On Thu, 18 Jun 2020 16:29:43 +0100 Rowland penny via samba <samba at lists.samba.org> wrote:> On 18/06/2020 15:57, Enrico Morelli via samba wrote: > > Now I'm trying to implement a new AD DC server on a debian 10. > > I'm able to join a windows 10 pc into the domain, but I don't > > understand how to create users, home directories and profiles. > > I navigated in the Wiki but the information are too fragmented so I > > don't understand what I've to do. > > You need a profile share (at least), see here: > > https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles > > For the users home directory, see here: > > https://wiki.samba.org/index.php/User_Home_Folders > > Any questions, please ask ;-) > > Rowland > > >Can you help me again this? Thanks Thanks, I don't understand well the "Granting the SeDiskOperatorPrivilege Privilege" section. Where and how can I create the "Unix Admins" (as in the command below) group and how can add members to this group? net rpc rights grant "SAMDOM\Unix Admins" SeDiskOperatorPrivilege -U "SAMDOM\administrator" -- ----------------------------------------------------------- Enrico Morelli System Administrator | Programmer | Web Developer CERM - Polo Scientifico via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY ------------------------------------------------------------
On 22/06/2020 08:37, Enrico Morelli wrote:> Can you help me again this? Thanks > > Thanks, I don't understand well the "Granting the > SeDiskOperatorPrivilege Privilege" section. > > Where and how can I create the "Unix Admins" (as in the command > below) group and how can add members to this group?You create the 'Unix Admins' group in the same way as you would create any other AD group, you can use ADUC, samba-tool, LAM, ADMan, etc. You must give the new group a gidNumber and make it a member of 'Domain Admins', you then add users to the new group. Rowland
On Mon, 22 Jun 2020 09:04:55 +0100 Rowland penny via samba <samba at lists.samba.org> wrote:> On 22/06/2020 08:37, Enrico Morelli wrote: > > Can you help me again this? Thanks > > > > Thanks, I don't understand well the "Granting the > > SeDiskOperatorPrivilege Privilege" section. > > > > Where and how can I create the "Unix Admins" (as in the command > > below) group and how can add members to this group? > > You create the 'Unix Admins' group in the same way as you would > create any other AD group, you can use ADUC, samba-tool, LAM, ADMan, > etc. You must give the new group a gidNumber and make it a member of > 'Domain Admins', you then add users to the new group. > > Rowland > > >I did: # samba-tool group add "Unix Admins" --gid-number=12345 --nis-domain=cerm # net rpc rights grant "CERM\Unix Admins" SeDiskOperatorPrivilege -U "CERM\administrator" # samba-tool user create morelli --home-directory=/home/win_shares/homes/morelli --gid-number=12345 Next I followed the instructions to Setting Share Permissions and ACLs. I did login as morelli, but in the /home/win_shares/homes share properties I haven't the Security tab. So I tried: samba-tool group addmembers Administrators "Unix Admins" samba-tool group addmembers "Unix Admins" morelli But again, after logout/login as morelli, I'm unable to see Security tab. Where am I wrong? -- ----------------------------------------------------------- Enrico Morelli System Administrator | Programmer | Web Developer CERM - Polo Scientifico via Sacconi, 6 - 50019 Sesto Fiorentino (FI) - ITALY ------------------------------------------------------------