Am 25.02.20 um 14:51 schrieb Rowland penny via samba:> On 25/02/2020 13:37, Stefan G. Weichinger via samba wrote: >> right now, will retest. >>> OK, I give in, I will alter the wiki page, if you use the 'rid' or >>> 'autorid'? backend, you can use Domain Admins, just do not give Domain >>> Admins a gidNumber. >> 1) why and how could I have done that? > Sorry, but I cannot remember just what backend everybody uses, in your > case you would have no reason too ;-) >> >> 2) this leads to another issue with locales and umlauts: >> >> I can't "chgrp dom?nen-admins", in german it's "dom?nen-admins", on bash >> shell it looks like > Have you considered moving to the UK, we don't have those funny marks > here ;-) >> >> -> >> >> >> # wbinfo -g >> dom?nencomputer >> dom?nencontroller >> dom?nen-admins >> dom?nen-benutzer >> dom?nen-g?ste >> >> >> # wbinfo --group-info="dom?nen-admins" >> failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND >> Could not get info for group dom?nen-admins >> >> Do I have to log in with US locale? > > No and if you did, I don't think it would fix this problem, is locales > setup correctly ?I think so. Tested with US locale, no change. I now figured out to do: # chown -R 10500:10512 * But access from windows still is problematic with the DOM\Administrator :-(> Having said that, you should be using 'getent group Domain Admins' > (where 'Domain Admins' is replaced with your version (sorry, but as I > said, we don't have those funny marks))Not my idea. AD DC delivers the names like that.
On 25/02/2020 13:59, Stefan G. Weichinger via samba wrote:> Am 25.02.20 um 14:51 schrieb Rowland penny via samba: >> On 25/02/2020 13:37, Stefan G. Weichinger via samba wrote: >>> right now, will retest. >>>> OK, I give in, I will alter the wiki page, if you use the 'rid' or >>>> 'autorid'? backend, you can use Domain Admins, just do not give Domain >>>> Admins a gidNumber. >>> 1) why and how could I have done that? >> Sorry, but I cannot remember just what backend everybody uses, in your >> case you would have no reason too ;-) >>> 2) this leads to another issue with locales and umlauts: >>> >>> I can't "chgrp dom?nen-admins", in german it's "dom?nen-admins", on bash >>> shell it looks like >> Have you considered moving to the UK, we don't have those funny marks >> here ;-) >>> -> >>> >>> >>> # wbinfo -g >>> dom?nencomputer >>> dom?nencontroller >>> dom?nen-admins >>> dom?nen-benutzer >>> dom?nen-g?ste >>> >>> >>> # wbinfo --group-info="dom?nen-admins" >>> failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND >>> Could not get info for group dom?nen-admins >>> >>> Do I have to log in with US locale? >> No and if you did, I don't think it would fix this problem, is locales >> setup correctly ? > I think so. > > Tested with US locale, no change. > > I now figured out to do: > > # chown -R 10500:10512 * > > But access from windows still is problematic with the DOM\Administrator :-(Hmm, what is the German for Administrator ?> >> Having said that, you should be using 'getent group Domain Admins' >> (where 'Domain Admins' is replaced with your version (sorry, but as I >> said, we don't have those funny marks)) > Not my idea. AD DC delivers the names like that.Never said it was ;-) Rowland
Am 25.02.20 um 15:04 schrieb Rowland penny via samba:>> But access from windows still is problematic with the >> DOM\Administrator :-( > Hmm, what is the German for Administrator ?same # net rpc rights list privileges SeDiskOperatorPrivilege -U "CUSTOMER\administrator" Enter CUSTOMER\administrator's password: SeDiskOperatorPrivilege: CUSTOMER\Administrator BUILTIN\Administrators CUSTOMER\IT Back then I created the group IT for that reason, and added the users/groups CUSTOMER\administrator CUSTOMER\myuser to that group This should work like your example group "Unix Admins" (I assume). can't grant the privilege directly to "dom?nen-admins" because of the umlaut issue.