Can you tell me what are correct permissions to set at sysvol in order to work and how to solve that problem with 'Domain admins' uid ? I´m using samba 4.4.6 and i will upgrade to 4.4.10 but i´d like to correct this issue before. Thanks again Rowland. 2017-03-07 13:34 GMT-03:00 Rowland Penny via samba <samba at lists.samba.org>:> On Tue, 7 Mar 2017 13:16:23 -0300 > Edson Tadeu Almeida da Silveira <edson.tadeu at gmail.com> wrote: > > > Hi Rowland. > > > > But, samba automaticaly do this mapping. > > > > root at server:/usr/local/src/samba-4.4.10# id 'domain admins' > > uid=3000008(DOMAIN\domain admins) gid=3000008(DOMAIN\domain admins) > > groups=3000008(DOMAIN\domain admins) > > > > > > Because of this options in smb.conf: > > > > winbind enum users = yes > > winbind enum groups = yes > > > > Can i remove this mapping only for domain admin group? > > No and those options aren't doing the mapping. All they do is make > 'getent passwd' & 'getent group' show all users and groups, without > them, you will have to do 'getent passwd username' or 'getent group > groupname'. You do not need them for Samba to work. > > The problem with the GPOs that you are adding is that Samba seems to > think they should be set differently to what windows sets them to. > > Big hint here, don't use sysvolreset if you add any GPOs > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- ------------------------------------------- Edson Tadeu Almeida Silveira http://sites.google.com/site/edsontadeu/ -------------------------------------------
On Tue, 7 Mar 2017 14:21:38 -0300 Edson Tadeu Almeida da Silveira <edson.tadeu at gmail.com> wrote:> Can you tell me what are correct permissions to set at sysvol in > order to work and how to solve that problem with 'Domain admins' uid ?It isn't really a 'uid' problem, it is a 'sysvolreset' problem, giving Domain Admins a gidNumber only makes it worse. How to fix it ? Remove the GPO and then add it again, then NEVER use sysvolreset again.> > I´m using samba 4.4.6 and i will upgrade to 4.4.10 but i´d like to > correct this issue before.Why stop at 4.4.10 ? 4.6.0 was released today ;-) Rowland
Hehehehe. I'm trying to get courage to update to 4.6. And i saw that version 4.5.x had a change about ntlmv1 and i use it to auth vpn and wifi users. I need to test before put in production environment. Thanks! 2017-03-07 14:32 GMT-03:00 Rowland Penny via samba <samba at lists.samba.org>:> On Tue, 7 Mar 2017 14:21:38 -0300 > Edson Tadeu Almeida da Silveira <edson.tadeu at gmail.com> wrote: > > > Can you tell me what are correct permissions to set at sysvol in > > order to work and how to solve that problem with 'Domain admins' uid ? > > It isn't really a 'uid' problem, it is a 'sysvolreset' problem, giving > Domain Admins a gidNumber only makes it worse. > How to fix it ? Remove the GPO and then add it again, then NEVER use > sysvolreset again. > > > > > I´m using samba 4.4.6 and i will upgrade to 4.4.10 but i´d like to > > correct this issue before. > > Why stop at 4.4.10 ? 4.6.0 was released today ;-) > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- ------------------------------------------- Edson Tadeu Almeida Silveira http://sites.google.com/site/edsontadeu/ -------------------------------------------