Hi,
I try to formulate the question better! :)
I’ve successfully joined an ubuntu 16.04 machine, as member server, to an active
directory domain Windows server 2012 R2 following the instructions in the
wiki.samba.org “Setting up Samba as a Domain Member” now I set the acls using
Windows acl on a share. For that I followed the instruction in the “Setting up a
Share Using Windows ACLs” in the wiki. I also granted the
SeDiskOperatorPrivilege to the 'Domain admins' group.
But when I try to manage the computer with the ‘computer management’ mmc snap-in
from Windows as a user member of 'Domain admins' group, when I right
click on the share and click on properties the 'security' tab is missing
(see the attached screenshot).
Where is the problem or how can I troubleshoot the problem?
This is my smb.conf
-----------------------------------------------------
[global]
workgroup = COM_SPOLETO
realm = COMUNE.SPOLETO.LOCAL
client signing = yes
client use spnego = yes
kerberos method = secrets and keytab
security = ads
bind interfaces only = yes
interfaces = lo enp0s3
enable privileges = yes
idmap config * : backend = tdb
idmap config * : range = 2000-9999
idmap config COM_SPOLETO : backend = rid
idmap config COM_SPOLETO : range = 10000-999999
username map = /etc/samba/user.map
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
winbind refresh tickets = Yes
server string = %h server (Samba, Ubuntu)
dns proxy = no
log file = /var/log/samba/log.%m
log level = 1
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
server role = member server
passdb backend = tdbsam
map to guest = bad user
usershare allow guests = no
[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = no
read only = yes
create mask = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
[geoportale-lizmap]
comment = Progetti QGIS per Lizmap
path = /opt/shares/geoportale-lizmap
read only = no
inherit acls = yes
Inviato da Posta per Windows 10
On Fri, 23 Feb 2018 09:47:51 +0100 Andrea Rossetti via samba <samba at lists.samba.org> wrote:> Hi, > I try to formulate the question better! :) > I’ve successfully joined an ubuntu 16.04 machine, as member server, > to an active directory domain Windows server 2012 R2 following the > instructions in the wiki.samba.org “Setting up Samba as a Domain > Member” now I set the acls using Windows acl on a share. For that I > followed the instruction in the “Setting up a Share Using Windows > ACLs” in the wiki. I also granted the SeDiskOperatorPrivilege to the > 'Domain admins' group. But when I try to manage the computer with the > ‘computer management’ mmc snap-in from Windows as a user member of > 'Domain admins' group, when I right click on the share and click on > properties the 'security' tab is missing (see the attached > screenshot). Where is the problem or how can I troubleshoot the > problem? >Are you sure this isn't a windows problem ? Rowland
On Fri, 23 Feb 2018 10:27:13 +0100 Andrea Rossetti <andy.ros at gmail.com> wrote:> I don’t think because I have another machine that instead work and > the security tab is present. >If it works on one windows machine, but not on another, then it sounds more & more like a problem with that particular windows machine. Rowland
P.S. Not mentioned on that site, but you might need to update the ADMX templates of Win 10. Goto => C:\Windows PolicyDefinitions and change 'PolicyDefinitions folder' to PolicyDefinitions.OLD Download the Administrative Templates (.ADMX) MSI-bestand for Windows 10 here https://www.microsoft.com/en-us/download/confirmation.aspx?id=53430 ( there might be and more up todate version, google for that ) Run : ADMX.msi (Selecteer option: for all users. ) Its installed in C:\Program Files (x86)\Microsoft GroupPolicies Windows 10 en Windows Server 2016 Ga naar => C:\Program Files (x86)\Microsoft GroupPolicies Windows 10 en Windows Server 2016\PolicyDefinitions Kopy PolicyDefinitions folder and past it in C:\Windows Run : gpme.smc and revie the policies. Or run RSOP.msc and review it from there, ! If rsop.msc ask for credentials, use your own, NOT administrators. I also suggest, reboot, login, logout, reboot, login, and now check again. Why, some policies may need 2 reboots. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > L.P.H. van Belle via samba > Verzonden: vrijdag 23 februari 2018 11:07 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] R: Missing 'security' tab > > > Check this first. > https://www.itechtics.com/3-ways-showhide-security-tab-windows-10/ > > Greetz, > > Louis > > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > Rowland Penny via samba > > Verzonden: vrijdag 23 februari 2018 11:03 > > Aan: samba at lists.samba.org > > Onderwerp: Re: [Samba] R: Missing 'security' tab > > > > On Fri, 23 Feb 2018 10:27:13 +0100 > > Andrea Rossetti <andy.ros at gmail.com> wrote: > > > > > I don’t think because I have another machine that instead work and > > > the security tab is present. > > > > > > > If it works on one windows machine, but not on another, > then it sounds > > more & more like a problem with that particular windows machine. > > > > Rowland > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
I apologize overturned the sentence, rewrite it properly! I explain better: I have another linux machine added to the domain but from the same windows stain to which I log in with a domain admins account, if I connect to this other machine I see the tab security but if I connect to this machine I do not see the tab security Inviato da Posta per Windows 10 Da: Rowland Penny via samba Inviato: venerdì 23 febbraio 2018 11:04 A: samba at lists.samba.org Oggetto: Re: [Samba] R: Missing 'security' tab On Fri, 23 Feb 2018 10:27:13 +0100 Andrea Rossetti <andy.ros at gmail.com> wrote:> I don’t think because I have another machine that instead work and > the security tab is present. >If it works on one windows machine, but not on another, then it sounds more & more like a problem with that particular windows machine. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
