Hi Rowland here is it: [global] netbios name = ID-175 security = ADS workgroup = HQKONTRAST realm = HQ.KONTRAST dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab winbind trusted domains only = no winbind use default domain = yes winbind enum users = yes winbind enum groups = yes winbind cache time = 300 winbind refresh tickets = yes # Default idmap config used for BUILTIN and local accounts/groups idmap config *:backend = tdb idmap config *:range = 500-1023 # idmap config for domain HQKONTRAST idmap config HQKONTRAST:backend = ad idmap config HQKONTRAST:schema_mode = rfc2307 idmap config HQKONTRAST:range = 1024-99999 # Use settings from AD for login shell and home directory winbind nss info = rfc2307 [IT-Security] path = /data/security browseable = yes writeable = yes force group = it_security valid users = @it_security create mask = 0660 directory mask = 0770 #oplocks = 0 vfs objects = full_audit recycle full_audit:prefix = %u full_audit:success = mkdir rename rmdir unlink pwrite full_audit:failure = none full_audit:facility = LOCAL5 full_audit:priority = NOTICE recycle:versions = yes recycle:exclude = .*, ~* Thanks :) OLIVER WERNER System-Administrator
Hi Rowland, you can confirm your idea of this problem? OLIVER WERNER System-Administrator> Am 09.01.2017 um 17:52 schrieb Oliver Werner via samba <samba at lists.samba.org>: > > Hi Rowland here is it: > > [global] > netbios name = ID-175 > security = ADS > workgroup = HQKONTRAST > realm = HQ.KONTRAST > > dedicated keytab file = /etc/krb5.keytab > kerberos method = secrets and keytab > > winbind trusted domains only = no > winbind use default domain = yes > winbind enum users = yes > winbind enum groups = yes > winbind cache time = 300 > winbind refresh tickets = yes > > # Default idmap config used for BUILTIN and local accounts/groups > idmap config *:backend = tdb > idmap config *:range = 500-1023 > > # idmap config for domain HQKONTRAST > idmap config HQKONTRAST:backend = ad > idmap config HQKONTRAST:schema_mode = rfc2307 > idmap config HQKONTRAST:range = 1024-99999 > > # Use settings from AD for login shell and home directory > winbind nss info = rfc2307 > > [IT-Security] > path = /data/security > browseable = yes > writeable = yes > force group = it_security > valid users = @it_security > create mask = 0660 > directory mask = 0770 > #oplocks = 0 > vfs objects = full_audit recycle > full_audit:prefix = %u > full_audit:success = mkdir rename rmdir unlink pwrite > full_audit:failure = none > full_audit:facility = LOCAL5 > full_audit:priority = NOTICE > recycle:versions = yes > recycle:exclude = .*, ~* > > > Thanks :) > OLIVER WERNER > System-Administrator > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
On Tue, 10 Jan 2017 15:51:43 +0100 Oliver Werner <oliver.werner at kontrast.de> wrote:> Hi Rowland, > > you can confirm your idea of this problem?To be honest, no ;-) I thought that because 'it_secuirity' had the GID '1396' , there was possibility that it was a local Unix group and windows couldn't actually see it, but this doesn't seem to be the case. You could try adding these lines to smb.conf: vfs objects = acl_xattr map acl inherit = Yes store dos attributes = Yes Rowland