Hai Mourik Jan/Victor.
> MJ definitely understands the problem I'm facing....
Yes, and i do to but you wont listen...
ALL My client pc's, windows and linux computers, dont have any uid/gid
assigned.
My client pc's do access the DCs and multiple member servers with shares.
I do distribute settings and files with GPO and these files are on a member
server. Yes also as "COMPUTER$" so the computer can get its file as in
the GPO is set.
And yes, i know your problem, its all rights where your looking for.
But it can be fixed.
I have a share "public", in which i have a folder Installers.
The share as everybody with full controll as right.
For the Security tab rights on public, i have
Creator owner special. Only folders and files on underlying folders.
Creator group special. Only folders and files on underlying folders.
Verified users read+exec This folder underlying folders and files
Domain Admins Full This folder underlying folders and files
Domain users read+exec This folder underlying folders and files
Domain computer read+exec This folder underlying folders and files
The subfolders have there own rights as needed.
My "Installers" folder, which the domain computers do access has.
Root special. Only this folders
Verified users read+exec This this folder, underlying folders and files
Creator owner special. Only this folders and files on underlying folders.
Creator group special. Only this folders and files on underlying folders.
It-depertment Full Only this folders and files on underlying folders.
Domain Admins Full Only this folders and files on underlying folders.
And this is the share in smb.conf :
[public]
browseable = yes
path = /home/samba/public
read only = no
/home/ 755 root:root
/home/samba 755 root:root
public : drwxrwx---+ 12 root root 4096 Oct 15 15:25 public
And a getfacl
# file: /home/samba/public/
# owner: root
# group: root
user::rwx
user:root:rwx
group::---
group:root:---
group:2004:r-x
group:domain\040users:r-x
group:domain\040admins:rwx
group:domain\040computers:r-x
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:group::r-x
default:group:root:r-x
default:group:2004:r-x
default:group:domain\040users:r-x
default:group:domain\040admins:rwx
default:group:domain\040computers:r-x
default:mask::rwx
default:other::---
Good luck. Its all in the rights..
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Viktor
Trojanovic
> Verzonden: woensdag 18 november 2015 9:52
> Aan: mourik jan c heupink
> CC: samba at lists.samba.org
> Onderwerp: Re: [Samba] Permission Issues with GPO
>
> MJ definitely understands the problem I'm facing. I will report back by
> tmw if the solution works, don't have access to the server at the
moment.
>
> Viktor
>
> > On 18 Nov 2015, at 09:04, mourik jan c heupink <heupink at
merit.unu.edu>
> wrote:
> >
> > Hi,
> >
> > Well, but do your GPO clients have to access your fileservers (domain
> member servers), or only the DCs with the actual sysvol?
> >
> > Because in our case: accessing the DCs under the machine acounts works
> without gid/uid, no problem, but accessing domain member servers does NOT.
> >
> > MJ
> >
> >> On 18-11-2015 8:45, L.P.H. van Belle wrote:
> >> None of my computers have a UID/GID and my GPO works fine.
> >>
> >> Add the line i suggested to the share, and setup your rights
> >>
> >> Gr.
> >>
> >> Louis
> >>
> >>> -----Oorspronkelijk bericht-----
> >>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
mourik jan c
> >>> heupink
> >>> Verzonden: dinsdag 17 november 2015 18:55
> >>> Aan: samba at lists.samba.org
> >>> Onderwerp: Re: [Samba] Permission Issues with GPO
> >>>
> >>> Hi Victor,
> >>>
> >>> I have had similar issues as you describe.
> >>>
> >>> Could it be that your computer account has no gidNumber and
uidNumber
> >>> assigned?
> >>>
> >>> MJ
> >>>
> >>>
> >>> --
> >>> To unsubscribe from this list go to the following URL and read
the
> >>> instructions: https://lists.samba.org/mailman/options/samba
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba