root at fileserver:~# getfacl /home/dados/ getfacl: Removing leading '/' from absolute path names # file: home/dados/ # owner: root # group: domain\040admins user::rwx group::rwx other::--- Still with the same problem. No security tab on windows machine. :( The "Administrator" and "Domain Admins" also need to have an unix attribute? On Tue, May 30, 2017 at 4:08 PM, Rowland Penny via samba < samba at lists.samba.org> wrote:> On Tue, 30 May 2017 15:51:11 -0300 > Elias Pereira <empbilly at gmail.com> wrote: > > > > > > > Who are logged into the win7 machine as, Administrator or a member > > > of Domain Admins ? > > > > > > As administrator. > > > > I take it /mnt/dados is a mount from somewhere else, how is it > > mounted > > > and where from ? > > > > > > For now it is mounted on the folder /mnt/dados in the same HD of the > > fileserver. Later I'll add another HD with more space. > > > > root at fileserver:~# cd /mnt/dados/ > > root at fileserver:/mnt/dados# df -h > > Filesystem Size Used Avail Use% Mounted on > > udev 10M 0 10M 0% /dev > > tmpfs 803M 8.6M 795M 2% /run > > */dev/xvda1 7.4G 1.7G 5.4G 24% /* > > tmpfs 2.0G 0 2.0G 0% /dev/shm > > tmpfs 5.0M 0 5.0M 0% /run/lock > > tmpfs 2.0G 0 2.0G 0% /sys/fs/cgroup > > tmpfs 402M 0 402M 0% /run/user/0 > > > > I have a feeling that may be the problem, try creating another share > that is actually directly on the Samba server, perhaps something > in /home and then see if you get a security tab on the windows machine. > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- Elias Pereira
On Tue, 30 May 2017 16:28:00 -0300 Elias Pereira <empbilly at gmail.com> wrote:> root at fileserver:~# getfacl /home/dados/ > getfacl: Removing leading '/' from absolute path names > # file: home/dados/ > # owner: root > # group: domain\040admins > user::rwx > group::rwx > other::--- > > Still with the same problem. No security tab on windows machine. :( > > The "Administrator" and "Domain Admins" also need to have an unix > attribute? >Simple answer: Administrator, No Domain Admins, Yes Long answer: Administrator maps to 'root' through the user.map in smb.conf, so gets '0' If Domain Admins doesn't have a gidNumber (and you are using the 'ad' backend), then it is unknown to the underlying OS. Rowland
> > Simple answer: > Administrator, No > Domain Admins, YesOk. It was already that way. root at fileserver:/etc/samba# getent group ... domain admins:x:10004: domain users:x:10000: dap:x:10003: dti:x:10001: For some reason with the administrator user is not working, I put my user as domain admin and include him as a member of unix and now I can access the security tab. http://i.imgur.com/tNBj8dal.png root at fileserver:/etc/samba# getent passwd elias.pereira elias.pereira:*:10001:10000:Elias Pereira:/home/elias.pereira:/bin/sh root at fileserver:/etc/samba# getent passwd administrator root at fileserver:/etc/samba# getent passwd ADDC\administrator In the *getent passwd administrator* nothing appears. According to your explanation, it should contain the value "0" !? What permissions that user.map file should have? root at fileserver:/etc/samba# getfacl user.map # file: user.map # owner: root # group: root user::rw- group::r-- other::r-- On Tue, May 30, 2017 at 4:41 PM, Rowland Penny via samba < samba at lists.samba.org> wrote:> On Tue, 30 May 2017 16:28:00 -0300 > Elias Pereira <empbilly at gmail.com> wrote: > > > root at fileserver:~# getfacl /home/dados/ > > getfacl: Removing leading '/' from absolute path names > > # file: home/dados/ > > # owner: root > > # group: domain\040admins > > user::rwx > > group::rwx > > other::--- > > > > Still with the same problem. No security tab on windows machine. :( > > > > The "Administrator" and "Domain Admins" also need to have an unix > > attribute? > > > > Simple answer: > Administrator, No > Domain Admins, Yes > > Long answer: > > Administrator maps to 'root' through the user.map in smb.conf, so gets > '0' > If Domain Admins doesn't have a gidNumber (and you are using the 'ad' > backend), then it is unknown to the underlying OS. > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- Elias Pereira