On 2/1/2021 3:26 PM, Rowland penny via samba wrote:> On 01/02/2021 19:44, Marco Shmerykowsky via samba wrote:
>>>>>> Having said that, if it is only the group you are
worried about, just
>>>>>> fix the smb.conf on the old computer (which at this
stage could just
>>>>>> be restarting Samba) and then fix the group ownership
of the files
>>>>>> and
>>>>>> directories.
>>>>>
>>>>> Out of ignorance, how do I fix the group ownership? of the
files &
>>>>> directories?
>>>>>
>>>>
>>>> This would depend on your computer, at the moment your files
will show
>>>> as belonging to the group 'owners', but if you restart
Samba, it is
>>>> probable they will then show as belonging? to '2011'.
If this is the
>>>> case, then you can use chown or chgrp to change the group
ownership
>>>> back to 'owners'. I am not saying this is going to be a
5 minute job ?
>>>
>>> The directories and files on the server all have the ownership of
>>> "whatever user created the filed ie jdoe" and
"domain users"
>>> and permissions rwxrwx---+
>>>
>>> Access is controlled by the group policies.
>>
>> I guess I'm still unclear on if this is fixable.? If I take
>> a directory listing of anything in the shared directories,
>> I get something like this:
>>
>> drwxrwx---+?? 5 root domain admins? 4096 Jan? 5 13:28 share-1
>> drwxrwx---+?? 9 root domain admins? 4096 Jan? 5 13:28 share-2
>> drwxrwx---+ 744 root domain admins 28672 Jan 26 09:51 share-3
>> drwxrwx---+? 10 root domain admins? 4096 Mar 13? 2020 share-4
>> drwxrwx---+? 14 root domain admins? 4096 Jan 25 16:12 share-5
>
>
> The problem may be that the numeric ID for 'domain admins' might be
wrong.
How would I check this? Is there a recursive way to reset this
so that I can revive the old server prior to putting the new
one together?
>
>>
>> The user/group assignment has looked like this from day one.
>> The only variation it that the "user" changes to match
whatever
>> windows user created the file.? It is not an important attribute
>> and could be reset to one person.
>
>
> From what you are saying, it doesn't sound like you really have a big
> problem.
>
> I would? create a new Unix domain member and create the required share
> structure. Copy the files to the required places on the new Unix domain
> member, then 'chown root:domain admins' the files (you can do this
> recursively by adding '-R' to the command). You can then use
'setfacl'
> to add further users and groups.
>
>>
>> I'm getting that "permission denied" warning on all these
shares.
>> The "group" assigned on Linux hasn't changed from the
original
>> configuration.? How do the Security Groups in Windows AD fit
>> into this?
>
>
> Provided 'getent group THE_GROUP_NAME' displays the groups info on
Unix,
> then Unix knows who they are, if nothing is returned, then Unix cannot
> use them.
>
> You can use Windows to set permissions on Samba shares, see here:
> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
>
> Rowland
>
>
>>
>>
>
>