Samba - General mailing list wrote> On Tue, 5 Dec 2017 12:00:55 -0700 (MST) > Mariusz80 via samba <> samba at .samba> > wrote: > >> Samba - General mailing list wrote >> > On Tue, 5 Dec 2017 11:11:33 -0700 (MST) >> > Mariusz80 via samba < >> >> > samba at .samba >> >> > > wrote: >> > >> >> Samba - General mailing list wrote >> >> > On Tue, 5 Dec 2017 10:37:02 -0700 (MST) >> >> > Mariusz80 via samba < >> >> >> >> > samba at .samba >> >> >> >> > > wrote: >> >> > >> >> >> Hi >> >> >> I have a strange problem with Shared folders in MMC. While I >> >> >> try to connect to linux machine and list Open files or Sessions >> >> >> I got a message "You do not have permission to view the list of >> >> >> sessions from Windows clients". The problem exists only if I >> >> >> try to connect to linux machines (Windows Server is ok), >> >> >> and only for Administrator account. From other accounts with >> >> >> Administrator priviliges there is no problem at all. >> >> >> >> >> >> In the logs there is: >> >> >> >> ../source3/rpc_server/srvsvc/srv_srvsvc_nt.c:1274(_srvsvc_NetFileEnum) >> >> >> Enumerating files only allowed for administrators >> >> >> >> >> >> Any advice? >> >> >> >> >> >> Thanks >> >> >> Mariusz >> >> >> >> >> >> >> >> >> >> >> >> -- >> >> >> Sent from: >> >> >> http://samba.2283325.n4.nabble.com/Samba-General-f2403709.html >> >> >> >> >> > >> >> > How is Samba set up on the Linux machine ? >> >> > >> >> > Rowland >> >> > >> >> > -- >> >> > To unsubscribe from this list go to the following URL and read >> >> > the instructions: https://lists.samba.org/mailman/options/samba >> >> >> >> I did it according to: >> >> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member >> >> My smb.conf: >> >> [global] >> >> security = ADS >> >> workgroup = some >> >> realm = some.domain.pl >> >> >> >> allow trusted domains = Yes >> >> winbind use default domain = Yes >> >> winbind nss info = rfc2307 >> >> winbind refresh tickets = Yes >> >> >> >> log file = /var/log/samba/%m.log >> >> log level = 1 >> >> >> >> idmap config * : backend = tdb >> >> idmap config * : range = 3000-7999 >> >> >> >> idmap config some : backend = rid >> >> idmap config some: range = 10000-999999 >> >> >> >> winbind nss info = template >> >> template shell = /bin/bash >> >> template homedir = /home/%U >> >> username map = /etc/samba/user.map >> >> >> >> winbind enum users = yes >> >> winbind enum groups = yes >> >> >> >> vfs objects = acl_xattr >> >> map acl inherit = yes >> >> store dos attributes = yes >> >> >> > >> > Does 'getent passwd Administrator' give any output ? >> > >> > If it does, try adding this line to smb.conf: >> > >> > username map = /etc/samba/user.map >> > >> > Create the user.map: >> > >> > nano /etc/samba/user.map >> > >> > it should contain only: >> > >> > !root = SAMDOM\Administrator SAMDOM\administrator Administrator >> > administrator >> > >> > That is all on one line, replace 'SAMDOM' with your workgroup name >> > and, if required, change the '/etc/samba' path to the path to your >> > smb.conf. >> > >> > Rowland >> > >> > -- >> > To unsubscribe from this list go to the following URL and read the >> > instructions: https://lists.samba.org/mailman/options/samba >> >> getent passwd Administrator >> administrator:*:10500:10513::/home/administrator:/bin/bash >> >> smb.conf already contains user.map >> > > > The fact that 'Administrator' has an ID that isn't '0' means that, to > Linux, Administrator is just another user and can only do what any > normal user can do.In fact on my dc Administrator has an id=0 and mmc is working correctly. How can I solve that ?> You could try running 'net cache flush'net chache flush doesn't give any output and nothing change.> Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/sambaMariusz -- Sent from: http://samba.2283325.n4.nabble.com/Samba-General-f2403709.html
On Tue, 5 Dec 2017 12:27:24 -0700 (MST) Mariusz80 via samba <samba at lists.samba.org> wrote:> Samba - General mailing list wrote > > On Tue, 5 Dec 2017 12:00:55 -0700 (MST) > > Mariusz80 via samba < > > > samba at .samba > > > > wrote: > > > >> Samba - General mailing list wrote > >> > On Tue, 5 Dec 2017 11:11:33 -0700 (MST) > >> > Mariusz80 via samba < > >> > >> > samba at .samba > >> > >> > > wrote: > >> > > >> >> Samba - General mailing list wrote > >> >> > On Tue, 5 Dec 2017 10:37:02 -0700 (MST) > >> >> > Mariusz80 via samba < > >> >> > >> >> > samba at .samba > >> >> > >> >> > > wrote: > >> >> > > >> >> >> Hi > >> >> >> I have a strange problem with Shared folders in MMC. While I > >> >> >> try to connect to linux machine and list Open