Am 25.02.20 um 14:16 schrieb Rowland penny via samba:> Do you have a user.map line in smb.conf ? > > Something like this: > > username map = /etc/samba/smb.confIt should be more like: username map = /etc/samba/samba_usermapping and not point to smb.conf, right? ;-)> Which contains something like this: > > !root = DOMAIN\Administrator# cat /etc/samba/samba_usermapping !root = CST\Administrator CST\administrator
On 25/02/2020 13:24, Stefan G. Weichinger via samba wrote:> Am 25.02.20 um 14:16 schrieb Rowland penny via samba: > >> Do you have a user.map line in smb.conf ? >> >> Something like this: >> >> username map = /etc/samba/smb.conf > It should be more like: > > username map = /etc/samba/samba_usermapping > > and not point to smb.conf, right? ;-)DOH, yes, this is what you get with arguing with your brother about what the EU wants whilst trying to type something ;-)>> Which contains something like this: >> >> !root = DOMAIN\Administrator > > # cat /etc/samba/samba_usermapping > !root = CST\Administrator CST\administratorHave you run 'net cache flush' ? OK, I give in, I will alter the wiki page, if you use the 'rid' or 'autorid'? backend, you can use Domain Admins, just do not give Domain Admins a gidNumber. Rowland
Am 25.02.20 um 14:30 schrieb Rowland penny via samba:> On 25/02/2020 13:24, Stefan G. Weichinger via samba wrote: >> Am 25.02.20 um 14:16 schrieb Rowland penny via samba: >> >>> Do you have a user.map line in smb.conf ? >>> >>> Something like this: >>> >>> username map = /etc/samba/smb.conf >> It should be more like: >> >> username map = /etc/samba/samba_usermapping >> >> and not point to smb.conf, right? ;-) > DOH, yes, this is what you get with arguing with your brother about what > the EU wants whilst trying to type something ;-);-)>>> Which contains something like this: >>> >>> !root = DOMAIN\Administrator >> >> # cat /etc/samba/samba_usermapping >> !root = CST\Administrator CST\administrator > Have you run 'net cache flush' ?right now, will retest.> OK, I give in, I will alter the wiki page, if you use the 'rid' or > 'autorid'? backend, you can use Domain Admins, just do not give Domain > Admins a gidNumber.1) why and how could I have done that? 2) this leads to another issue with locales and umlauts: I can't "chgrp dom?nen-admins", in german it's "dom?nen-admins", on bash shell it looks like -> # wbinfo -g dom?nencomputer dom?nencontroller dom?nen-admins dom?nen-benutzer dom?nen-g?ste # wbinfo --group-info="dom?nen-admins" failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for group dom?nen-admins Do I have to log in with US locale? any hints how to fix that? thanks! and greetings to your brother.
Am 25.02.20 um 14:30 schrieb Rowland penny via samba:> OK, I give in, I will alter the wiki page, if you use the 'rid' or > 'autorid'? backend, you can use Domain Admins, just do not give Domain > Admins a gidNumber.While you're at it ;-) It also isn't clear to me where "Unix Admins" comes from. I have to add that group on the DC, add my admin-users ... right? Then grant the SeDiskOperatorPrivilege ... then chgrp the files in the share?