> > Simple answer: > Administrator, No > Domain Admins, YesOk. It was already that way. root at fileserver:/etc/samba# getent group ... domain admins:x:10004: domain users:x:10000: dap:x:10003: dti:x:10001: For some reason with the administrator user is not working, I put my user as domain admin and include him as a member of unix and now I can access the security tab. http://i.imgur.com/tNBj8dal.png root at fileserver:/etc/samba# getent passwd elias.pereira elias.pereira:*:10001:10000:Elias Pereira:/home/elias.pereira:/bin/sh root at fileserver:/etc/samba# getent passwd administrator root at fileserver:/etc/samba# getent passwd ADDC\administrator In the *getent passwd administrator* nothing appears. According to your explanation, it should contain the value "0" !? What permissions that user.map file should have? root at fileserver:/etc/samba# getfacl user.map # file: user.map # owner: root # group: root user::rw- group::r-- other::r-- On Tue, May 30, 2017 at 4:41 PM, Rowland Penny via samba < samba at lists.samba.org> wrote:> On Tue, 30 May 2017 16:28:00 -0300 > Elias Pereira <empbilly at gmail.com> wrote: > > > root at fileserver:~# getfacl /home/dados/ > > getfacl: Removing leading '/' from absolute path names > > # file: home/dados/ > > # owner: root > > # group: domain\040admins > > user::rwx > > group::rwx > > other::--- > > > > Still with the same problem. No security tab on windows machine. :( > > > > The "Administrator" and "Domain Admins" also need to have an unix > > attribute? > > > > Simple answer: > Administrator, No > Domain Admins, Yes > > Long answer: > > Administrator maps to 'root' through the user.map in smb.conf, so gets > '0' > If Domain Admins doesn't have a gidNumber (and you are using the 'ad' > backend), then it is unknown to the underlying OS. > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- Elias Pereira
On Tue, 30 May 2017 17:19:04 -0300 Elias Pereira <empbilly at gmail.com> wrote:> > > > Simple answer: > > Administrator, No > > Domain Admins, Yes > > > Ok. It was already that way. > > root at fileserver:/etc/samba# getent group > ... > domain admins:x:10004: > domain users:x:10000: > dap:x:10003: > dti:x:10001: > > For some reason with the administrator user is not working, I put my > user as domain admin and include him as a member of unix and now I > can access the security tab. > > http://i.imgur.com/tNBj8dal.png > > root at fileserver:/etc/samba# getent passwd elias.pereira > elias.pereira:*:10001:10000:Elias Pereira:/home/elias.pereira:/bin/sh > root at fileserver:/etc/samba# getent passwd administrator > root at fileserver:/etc/samba# getent passwd ADDC\administrator > > In the *getent passwd administrator* nothing appears. According to > your explanation, it should contain the value "0" !? > > What permissions that user.map file should have? > > root at fileserver:/etc/samba# getfacl user.map > # file: user.map > # owner: root > # group: root > user::rw- > group::r-- > other::r-- > >Bit more explaining ;-) If you run getent passwd administrator on a DC, you should get something like this: root at dc1:~# getent passwd administrator SAMDOM\administrator:*:0:10000::/home/administrator:/bin/bash But on a Unix domain member, you will get this: rowland at devstation:~$ getent passwd administrator rowland at devstation:~$ Yes, nothing ;-) This is because Administrator is 'mapped' to root and the OS doesn't know who Administrator is, but you should be able to do things from windows as Administrator. There is however a gotcha, on any domain joined windows machine there are two 'Administrators'. One is the local Administrator and will not be mapped to 'root' and the other is 'Domain\Administrator', this is the one that is mapped to the Unix user 'root'. So, if you logged in as just 'Administrator, this is very likely to be your problem. getfacl against my user.map returns the same results as yours and everything works for me. Rowland
> > If you run getent passwd administrator on a DC, you should get > something like this: > root at dc1:~# getent passwd administrator > SAMDOM\administrator:*:0:10000::/home/administrator:/bin/bashOn my DC getent passwd administrator show nothing. :( Is it necessary to map the root user to ADDC as well? There is however a gotcha, on any domain> joined windows machine there are two 'Administrators'. One is the local > Administrator and will not be mapped to 'root' and the other is > 'Domain\Administrator', this is the one that is mapped to the Unix user > 'root'. So, if you logged in as just 'Administrator, this is very > likely to be your problem.No, I logged in with user ADDC\administrator On Tue, May 30, 2017 at 5:38 PM, Rowland Penny via samba < samba at lists.samba.org> wrote:> On Tue, 30 May 2017 17:19:04 -0300 > Elias Pereira <empbilly at gmail.com> wrote: > > > > > > > Simple answer: > > > Administrator, No > > > Domain Admins, Yes > > > > > > Ok. It was already that way. > > > > root at fileserver:/etc/samba# getent group > > ... > > domain admins:x:10004: > > domain users:x:10000: > > dap:x:10003: > > dti:x:10001: > > > > For some reason with the administrator user is not working, I put my > > user as domain admin and include him as a member of unix and now I > > can access the security tab. > > > > http://i.imgur.com/tNBj8dal.png > > > > root at fileserver:/etc/samba# getent passwd elias.pereira > > elias.pereira:*:10001:10000:Elias Pereira:/home/elias.pereira:/bin/sh > > root at fileserver:/etc/samba# getent passwd administrator > > root at fileserver:/etc/samba# getent passwd ADDC\administrator > > > > In the *getent passwd administrator* nothing appears. According to > > your explanation, it should contain the value "0" !? > > > > What permissions that user.map file should have? > > > > root at fileserver:/etc/samba# getfacl user.map > > # file: user.map > > # owner: root > > # group: root > > user::rw- > > group::r-- > > other::r-- > > > > > > Bit more explaining ;-) > > If you run getent passwd administrator on a DC, you should get > something like this: > > root at dc1:~# getent passwd administrator > SAMDOM\administrator:*:0:10000::/home/administrator:/bin/bash > > But on a Unix domain member, you will get this: > > rowland at devstation:~$ getent passwd administrator > rowland at devstation:~$ > > Yes, nothing ;-) > > This is because Administrator is 'mapped' to root and the OS doesn't > know who Administrator is, but you should be able to do things from > windows as Administrator. There is however a gotcha, on any domain > joined windows machine there are two 'Administrators'. One is the local > Administrator and will not be mapped to 'root' and the other is > 'Domain\Administrator', this is the one that is mapped to the Unix user > 'root'. So, if you logged in as just 'Administrator, this is very > likely to be your problem. > > getfacl against my user.map returns the same results as yours and > everything works for me. > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- Elias Pereira