I still have this problem can anyone help me to solve or troubleshoot it? I also have another samba member server apparently identical (and apparently configured identical) that instead work well. See also this screenshot https://imagebin.ca/v/3t1ykTpRAIzR Inviato da Posta per Windows 10 Da: Andrea Rossetti Inviato: venerdì 23 febbraio 2018 09:47 A: samba at lists.samba.org Oggetto: Missing 'security' tab Hi, I try to formulate the question better! :) I’ve successfully joined an ubuntu 16.04 machine, as member server, to an active directory domain Windows server 2012 R2 following the instructions in the wiki.samba.org “Setting up Samba as a Domain Member” now I set the acls using Windows acl on a share. For that I followed the instruction in the “Setting up a Share Using Windows ACLs” in the wiki. I also granted the SeDiskOperatorPrivilege to the 'Domain admins' group. But when I try to manage the computer with the ‘computer management’ mmc snap-in from Windows as a user member of 'Domain admins' group, when I right click on the share and click on properties the 'security' tab is missing (see the attached screenshot). Where is the problem or how can I troubleshoot the problem? This is my smb.conf ----------------------------------------------------- [global] workgroup = COM_SPOLETO realm = COMUNE.SPOLETO.LOCAL client signing = yes client use spnego = yes kerberos method = secrets and keytab security = ads bind interfaces only = yes interfaces = lo enp0s3 enable privileges = yes idmap config * : backend = tdb idmap config * : range = 2000-9999 idmap config COM_SPOLETO : backend = rid idmap config COM_SPOLETO : range = 10000-999999 username map = /etc/samba/user.map vfs objects = acl_xattr map acl inherit = yes store dos attributes = yes winbind refresh tickets = Yes server string = %h server (Samba, Ubuntu) dns proxy = no log file = /var/log/samba/log.%m log level = 1 max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d server role = member server passdb backend = tdbsam map to guest = bad user usershare allow guests = no [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes guest ok = no read only = yes create mask = 0700 [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no [geoportale-lizmap] comment = Progetti QGIS per Lizmap path = /opt/shares/geoportale-lizmap read only = no inherit acls = yes Inviato da Posta per Windows 10
How is the share path "/opt/shares/geoportale-lizmap" mounted? Is it mounted with "acl,user_xattr" options? Claudio Il 26/02/2018 12:41, Andrea Rossetti via samba ha scritto:> I still have this problem can anyone help me to solve or troubleshoot it? > I also have another samba member server apparently identical (and apparently configured identical) that instead work well. > > See also this screenshot > https://imagebin.ca/v/3t1ykTpRAIzR > > Inviato da Posta per Windows 10 > > Da: Andrea Rossetti > Inviato: venerdì 23 febbraio 2018 09:47 > A: samba at lists.samba.org > Oggetto: Missing 'security' tab > > Hi, > I try to formulate the question better! :) > I’ve successfully joined an ubuntu 16.04 machine, as member server, to an active directory domain Windows server 2012 R2 following the instructions in the wiki.samba.org “Setting up Samba as a Domain Member” now I set the acls using Windows acl on a share. For that I followed the instruction in the “Setting up a Share Using Windows ACLs” in the wiki. I also granted the SeDiskOperatorPrivilege to the 'Domain admins' group. > But when I try to manage the computer with the ‘computer management’ mmc snap-in from Windows as a user member of 'Domain admins' group, when I right click on the share and click on properties the 'security' tab is missing (see the attached screenshot). > Where is the problem or how can I troubleshoot the problem? > > This is my smb.conf > ----------------------------------------------------- > [global] > workgroup = COM_SPOLETO > realm = COMUNE.SPOLETO.LOCAL > client signing = yes > client use spnego = yes > kerberos method = secrets and keytab > security = ads > bind interfaces only = yes > interfaces = lo enp0s3 > enable privileges = yes > idmap config * : backend = tdb > idmap config * : range = 2000-9999 > idmap config COM_SPOLETO : backend = rid > idmap config COM_SPOLETO : range = 10000-999999 > username map = /etc/samba/user.map > vfs objects = acl_xattr > map acl inherit = yes > store dos attributes = yes > winbind refresh tickets = Yes > server string = %h server (Samba, Ubuntu) > dns proxy = no > log file = /var/log/samba/log.%m > log level = 1 > max log size = 1000 > syslog = 0 > panic action = /usr/share/samba/panic-action %d > server role = member server > passdb backend = tdbsam > map to guest = bad user > usershare allow guests = no > > [printers] > comment = All Printers > browseable = no > path = /var/spool/samba > printable = yes > guest ok = no > read only = yes > create mask = 0700 > > [print$] > comment = Printer Drivers > path = /var/lib/samba/printers > browseable = yes > read only = yes > guest ok = no > > [geoportale-lizmap] > comment = Progetti QGIS per Lizmap > path = /opt/shares/geoportale-lizmap > read only = no > inherit acls = yes > > Inviato da Posta per Windows 10 > >