basti.mueller31 at web.de
2018-Oct-09 15:17 UTC
[Samba] missing group affiliation on ad dc
Might I found (a reason for) my problem. Domain ID's and BUILTIN ID's are overlapping. For example "EXAMPLE\domain admins" has gid "512", "EXAMPLE\backup" has gid "10039" and "BUILTIN\print operators" has 550. Could this be a problem? My strange group/share access-problem stillt exists, I can't figure it out >.< By the way... if my "exampleuser" just try to access the share via windows 10 - everything works without problems!
On Tue, 9 Oct 2018 17:17:44 +0200 basti mueller via samba <samba at lists.samba.org> wrote: First things first, please don't open a new thread for an existing thread.> Might I found (a reason for) my problem. > > Domain ID's and BUILTIN ID's are overlapping.I wouldn't know, you NEVER posted the smb.conf.> > For example "EXAMPLE\domain admins" has gid "512", "EXAMPLE\backup" > has gid "10039" and "BUILTIN\print operators" has 550. Could this be > a problem?As you said, your AD domain was classicupgraded from an existing NT4-style domain, so you will have very low IDs for most if not all your users and groups. Two of the groups you mention are 'Well Known SIDs' and, from the low IDs (which are actually the groups RID), came from the upgrade. This is one of the reasons that I have come round to the opinion it isn't worth the effort to classic upgrade, you will probably find it easier to set up a new domain.>My strange group/share access-problem stillt exists, I > can't figure it out >.< > By the way... if my "exampleuser" just try to access the share via > windows 10 - everything works without problems! >Try posting your smb.conf Rowland