Ahh, yes good one, totaly forgot about that one. That also possible. Just one more thing.. And I dont understand this... Because.. And im sorry to say.. You .. Should .. Know .. This .. This share.> [rsnapshots] > path = /mnt/rsnapshots > read only = Yes > valid users = problem-user, sgwNow, you tell my, why are you using valid users here and explain also why your not using groups.. Let me me guess. Because that was the quick solution.. And later on you never changed it.. Use groups... Always, even it its for only 1 users. So change that : valid users = @YourGroup Or "@Your Group" And use a group from the AD not local linux. * you can combine these without problems. I have local linux groups and windows groups for allowing ssh access for example. Everthing is in the windows groups, except the special linux user that has local group rights. Im saying this because it will lower the pressure of maintaining the network. And that is a thing you want. USE GROUPS EVERYWHERE. Best advice i can give here. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Stefan G. Weichinger via samba > Verzonden: dinsdag 6 augustus 2019 16:26 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] more cleanup: mis-named AD user > > Am 06.08.19 um 16:13 schrieb Stefan G. Weichinger via samba: > > >> Last question that share, any special settings? > > > > The working share: > > > > > > [rsnapshots] > > path = /mnt/rsnapshots > > read only = Yes > > valid users = problem-user, sgw > > > > ;-) > > > > > > a fellow admin points me at this: > > https://support.microsoft.com/de-at/help/4026814/windows-accessing-credential-manager> > will check asap > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
Am 06.08.19 um 16:42 schrieb L.P.H. van Belle via samba:> Ahh, yes good one, totaly forgot about that one. > That also possible.Solved. He had the main network share connected via Administrator. The changed password let it fail ... now he uses his own user. nice "smbstatus" now: great> Just one more thing.. And I dont understand this... Because.. > And im sorry to say.. > > You .. Should .. Know .. This ..Yes, I do.> This share. > >> [rsnapshots] >> path = /mnt/rsnapshots >> read only = Yes >> valid users = problem-user, sgw > > Now, you tell my, why are you using valid users here and explain also why your not using groups.. > Let me me guess. Because that was the quick solution.. And later on you never changed it..exactly. These shares are >10 yrs old ... come from NT4-domain-style-times.> Use groups... Always, even it its for only 1 users. > > So change that : valid users = @YourGroup > Or "@Your Group" > And use a group from the AD not local linux. > > * you can combine these without problems. > I have local linux groups and windows groups for allowing ssh access for example. > Everthing is in the windows groups, except the special linux user that has local group rights. > > > Im saying this because it will lower the pressure of maintaining the network. > And that is a thing you want. > > USE GROUPS EVERYWHERE. Best advice i can give here.ay, sir, will edit. I even *have* a group for that (for the GPO ...)
On 07/08/2019 10:11, Stefan G. Weichinger via samba wrote:> Am 06.08.19 um 16:42 schrieb L.P.H. van Belle via samba: >> Ahh, yes good one, totaly forgot about that one. >> That also possible. > Solved. He had the main network share connected via Administrator. > > The changed password let it fail ... now he uses his own user. > > nice "smbstatus" now: greatTold you, now forget to tell him the Administrator password, or he will do something similar again, been there, done that ;-) Rowland
Am 07.08.19 um 11:11 schrieb Stefan G. Weichinger via samba:>> Use groups... Always, even it its for only 1 users. >> >> So change that : valid users = @YourGroup >> Or "@Your Group" >> And use a group from the AD not local linux. >> >> * you can combine these without problems. >> I have local linux groups and windows groups for allowing ssh access for example. >> Everthing is in the windows groups, except the special linux user that has local group rights. >> >> >> Im saying this because it will lower the pressure of maintaining the network. >> And that is a thing you want. >> >> USE GROUPS EVERYWHERE. Best advice i can give here.tryring to cleanup some such shares @mitarbeiter matches a local unix group (which is empty) ... and not the DOMAIN\mitarbeiter group ... # wbinfo --group-info=mitarbeiter mitarbeiter:x:13218: *sigh* Maybe that ist mapped in a way, I don't know anymore. "mitarbeiter" is not in /etc/group so it seems to come in via winbind (according to nsswitch.conf)