Samba - General mailing list wrote> On Tue, 5 Dec 2017 12:27:24 -0700 (MST) > Mariusz80 via samba <> samba at .samba> > wrote: > >> Samba - General mailing list wrote >> > On Tue, 5 Dec 2017 12:00:55 -0700 (MST) >> > Mariusz80 via samba < >> >> > samba at .samba >> >> > > wrote: >> > >> >> Samba - General mailing list wrote >> >> > On Tue, 5 Dec 2017 11:11:33 -0700 (MST) >> >> > Mariusz80 via samba < >> >> >> >> > samba at .samba >> >> >> >> > > wrote: >> >> > >> >> >> Samba - General mailing list wrote >> >> >> > On Tue, 5 Dec 2017 10:37:02 -0700 (MST) >> >> >> > Mariusz80 via samba < >> >> >> >> >> >> > samba at .samba >> >> >> >> >> >> > > wrote: >> >> >> > >> >> >> >> Hi >> >> >> >> I have a strange problem with Shared folders in MMC. While I >> >> >> >> try to connect to linux machine and list Open files or >> >> >> >> Sessions I got a message "You do not have permission to view >> >> >> >> the list of sessions from Windows clients". The problem >> >> >> >> exists only if I try to connect to linux machines (Windows >> >> >> >> Server is ok), and only for Administrator account. From >> >> >> >> other accounts with Administrator priviliges there is no >> >> >> >> problem at all. >> >> >> >> >> >> >> >> In the logs there is: >> >> >> >> >> >> ../source3/rpc_server/srvsvc/srv_srvsvc_nt.c:1274(_srvsvc_NetFileEnum) >> >> >> >> Enumerating files only allowed for administrators >> >> >> >> >> >> >> >> Any advice? >> >> >> >> >> >> >> >> Thanks >> >> >> >> Mariusz >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> -- >> >> >> >> Sent from: >> >> >> >> http://samba.2283325.n4.nabble.com/Samba-General-f2403709.html >> >> >> >> >> >> >> > >> >> >> > How is Samba set up on the Linux machine ? >> >> >> > >> >> >> > Rowland >> >> >> > >> >> >> > -- >> >> >> > To unsubscribe from this list go to the following URL and read >> >> >> > the instructions: >> >> >> > https://lists.samba.org/mailman/options/samba >> >> >> >> >> >> I did it according to: >> >> >> >> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member >> >> >> My smb.conf: >> >> >> [global] >> >> >> security = ADS >> >> >> workgroup = some >> >> >> realm = some.domain.pl >> >> >> >> >> >> allow trusted domains = Yes >> >> >> winbind use default domain = Yes >> >> >> winbind nss info = rfc2307 >> >> >> winbind refresh tickets = Yes >> >> >> >> >> >> log file = /var/log/samba/%m.log >> >> >> log level = 1 >> >> >> >> >> >> idmap config * : backend = tdb >> >> >> idmap config * : range = 3000-7999 >> >> >> >> >> >> idmap config some : backend = rid >> >> >> idmap config some: range = 10000-999999 >> >> >> >> >> >> winbind nss info = template >> >> >> template shell = /bin/bash >> >> >> template homedir = /home/%U >> >> >> username map = /etc/samba/user.map >> >> >> >> >> >> winbind enum users = yes >> >> >> winbind enum groups = yes >> >> >> >> >> >> vfs objects = acl_xattr >> >> >> map acl inherit = yes >> >> >> store dos attributes = yes >> >> >> >> >> > >> >> > Does 'getent passwd Administrator' give any output ? >> >> > >> >> > If it does, try adding this line to smb.conf: >> >> > >> >> > username map = /etc/samba/user.map >> >> > >> >> > Create the user.map: >> >> > >> >> > nano /etc/samba/user.map >> >> > >> >> > it should contain only: >> >> > >> >> > !root = SAMDOM\Administrator SAMDOM\administrator Administrator >> >> > administrator >> >> > >> >> > That is all on one line, replace 'SAMDOM' with your workgroup >> >> > name and, if required, change the '/etc/samba' path to the path >> >> > to your smb.conf. >> >> > >> >> > Rowland >> >> > >> >> > -- >> >> > To unsubscribe from this list go to the following URL and read >> >> > the instructions: https://lists.samba.org/mailman/options/samba >> >> >> >> getent passwd Administrator >> >> administrator:*:10500:10513::/home/administrator:/bin/bash >> >> >> >> smb.conf already contains user.map >> >> >> > >> > >> > The fact that 'Administrator' has an ID that isn't '0' means that, >> > to Linux, Administrator is just another user and can only do what >> > any normal user can do. >> >> In fact on my dc Administrator has an id=0 and mmc is working >> correctly. How can I solve that ? > > This is because on a DC, the mapping is done in idmap.ldb, so you don't > need the user.map on a DC >> >> >> > You could try running 'net cache flush' >> >> net chache flush doesn't give any output and nothing change. > > If 'doesn't give any output' means that 'getent passwd Administrator' > doesn't show what it did before, then try again from windows, it should > now work. > > If you are still getting output from 'getent passwd Administrator', > please post your smb.conf > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/sambagetent passwd Administrator still shows: administrator:*:10500:10513::/home/administrator:/bin/bash smb.conf: [global] security = ADS workgroup = some realm = some.domain.pl allow trusted domains = Yes winbind use default domain = Yes winbind nss info = rfc2307 winbind refresh tickets = Yes log file = /var/log/samba/%m.log log level = 1 idmap config * : backend = tdb idmap config * : range = 3000-7999 idmap config some : backend = rid idmap config some: range = 10000-999999 winbind nss info = template template shell = /bin/bash template homedir = /home/%U username map = /etc/samba/user.map winbind enum users = yes winbind enum groups = yes vfs objects = acl_xattr map acl inherit = yes store dos attributes = yes -- Sent from: http://samba.2283325.n4.nabble.com/Samba-General-f2403709.html
On Tue, 5 Dec 2017 13:15:53 -0700 (MST) Mariusz80 via samba <samba at lists.samba.org> wrote:> Samba - General mailing list wrote > > On Tue, 5 Dec 2017 12:27:24 -0700 (MST) > > Mariusz80 via samba < > > > samba at .samba > > > > wrote: > > > >> Samba - General mailing list wrote > >> > On Tue, 5 Dec 2017 12:00:55 -0700 (MST) > >> > Mariusz80 via samba < > >> > >> > samba at .samba > >> > >> > > wrote: > >> > > >> >> Samba - General mailing list wrote > >> >> > On Tue, 5 Dec 2017 11:11:33 -0700 (MST) > >> >> > Mariusz80 via samba < > >> >> > >> >> > samba at .samba > >> >> > >> >> > > wrote: > >> >> > > >> >> >> Samba - General mailing list wrote > >> >> >> > On Tue, 5 Dec 2017 10:37:02 -0700 (MST) > >> >> >> > Mariusz80 via samba < > >> >> >> > >> >> >> > samba at .samba > >> >> >> > >> >> >> > > wrote: > >> >> >> > > >> >> >> >> Hi > >> >> >> >> I have a strange problem with Shared folders in MMC. > >> >> >> >> While I try to connect to linux machine and list Open > >> >> >> >> files or Sessions I got a message "You do not have > >> >> >> >> permission to view the list of sessions from Windows > >> >> >> >> clients". The problem exists only if I try to connect to > >> >> >> >> linux machines (Windows Server is ok), and only for > >> >> >> >> Administrator account. From other accounts with > >> >> >> >> Administrator priviliges there is no problem at all. > >> >> >> >> > >> >> >> >> In the logs there is: > >> >> >> >> > >> >> ../source3/rpc_server/srvsvc/srv_srvsvc_nt.c:1274(_srvsvc_NetFileEnum) > >> >> >> >> Enumerating files only allowed for administrators > >> >> >> >> > >> >> >> >> Any advice? > >> >> >> >> > >> >> >> >> Thanks > >> >> >> >> Mariusz > >> >> >> >> > >> >> >> >> > >> >> >> >> > >> >> >> >> -- > >> >> >> >> Sent from: > >> >> >> >> http://samba.2283325.n4.nabble.com/Samba-General-f2403709.html > >> >> >> >> > >> >> >> > > >> >> >> > How is Samba set up on the Linux machine ? > >> >> >> > > >> >> >> > Rowland > >> >> >> > > >> >> >> > -- > >> >> >> > To unsubscribe from this