On Fri, Oct 7, 2016 at 12:38 PM, Rowland Penny via samba < samba at lists.samba.org> wrote:> have you given Domain Admins the required rights ? > > net rpc rights grant DOMAIN\\"Domain Admins" > SeDiskOperatorPrivilege -UAdministrator >Yes. I followed this wiki example: https://wiki.samba.org/index.php/Shares_with_Windows_ACLs Here is some output: [nienberg at gecko ~]$ net rpc rights list accounts -U'STA\myAdminAccount' STA\Domain Admins SeDiskOperatorPrivilege
Well, the easy fix is to add this to the share definition: admin users = "@STA\domain admins" The wiki implies that this should not be necessary, so I don't know if the wiki is wrong or if I failed to follow it correctly. This was my first share using Windows ACLS and it was an interesting experience, but for me I think the POSIX ACLs are easier to understand and troubleshoot. That may just be because I am more of a Linux admin than a Windows admin. Mark On Sat, Oct 8, 2016 at 12:04 PM, Mark Nienberg < mnlists at tippingstructural.com> wrote:> > On Fri, Oct 7, 2016 at 12:38 PM, Rowland Penny via samba < > samba at lists.samba.org> wrote: > >> have you given Domain Admins the required rights ? >> >> net rpc rights grant DOMAIN\\"Domain Admins" >> SeDiskOperatorPrivilege -UAdministrator >> > > Yes. I followed this wiki example: > https://wiki.samba.org/index.php/Shares_with_Windows_ACLs > > Here is some output: > > [nienberg at gecko ~]$ net rpc rights list accounts -U'STA\myAdminAccount' > > STA\Domain Admins > SeDiskOperatorPrivilege >
lingpanda101 at gmail.com
2016-Oct-12 18:31 UTC
[Samba] Roaming Profiles with Windows ACLs
On 10/12/2016 1:34 PM, Mark Nienberg via samba wrote:> Well, the easy fix is to add this to the share definition: > > admin users = "@STA\domain admins" > > The wiki implies that this should not be necessary, so I don't know if the > wiki is wrong or if I failed to follow it correctly. This was my first > share using Windows ACLS and it was an interesting experience, but for me I > think the POSIX ACLs are easier to understand and troubleshoot. That may > just be because I am more of a Linux admin than a Windows admin. > > Mark > > On Sat, Oct 8, 2016 at 12:04 PM, Mark Nienberg < > mnlists at tippingstructural.com> wrote: > >> On Fri, Oct 7, 2016 at 12:38 PM, Rowland Penny via samba < >> samba at lists.samba.org> wrote: >> >>> have you given Domain Admins the required rights ? >>> >>> net rpc rights grant DOMAIN\\"Domain Admins" >>> SeDiskOperatorPrivilege -UAdministrator >>> >> Yes. I followed this wiki example: >> https://wiki.samba.org/index.php/Shares_with_Windows_ACLs >> >> Here is some output: >> >> [nienberg at gecko ~]$ net rpc rights list accounts -U'STA\myAdminAccount' >> >> STA\Domain Admins >> SeDiskOperatorPrivilege >>Do your Domain Admins have 'Full control' as a permission and 'This folder, subfolders and files' on the root share under? -- -James