files or > >> >> >> Sessions I got a message "You do not have permission to view > >> >> >> the list of sessions from Windows clients". The problem > >> >> >> exists only if I try to connect to linux machines (Windows > >> >> >> Server is ok), and only for Administrator account. From > >> >> >> other accounts with Administrator priviliges there is no > >> >> >> problem at all. > >> >> >> > >> >> >> In the logs there is: > >> >> >> > >> ../source3/rpc_server/srvsvc/srv_srvsvc_nt.c:1274(_srvsvc_NetFileEnum) > >> >> >> Enumerating files only allowed for administrators > >> >> >> > >> >> >> Any advice? > >> >> >> > >> >> >> Thanks > >> >> >> Mariusz > >> >> >> > >> >> >> > >> >> >> > >> >> >> -- > >> >> >> Sent from: > >> >> >> http://samba.2283325.n4.nabble.com/Samba-General-f2403709.html > >> >> >> > >> >> > > >> >> > How is Samba set up on the Linux machine ? > >> >> > > >> >> > Rowland > >> >> > > >> >> > -- > >> >> > To unsubscribe from this list go to the following URL and read > >> >> > the instructions: > >> >> > https://lists.samba.org/mailman/options/samba > >> >> > >> >> I did it according to: > >> >> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member > >> >> My smb.conf: > >> >> [global] > >> >> security = ADS > >> >> workgroup = some > >> >> realm = some.domain.pl > >> >> > >> >> allow trusted domains = Yes > >> >> winbind use default domain = Yes > >> >> winbind nss info = rfc2307 > >> >> winbind refresh tickets = Yes > >> >> > >> >> log file = /var/log/samba/%m.log > >> >> log level = 1 > >> >> > >> >> idmap config * : backend = tdb > >> >> idmap config * : range = 3000-7999 > >> >> > >> >> idmap config some : backend = rid > >> >> idmap config some: range = 10000-999999 > >> >> > >> >> winbind nss info = template > >> >> template shell = /bin/bash > >> >> template homedir = /home/%U > >> >> username map = /etc/samba/user.map > >> >> > >> >> winbind enum users = yes > >> >> winbind enum groups = yes > >> >> > >> >> vfs objects = acl_xattr > >> >> map acl inherit = yes > >> >> store dos attributes = yes > >> >> > >> > > >> > Does 'getent passwd Administrator' give any output ? > >> > > >> > If it does, try adding this line to smb.conf: > >> > > >> > username map = /etc/samba/user.map > >> > > >> > Create the user.map: > >> > > >> > nano /etc/samba/user.map > >> > > >> > it should contain only: > >> > > >> > !root = SAMDOM\Administrator SAMDOM\administrator Administrator > >> > administrator > >> > > >> > That is all on one line, replace 'SAMDOM' with your workgroup > >> > name and, if required, change the '/etc/samba' path to the path > >> > to your smb.conf. > >> > > >> > Rowland > >> > > >> > -- > >> > To unsubscribe from this list go to the following URL and read > >> > the instructions: https://lists.samba.org/mailman/options/samba > >> > >> getent passwd Administrator > >> administrator:*:10500:10513::/home/administrator:/bin/bash > >> > >> smb.conf already contains user.map > >> > > > > > > The fact that 'Administrator' has an ID that isn't '0' means that, > > to Linux, Administrator is just another user and can only do what > > any normal user can do. > > In fact on my dc Administrator has an id=0 and mmc is working > correctly. How can I solve that ?This is because on a DC, the mapping is done in idmap.ldb, so you don't need the user.map on a DC> > > > You could try running 'net cache flush' > > net chache flush doesn't give any output and nothing change.If 'doesn't give any output' means that 'getent passwd Administrator' doesn't show what it did before, then try again from windows, it should now work. If you are still getting output from 'getent passwd Administrator', please post your smb.conf Rowland
Samba - General mailing list wrote> On Tue, 5 Dec 2017 12:27:24 -0700 (MST) > Mariusz80 via samba <> samba at .samba> > wrote: > >> Samba - General mailing list wrote >> > On Tue, 5 Dec 2017 12:00:55 -0700 (MST) >> > Mariusz80 via samba < >> >> > samba at .samba >> >> > > wrote: >> > >> >> Samba - General mailing list wrote >> >> > On Tue, 5 Dec 2017 11:11:33 -0700 (MST) >> >> > Mariusz80 via samba < >> >> >> >> > samba at .samba >> >> >> >> > > wrote: >> >> > >> >> >> Samba - General mailing list wrote >> >> >> > On Tue, 5 Dec 2017 10:37:02 -0700 (MST) >> >> >> > Mariusz80 via samba < >> >> >> >> >> >> > samba at .samba >> >> >> >> >> >> > > wrote: >> >> >> > >> >> >> >> Hi >> >> >> >> I have a strange problem with Shared folders in MMC. While I >> >> >> >> try to connect to linux machine and list Open files or >> >> >> >> Sessions I got a message "You do not have permission to view >> >> >> >> the list of sessions from Windows clients". The problem >> >> >> >> exists only if I try to connect to linux machines (Windows >> >> >> >> Server is ok), and only for Administrator account. From >> >> >> >> other accounts with Administrator priviliges there is no >> >> >> >> problem at all. >> >> >> >> >> >> >> >> In the logs there is: >> >> >> >> >> >> ../source3/rpc_server/srvsvc/srv_srvsvc_nt.c:1274(_srvsvc_NetFileEnum) >> >> >> >> Enumerating files only allowed for administrators >> >> >> >> >> >> >> >> Any advice? >> >> >> >> >> >> >> >> Thanks >> >> >> >> Mariusz >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> -- >> >> >> >> Sent from: >> >> >> >> http://samba.2283325.n4.nabble.com/Samba-General-f2403709.html >> >> >> >> >> >> >> > >> >> >> > How is Samba set up on the Linux machine ? >> >> >> > >> >> >> > Rowland >> >> >> > >> >> >> > -- >> >> >> > To unsubscribe from this list go to the following URL and read >> >> >> > the instructions: >> >> >> > https://lists.samba.org/mailman/options/samba >> >> >> >> >> >> I did it according to: >> >> >> >> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member >> >> >> My smb.conf: >> >> >> [global] >> >> >> security = ADS >> >> >> workgroup = some >> >> >> realm = some.domain.pl >> >> >> >> >> >> allow trusted domains = Yes >> >> >> winbind use default domain = Yes >> >> >> winbind nss info = rfc2307 >> >> >> winbind refresh tickets = Yes >> >> >> >> >> >> log file = /var/log/samba/%m.log >> >> >> log level = 1 >> >> >> >> >> >> idmap config * : backend = tdb >> >> >> idmap config * : range = 3000-7999 >> >> >> >> >> >> idmap config some : backend = rid >> >> >> idmap config some: range = 10000-999999 >> >> >> >> >> >> winbind nss info = template >> >> >> template shell = /bin/bash >> >> >> template homedir = /home/%U >> >> >> username map = /etc/samba/user.map >> >> >> >> >> >> winbind enum users = yes >> >> >> winbind enum groups = yes >> >> >> >> >> >> vfs objects = acl_xattr >> >> >> map acl inherit = yes >> >> >> store dos attributes = yes >> >> >> >> >> > >> >> > Does 'getent passwd Administrator' give any output ? >> >> > >> >> > If it does, try adding this line to smb.conf: >> >> > >> >> > username map = /etc/samba/user.map >> >> > >> >> > Create the user.map: >> >> > >> >> > nano /etc/samba/user.map >> >> > >> >> > it should contain only: >> >> > >> >> > !root = SAMDOM\Administrator SAMDOM\administrator Administrator >> >> > administrator >> >> > >> >> > That is all on one line, replace 'SAMDOM' with your workgroup >> >> > name and, if required, change the '/etc/samba' path to the path >> >> > to your smb.conf. >> >> > >> >> > Rowland >> >> > >> >> > -- >> >> > To unsubscribe from this list go to the following URL and read >> >> > the instructions: https://lists.samba.org/mailman/options/samba >> >> >> >> getent passwd Administrator >> >> administrator:*:10500:10513::/home/administrator:/bin/bash >> >> >> >> smb.conf already contains user.map >> >> >> > >> > >> > The fact that 'Administrator' has an ID that isn't '0' means that, >> > to Linux, Administrator is just another user and can only do what >> > any normal user can do. >> >> In fact on my dc Administrator has an id=0 and mmc is working >> correctly. How can I solve that ? > > This is because on a DC, the mapping is done in idmap.ldb, so you don't > need the user.map on a DC >> >> >> > You could try running 'net cache flush' >> >> net chache flush doesn't give any output and nothing change. > > If 'doesn't give any output' means that 'getent passwd Administrator' > doesn't show what it did before, then try again from windows, it should > now work. > > If you are still getting output from 'getent passwd Administrator', > please post your smb.conf > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/sambagetent passwd Administrator still shows: administrator:*:10500:10513::/home/administrator:/bin/bash smb.conf: [global] security = ADS workgroup = some realm = some.domain.pl allow trusted domains = Yes winbind use default domain = Yes winbind nss info = rfc2307 winbind refresh tickets = Yes log file = /var/log/samba/%m.log log level = 1 idmap config * : backend = tdb idmap config * : range = 3000-7999 idmap config some : backend = rid idmap config some: range = 10000-999999 winbind nss info = template template shell = /bin/bash template homedir = /home/%U username map = /etc/samba/user.map winbind enum users = yes winbind enum groups = yes vfs objects = acl_xattr map acl inherit = yes store dos attributes = yes -- Sent from: http://samba.2283325.n4.nabble.com/Samba-General-f2403709.html