list go to the following URL and > >> >> >> > read the instructions: > >> >> >> > https://lists.samba.org/mailman/options/samba > >> >> >> > >> >> >> I did it according to: > >> >> >> > >> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member > >> >> >> My smb.conf: > >> >> >> [global] > >> >> >> security = ADS > >> >> >> workgroup = some > >> >> >> realm = some.domain.pl > >> >> >> > >> >> >> allow trusted domains = Yes > >> >> >> winbind use default domain = Yes > >> >> >> winbind nss info = rfc2307 > >> >> >> winbind refresh tickets = Yes > >> >> >> > >> >> >> log file = /var/log/samba/%m.log > >> >> >> log level = 1 > >> >> >> > >> >> >> idmap config * : backend = tdb > >> >> >> idmap config * : range = 3000-7999 > >> >> >> > >> >> >> idmap config some : backend = rid > >> >> >> idmap config some: range = 10000-999999 > >> >> >> > >> >> >> winbind nss info = template > >> >> >> template shell = /bin/bash > >> >> >> template homedir = /home/%U > >> >> >> username map = /etc/samba/user.map > >> >> >> > >> >> >> winbind enum users = yes > >> >> >> winbind enum groups = yes > >> >> >> > >> >> >> vfs objects = acl_xattr > >> >> >> map acl inherit = yes > >> >> >> store dos attributes = yes > >> >> >> > >> >> > > >> >> > Does 'getent passwd Administrator' give any output ? > >> >> > > >> >> > If it does, try adding this line to smb.conf: > >> >> > > >> >> > username map = /etc/samba/user.map > >> >> > > >> >> > Create the user.map: > >> >> > > >> >> > nano /etc/samba/user.map > >> >> > > >> >> > it should contain only: > >> >> > > >> >> > !root = SAMDOM\Administrator SAMDOM\administrator > >> >> > Administrator administrator > >> >> > > >> >> > That is all on one line, replace 'SAMDOM' with your workgroup > >> >> > name and, if required, change the '/etc/samba' path to the > >> >> > path to your smb.conf. > >> >> > > >> >> > Rowland > >> >> > > >> >> > -- > >> >> > To unsubscribe from this list go to the following URL and read > >> >> > the instructions: > >> >> > https://lists.samba.org/mailman/options/samba > >> >> > >> >> getent passwd Administrator > >> >> administrator:*:10500:10513::/home/administrator:/bin/bash > >> >> > >> >> smb.conf already contains user.map > >> >> > >> > > >> > > >> > The fact that 'Administrator' has an ID that isn't '0' means > >> > that, to Linux, Administrator is just another user and can only > >> > do what any normal user can do. > >> > >> In fact on my dc Administrator has an id=0 and mmc is working > >> correctly. How can I solve that ? > > > > This is because on a DC, the mapping is done in idmap.ldb, so you > > don't need the user.map on a DC > >> > >> > >> > You could try running 'net cache flush' > >> > >> net chache flush doesn't give any output and nothing change. > > > > If 'doesn't give any output' means that 'getent passwd > > Administrator' doesn't show what it did before, then try again from > > windows, it should now work. > > > > If you are still getting output from 'getent passwd Administrator', > > please post your smb.conf > > > > Rowland > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > getent passwd Administrator still shows: > administrator:*:10500:10513::/home/administrator:/bin/bash > > smb.conf: > [global] > security = ADS > workgroup = some > realm = some.domain.pl > > allow trusted domains = Yes > winbind use default domain = Yes > winbind nss info = rfc2307 > winbind refresh tickets = Yes > > log file = /var/log/samba/%m.log > log level = 1 > > idmap config * : backend = tdb > idmap config * : range = 3000-7999 > > idmap config some : backend = rid > idmap config some: range = 10000-999999 > > winbind nss info = template > template shell = /bin/bash > template homedir = /home/%U > > > username map = /etc/samba/user.map > > winbind enum users = yes > winbind enum groups = yes > > vfs objects = acl_xattr > map acl inherit = yes > store dos attributes = yesOK, I started a VM running a Unix domain member that uses the 'rid' backend and it does work in the same way as yours, I get the same result for 'getent passwd Administrator'. I then started another VM running Windows 7, logged in as Administrator, connected to a share on the Unix domain member and via the security tab for the share, added permissions for another user. So, whilst I didn't expect it to work, it did. Rowland
