Lin Pro
2017-Feb-21 16:56 UTC
[Samba] Setting Win ACLs via Comp Managment, connection to Member Server warning
I have given the SeDiskOperatorPrivilege on the domain member but it did not help. The connection warning persists when I click on the "Shared Folders" + shared. It says to check network path, firewall rules. dismissing the window takes me to the domain member and shared folder can be selected and viewed. An attempt to modify and pressing "apply" results in another warning that it is a root share and that anything inherited will be removed and so on. Question: What is the minimal set of Accounts that need to have UNIX atributes set in order to have a functional domain? (in my case I set Unix attributes on BUILTIN Administrators and Users, SAMDOM\<myusers>.) My setup is ADDC (ubuntu) + DM (Ubuntu). Trying to Administer eACL from Windows Server 2012 R2 RSAT. thanks Lin
Rowland Penny
2017-Feb-21 17:02 UTC
[Samba] Setting Win ACLs via Comp Managment, connection to Member Server warning
On Tue, 21 Feb 2017 10:56:35 -0600 Lin Pro <linforpros at gmail.com> wrote:> Question: What is the minimal set of Accounts that need to have UNIX > atributes set in order to have a functional domain? > (in my case I set Unix attributes on BUILTIN Administrators and Users, > SAMDOM\<myusers>.) >Change the group ownership of the share: chgrp 'Domain Admins' /path/to/share As for minimal set of Unix accounts, you only really need Domain Users and Domain Admins and if you are going to use GPOs, you would be better off creating a new group, adding this to Domain Admins and giving this a gidNumber, then use this group instead of Domain Admins. Rowland
Lin Pro
2017-Feb-21 18:40 UTC
[Samba] Setting Win ACLs via Comp Managment, connection to Member Server warning
Thank you for your guidance. I must have something seriously wrong in the settings. Here is the eACL share: root at ubuntu-dm1:~# ls -l /srv/samba/eACLshare/ -d drwxr-xr-x 2 root domain admins 4096 Feb 21 09:00 /srv/samba/eACLshare/>From Windows, Comp Management - Connect to another computer -> System ToolsI get UBUNTU-DM1
Lin Pro
2017-Feb-21 18:49 UTC
[Samba] Setting Win ACLs via Comp Managment, connection to Member Server warning
Thank you for your guidance. I must have something seriously wrong in the settings. Here is the eACL share: root at ubuntu-dm1:~# ls -l /srv/samba/eACLshare/ -d drwxr-xr-x 2 root domain admins 4096 Feb 21 09:00 /srv/samba/eACLshare/>From Windows as an administrator of the domain, Comp Management -Connect to another computer -> System Tools I get UBUNTU-DM1 cannot be connected.... But after dismissing the warning window with "ok" I can click on the share c:\srv\samba\eACLshare and inspect the settings Unfortunately any changes or modifications in the security tab results in "Remotely setting permissions on the folder..." warning, second "permission denied" interestingly Security tab show no permissions for "Domain Admins" Is there place where I could post screenshots? thank you for hints