Rowland Penny
2015-Jan-30 20:26 UTC
[Samba] W7 client cannot adjust file permissions via ADUC
On 30/01/15 20:10, Bob of Donelson Trophy wrote:> > > Leaving and re-joining the domain is easy. Tried that, no difference. > > Checking the gidNumber for the Domain Admin group . . not sure how to do > that?Easy, use ldbedit again :-) ldbedit -e nano -H /var/lib/samba/private/sam.ldb -b "DC=example,DC=com" -s sub '(&(objectclass=group)(cn=Domain Users))' If there isn't one there, add one, like this: gidNumber: 10000 Make sure that the number you use is inside the range in smb.conf Rowland
Bob of Donelson Trophy
2015-Jan-30 20:48 UTC
[Samba] W7 client cannot adjust file permissions via ADUC
Okay, added 'gidNumber: 10000' to the domain users group on DC1. (Was within my range 500-40000.) getnet passwd [user] returns nothing on DC1. W7 client still a "no". And now? --- ------------------------- Bob Wooden of Donelson Trophy 615.885.2846 (main) www.donelsontrophy.com [1] "Everyone deserves an award!!" On 2015-01-30 14:26, Rowland Penny wrote:> On 30/01/15 20:10, Bob of Donelson Trophy wrote: > >> Leaving and re-joining the domain is easy. Tried that, no difference. Checking the gidNumber for the Domain Admin group . . not sure how to do that? > > Easy, use ldbedit again :-) > > ldbedit -e nano -H /var/lib/samba/private/sam.ldb -b "DC=example,DC=com" -s sub '(&(objectclass=group)(cn=Domain Users))' > > If there isn't one there, add one, like this: > > gidNumber: 10000 > > Make sure that the number you use is inside the range in smb.conf > > RowlandLinks: ------ [1] http://www.donelsontrophy.com
Rowland Penny
2015-Jan-30 21:12 UTC
[Samba] W7 client cannot adjust file permissions via ADUC
On 30/01/15 20:48, Bob of Donelson Trophy wrote:> > > Okay, added 'gidNumber: 10000' to the domain users group on DC1. (Was > within my range 500-40000.) > > getnet passwd [user] returns nothing on DC1. > > W7 client still a "no". > > And now? > >Have you tried getent on the member server ? Lets forget W7 for the moment, get the Unix side working and then go to W7. If I run getent on the DC I get this: root at dc01:~# getent passwd rowland EXAMPLE\rowland:*:10000:10000:Rowland Penny:/home/HOME/rowland:/bin/bash So lets check a few files: /etc/resolv.conf should point to itself, I use search example.com nameserver 127.0.0.1 /etc/krb5.conf should contain this: [libdefaults] default_realm = EXAMPLE.COM dns_lookup_realm = false dns_lookup_kdc = true /etc/nsswitch.conf should have these two lines set like this: passwd: compat winbind group: compat winbind Finally can you run: pam-auth-update I have these enabled. Kerberos authentication Unix authentication Winbind NT/Active Directory authentication GNOME Keyring Daemon - Login keyring management ConsoleKit Session Management Inheritable Capabilities Management Rowland