Samba - General mailing list wrote> On Tue, 5 Dec 2017 13:15:53 -0700 (MST) > Mariusz80 via samba <> samba at .samba> > wrote: > >> Samba - General mailing list wrote >> > On Tue, 5 Dec 2017 12:27:24 -0700 (MST) >> > Mariusz80 via samba < >> >> > samba at .samba >> >> > > wrote: >> > >> >> Samba - General mailing list wrote >> >> > On Tue, 5 Dec 2017 12:00:55 -0700 (MST) >> >> > Mariusz80 via samba < >> >> >> >> > samba at .samba >> >> >> >> > > wrote: >> >> > >> >> >> Samba - General mailing list wrote >> >> >> > On Tue, 5 Dec 2017 11:11:33 -0700 (MST) >> >> >> > Mariusz80 via samba < >> >> >> >> >> >> > samba at .samba >> >> >> >> >> >> > > wrote: >> >> >> > >> >> >> >> Samba - General mailing list wrote >> >> >> >> > On Tue, 5 Dec 2017 10:37:02 -0700 (MST) >> >> >> >> > Mariusz80 via samba < >> >> >> >> >> >> >> >> > samba at .samba >> >> >> >> >> >> >> >> > > wrote: >> >> >> >> > >> >> >> >> >> Hi >> >> >> >> >> I have a strange problem with Shared folders in MMC. >> >> >> >> >> While I try to connect to linux machine and list Open >> >> >> >> >> files or Sessions I got a message "You do not have >> >> >> >> >> permission to view the list of sessions from Windows >> >> >> >> >> clients". The problem exists only if I try to connect to >> >> >> >> >> linux machines (Windows Server is ok), and only for >> >> >> >> >> Administrator account. From other accounts with >> >> >> >> >> Administrator priviliges there is no problem at all. >> >> >> >> >> >> >> >> >> >> In the logs there is: >> >> >> >> >> >> >> >> >> ../source3/rpc_server/srvsvc/srv_srvsvc_nt.c:1274(_srvsvc_NetFileEnum) >> >> >> >> >> Enumerating files only allowed for administrators >> >> >> >> >> >> >> >> >> >> Any advice? >> >> >> >> >> >> >> >> >> >> Thanks >> >> >> >> >> Mariusz >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> -- >> >> >> >> >> Sent from: >> >> >> >> >> >> http://samba.2283325.n4.nabble.com/Samba-General-f2403709.html >> >> >> >> >> >> >> >> >> > >> >> >> >> > How is Samba set up on the Linux machine ? >> >> >> >> > >> >> >> >> > Rowland >> >> >> >> > >> >> >> >> > -- >> >> >> >> > To unsubscribe from this list go to the following URL and >> >> >> >> > read the instructions: >> >> >> >> > https://lists.samba.org/mailman/options/samba >> >> >> >> >> >> >> >> I did it according to: >> >> >> >> >> >> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member >> >> >> >> My smb.conf: >> >> >> >> [global] >> >> >> >> security = ADS >> >> >> >> workgroup = some >> >> >> >> realm = some.domain.pl >> >> >> >> >> >> >> >> allow trusted domains = Yes >> >> >> >> winbind use default domain = Yes >> >> >> >> winbind nss info = rfc2307 >> >> >> >> winbind refresh tickets = Yes >> >> >> >> >> >> >> >> log file = /var/log/samba/%m.log >> >> >> >> log level = 1 >> >> >> >> >> >> >> >> idmap config * : backend = tdb >> >> >> >> idmap config * : range = 3000-7999 >> >> >> >> >> >> >> >> idmap config some : backend = rid >> >> >> >> idmap config some: range = 10000-999999 >> >> >> >> >> >> >> >> winbind nss info = template >> >> >> >> template shell = /bin/bash >> >> >> >> template homedir = /home/%U >> >> >> >> username map = /etc/samba/user.map >> >> >> >> >> >> >> >> winbind enum