Thanks rowald: naw optaing getent group Domain\ Admins domain admins:x:10512:administrator but if I usa administrator to join in the domain i optaing I get that the user does not have the rights to set the permissions to the share wat a war: it dont's want to know :'( Il 13/02/2019 10:37, Rowland Penny via samba ha scritto:> On Wed, 13 Feb 2019 10:11:44 +0100 > marco pirola via samba <samba at lists.samba.org> wrote: > >> Witch aduc on the rsat the user Administrator appared in the group of >> the domain admin but witch the command getent not appared null >> > I had to read that a few times until I understood it ;-) > > The user 'Administrator' is showing as a member of the 'Domain Admins' > group on Windows, but not on the Unix domain member. > > This is strange ? > > Try adding this line to smb.conf: > > winbind expand groups = 2 > > Rowland > > PS I think you mean 'with' instead of 'witch', a witch is something > else entirely ;-) >
On Wed, 13 Feb 2019 10:55:46 +0100 marco pirola via samba <samba at lists.samba.org> wrote:> Thanks rowald: naw optaing getent group Domain\ Admins > domain admins:x:10512:administrator > > but if I usa administrator to join in the domain i optaing > I get that the user does not have the rights to set the permissions > to the share > > wat a war: it dont's want to know :'( >Does: net rpc rights list privileges SeDiskOperatorPrivilege -U "ROBINOOD\administrator" Show 'Domain Admins' having the 'SeDiskOperatorPrivilege' ? Does ls -lad /home/samba/samba/ Show something like this: drwxrwx--- 2 root domain_admins 4096 Feb 12 10:47 /home/samba/samba/ Rowland
Yes , i optaing SeDiskOperatorPrivilege: ROBINOOD\Domain Admins BUILTIN\Administrators Il 13/02/2019 11:11, Rowland Penny via samba ha scritto:> On Wed, 13 Feb 2019 10:55:46 +0100 > marco pirola via samba <samba at lists.samba.org> wrote: > >> Thanks rowald: naw optaing getent group Domain\ Admins >> domain admins:x:10512:administrator >> >> but if I usa administrator to join in the domain i optaing >> I get that the user does not have the rights to set the permissions >> to the share >> >> wat a war: it dont's want to know :'( >> > Does: > > net rpc rights list privileges SeDiskOperatorPrivilege -U "ROBINOOD\administrator" > > Show 'Domain Admins' having the 'SeDiskOperatorPrivilege' ? > > Does ls -lad /home/samba/samba/ > > Show something like this: > > drwxrwx--- 2 root domain_admins 4096 Feb 12 10:47 /home/samba/samba/ > > Rowland >
Hai, (oeps, typed this in the morning )> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > marco pirola via samba > Verzonden: woensdag 13 februari 2019 11:27 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] error on the modificed permission > > Yes , i optaing SeDiskOperatorPrivilege: > ROBINOOD\Domain Admins > BUILTIN\Administrators > > Il 13/02/2019 11:11, Rowland Penny via samba ha scritto: > > On Wed, 13 Feb 2019 10:55:46 +0100 > > marco pirola via samba <samba at lists.samba.org> wrote: > > > >> Thanks rowald: naw optaing getent group Domain\ Admins > >> domain admins:x:10512:administrator > >> > >> but if I usa administrator to join in the domain i optaing > >> I get that the user does not have the rights to set the permissions > >> to the share > >> > >> wat a war: it dont's want to know :'( > >> > > Does: > > > > net rpc rights list privileges SeDiskOperatorPrivilege -U > "ROBINOOD\administrator" > > > > Show 'Domain Admins' having the 'SeDiskOperatorPrivilege' ? > > > > Does ls -lad /home/samba/samba/ > > > > Show something like this: > > > > drwxrwx--- 2 root domain_admins 4096 Feb 12 10:47 /home/samba/samba/The folder below the shared folder needs correct rights also. Try to set this. If this is the samba home : /home/samba And you sharing /home/samba/samba/ as \\server\samba Then set 3775 : on /home/samba chown root:Domain\ Admins /home/samba chmod 3775 /home/samba chown root:Domain\ Admins /home/samba/samba chmod 3775 /home/samba/samba Now try again. If its not working, try again but set 3777 on all, create a folder, check the acl's. I normaly start like this. Bit explained, this is "LOCAL" access on the linux server install -d /home/samba -o root -g "administrators" -m 3775 Im using "BUILTIN\Administrators" because thats "normaly" a LOCAL group. And "Domain Admins" is member of "BUILTIN\Administrators" This is the "REMOTE" acces on the linux server. install -d /home/samba/samba -o root -g "Domain Admins" -m 3775 As of this point the Domain Admins administer the rights on the shares. Greetz, Louis