Rowland Penny
2015-Jan-30 19:54 UTC
[Samba] W7 client cannot adjust file permissions via ADUC
On 30/01/15 19:42, Bob of Donelson Trophy wrote:> > > Yes, "INTERNAL" was the actual. Generated by script, I presume. Now > changed to my workgroup name. Restarted member server. > > Now 'getent passwd Administrator' returns nothing but, W7 client still > cannot connect. > > (As I have restored and re-run script this morning doesn't that mean it > has to be coming over from DC's somehow?) > >OK, we are getting somewhere (not sure where though ;-) ) I don't get anything when I try to get Administrators info either, so don't worry about it. so, you have a user in AD that does have a 'uidNumber', does Domain Users have a 'gidNumber', if not give the group one. After that, does 'getent passwd <username>' return anything, if not check that the 'uidNumber' & 'gidNumber' are both inside '2000-40000' Is the W7 client joined to the Domain, try leaving the domain and rejoining. Rowland
Bob of Donelson Trophy
2015-Jan-30 20:10 UTC
[Samba] W7 client cannot adjust file permissions via ADUC
Leaving and re-joining the domain is easy. Tried that, no difference. Checking the gidNumber for the Domain Admin group . . not sure how to do that? --- ------------------------- Bob Wooden of Donelson Trophy 615.885.2846 (main) www.donelsontrophy.com [1] "Everyone deserves an award!!" On 2015-01-30 13:54, Rowland Penny wrote:> On 30/01/15 19:42, Bob of Donelson Trophy wrote: > >> Yes, "INTERNAL" was the actual. Generated by script, I presume. Now changed to my workgroup name. Restarted member server. Now 'getent passwd Administrator' returns nothing but, W7 client still cannot connect. (As I have restored and re-run script this morning doesn't that mean it has to be coming over from DC's somehow?) > > OK, we are getting somewhere (not sure where though ;-) ) > > I don't get anything when I try to get Administrators info either, so don't worry about it. > > so, you have a user in AD that does have a 'uidNumber', does Domain Users have a 'gidNumber', if not give the group one. > > After that, does 'getent passwd <username>' return anything, if not check that the 'uidNumber' & 'gidNumber' are both inside '2000-40000' > > Is the W7 client joined to the Domain, try leaving the domain and rejoining. > > RowlandLinks: ------ [1] http://www.donelsontrophy.com
Rowland Penny
2015-Jan-30 20:26 UTC
[Samba] W7 client cannot adjust file permissions via ADUC
On 30/01/15 20:10, Bob of Donelson Trophy wrote:> > > Leaving and re-joining the domain is easy. Tried that, no difference. > > Checking the gidNumber for the Domain Admin group . . not sure how to do > that?Easy, use ldbedit again :-) ldbedit -e nano -H /var/lib/samba/private/sam.ldb -b "DC=example,DC=com" -s sub '(&(objectclass=group)(cn=Domain Users))' If there isn't one there, add one, like this: gidNumber: 10000 Make sure that the number you use is inside the range in smb.conf Rowland