Lin Pro
2017-Feb-21 10:11 UTC
[Samba] Setting Win ACLs via Comp Managment, connection to Member Server warning
Hi, I try to follow the instructions (https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs#File_System_ACLs_in_the_Back_End) A big screen pops up with when an attempt is made to connect to member server, then connection is granted but I am suspitious if changes can be made. SeDiskOperatorPrivilege on ADDC is granted to BUILTIN\Administrators and Domain Admins But the Member Server has that permission granted only to BUILTIN\Administrators. Why? Is this normal? Should the permissions be set on the member server instead, not on the ADDC? or whould they propagate across from ADDC to Member Server...? thank for hints -- best regards linforpros
Rowland Penny
2017-Feb-21 11:07 UTC
[Samba] Setting Win ACLs via Comp Managment, connection to Member Server warning
On Tue, 21 Feb 2017 04:11:52 -0600 Lin Pro via samba <samba at lists.samba.org> wrote:> Hi, > SeDiskOperatorPrivilege on ADDC is granted to BUILTIN\Administrators > and Domain Admins > > But the Member Server has that permission granted only to > BUILTIN\Administrators. > Why? > Is this normal? Should the permissions be set on the member server > instead, not on the ADDC? or whould they propagate across from ADDC to > Member Server...? >Quite normal, just give Domain Admins the privilege on the domain member Rowland
Lin Pro
2017-Feb-21 16:56 UTC
[Samba] Setting Win ACLs via Comp Managment, connection to Member Server warning
I have given the SeDiskOperatorPrivilege on the domain member but it did not help. The connection warning persists when I click on the "Shared Folders" + shared. It says to check network path, firewall rules. dismissing the window takes me to the domain member and shared folder can be selected and viewed. An attempt to modify and pressing "apply" results in another warning that it is a root share and that anything inherited will be removed and so on. Question: What is the minimal set of Accounts that need to have UNIX atributes set in order to have a functional domain? (in my case I set Unix attributes on BUILTIN Administrators and Users, SAMDOM\<myusers>.) My setup is ADDC (ubuntu) + DM (Ubuntu). Trying to Administer eACL from Windows Server 2012 R2 RSAT. thanks Lin
Seemingly Similar Threads
- Setting Win ACLs via Comp Managment, connection to Member Server warning
- Setting Win ACLs via Comp Managment, connection to Member Server warning
- Setting Win ACLs via Comp Managment, connection to Member Server warning
- Setting Win ACLs via Comp Managment, connection to Member Server warning
- Setting Win ACLs via Comp Managment, connection to Member Server warning