirs. My
getfacl is the same to yours. I've already compared the share security
settings, they are the same. Things work fine for all the other users,
only not for the domain admins. Looks like samba does not 'translate' to
the correct uid or something like that.

smb.conf is pasted below. I've manually added the "idmap_ldb:use
rfc2307
= yes", but this doesn't help.

Cheers,

Dirk

# Global parameters
[global]
        netbios name = DEV
        realm = PROACTIVE.LOCAL
        workgroup = PROACTIVE
        server role = active directory domain controller
        idmap_ldb:use rfc2307 = yes

        log file = /var/log/samba/%m.log
        log level = 3
[netlogon]
        path = /var/lib/samba/sysvol/proactive.local/scripts
        read only = No

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No

[development]
        path = /var/www/developers
        read only = no

[icons]
        path = /var/base/icn
        read only = no

[simplesaml]
        path = /var/base/simplesaml
        read only = no


On 02-12-16 10:53, L.P.H. van Belle via samba wrote:
> Hai Dirk, 
>
> Your os is? 
> And this happens on what share?  
> I'm guessing sysvol, since this is a default sysvol right. 
>
> Its also handy to provide a saniticed smb.conf that helps. 
>
> And last, what does : getfact testfile_or_folder 
> show as right?
>
> For example, all my user homedirs show : 
> drwxrwx---+ 13 root  root 4096 Apr 11  2016 testuser
> but the windows acl is used in the background. 
>
> So this does not have to be a problem. 
>
> Just find where the difference is. 
> Compair all share security settings on you DC.s correct them. 
> !!! BE VERY CAREFULL IF THESE SERVERS ARE IN PRODUCTION !!! 
> Then check all rights on  security ( file/folder ) 
>
>
>
> Greetz, 
>
> Louis
>
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Dirk
Bonenkamp -
>> ProActive via samba
>> Verzonden: vrijdag 2 december 2016 10:28
>> Aan: samba at lists.samba.org
>> Onderwerp: [Samba] Files get created as BUILTIN\administrators
>>
>> Hi All,
>>
>> I've got a problem on a Samba Active Directory domain controller.
This
>> is the third controller in our network, and the only one with this
>> problem. When I try to create a file, it is created with this
>> persmissions:
>>
>> -rwxrwxr-x+  1 BUILTIN\administrators users          0 dec  2 08:28
test*
>>
>> On the other machines, it gets created as dirk.users, which is how I
>> would like it to work.
>>
>> I am a domain admin. The 'normal' users have no problem.
>>
>> I'm running samba 4.5.1-9.
>>
>> Any Ideas?
>>
>> Thank you in advance,
>>
>> Dirk
>>
>>
>>
>>
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
 
ProActive Software