users = yes >> >> >> >> winbind enum groups = yes >> >> >> >> >> >> >> >> vfs objects = acl_xattr >> >> >> >> map acl inherit = yes >> >> >> >> store dos attributes = yes >> >> >> >> >> >> >> > >> >> >> > Does 'getent passwd Administrator' give any output ? >> >> >> > >> >> >> > If it does, try adding this line to smb.conf: >> >> >> > >> >> >> > username map = /etc/samba/user.map >> >> >> > >> >> >> > Create the user.map: >> >> >> > >> >> >> > nano /etc/samba/user.map >> >> >> > >> >> >> > it should contain only: >> >> >> > >> >> >> > !root = SAMDOM\Administrator SAMDOM\administrator >> >> >> > Administrator administrator >> >> >> > >> >> >> > That is all on one line, replace 'SAMDOM' with your workgroup >> >> >> > name and, if required, change the '/etc/samba' path to the >> >> >> > path to your smb.conf. >> >> >> > >> >> >> > Rowland >> >> >> > >> >> >> > -- >> >> >> > To unsubscribe from this list go to the following URL and read >> >> >> > the instructions: >> >> >> > https://lists.samba.org/mailman/options/samba >> >> >> >> >> >> getent passwd Administrator >> >> >> administrator:*:10500:10513::/home/administrator:/bin/bash >> >> >> >> >> >> smb.conf already contains user.map >> >> >> >> >> > >> >> > >> >> > The fact that 'Administrator' has an ID that isn't '0' means >> >> > that, to Linux, Administrator is just another user and can only >> >> > do what any normal user can do. >> >> >> >> In fact on my dc Administrator has an id=0 and mmc is working >> >> correctly. How can I solve that ? >> > >> > This is because on a DC, the mapping is done in idmap.ldb, so you >> > don't need the user.map on a DC >> >> >> >> >> >> > You could try running 'net cache flush' >> >> >> >> net chache flush doesn't give any output and nothing change. >> > >> > If 'doesn't give any output' means that 'getent passwd >> > Administrator' doesn't show what it did before, then try again from >> > windows, it should now work. >> > >> > If you are still getting output from 'getent passwd Administrator', >> > please post your smb.conf >> > >> > Rowland >> > >> > -- >> > To unsubscribe from this list go to the following URL and read the >> > instructions: https://lists.samba.org/mailman/options/samba >> >> getent passwd Administrator still shows: >> administrator:*:10500:10513::/home/administrator:/bin/bash >> >> smb.conf: >> [global] >> security = ADS >> workgroup = some >> realm = some.domain.pl >> >> allow trusted domains = Yes >> winbind use default domain = Yes >> winbind nss info = rfc2307 >> winbind refresh tickets = Yes >> >> log file = /var/log/samba/%m.log >> log level = 1 >> >> idmap config * : backend = tdb >> idmap config * : range = 3000-7999 >> >> idmap config some : backend = rid >> idmap config some: range = 10000-999999 >> >> winbind nss info = template >> template shell = /bin/bash >> template homedir = /home/%U >> >> >> username map = /etc/samba/user.map >> >> winbind enum users = yes >> winbind enum groups = yes >> >> vfs objects = acl_xattr >> map acl inherit = yes >> store dos attributes = yes > > OK, I started a VM running a Unix domain member that uses the 'rid' > backend and it does work in the same way as yours, I get the same > result for 'getent passwd Administrator'. > > I then started another VM running Windows 7, logged in as > Administrator, connected to a share on the Unix domain member and via > the security tab for the share, added permissions for another user. > > So, whilst I didn't expect it to work, it did. > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/sambaWell permisions are working fine but, if i create for example "new folder" then the owner is root and what about the main problem with mmc. Mariusz -- Sent from: http://samba.2283325.n4.nabble.com/Samba-General-f2403709.html