search for: machine253

...t; # group: root > user::rwx > group::r-x > other::r-x > > So what I am suggesting is that you use 'setfacl' to remove the > extended ACL's, it is the only thing I can see different between my > working system and your non-working system > > Rowland root at machine253:/server# setfacl -b /server/users root at machine253:/server# chmod 0770 /server/programs root at machine253:/server# ls -l total 20 drwxrwx--- 4 root domain admins 4096 Feb 17 19:13 programs root at machine253:/server# getfacl /server/programs getfacl: Removing leading '/' from...

...hat I may have dome something totally stupid due to lack of familiarity with Linux, Windows, etc settings/configurations. However ...... Following https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs ** Samba Extended ACL Support (CHECK - Expected result returned) root at machine253:/# smbd -b |grep HAVE_LIBACL HAVE_LIBACL ** Enable Extended ACL Support in the smb.conf file (CHECK - Specified lines are part of [global] section - Full smb.conf provided) [global] workgroup = INTERNAL security = ADS realm = INTERNAL.COMPANY.COM serve...

...gt;> settings/configurations. >> >> However ...... >> >> Following >> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs >> >> ** Samba Extended ACL Support >> (CHECK - Expected result returned) >> >> root at machine253:/# smbd -b |grep HAVE_LIBACL >> HAVE_LIBACL >> >> ** Enable Extended ACL Support in the smb.conf file >> (CHECK - Specified lines are part of [global] section - Full >> smb.conf provided) >> >> [global] >> workgroup = INTERNAL >&...

...> Marco Shmerykowsky <marco at sce-engineers.com> wrote: > >> >> >> # user administrator workaround >> >> username map = /etc/samba/user.map >> > >> > Just to check, what is in the user.map ? >> >> root at machine253:/etc/samba# cat user.map >> !root = INTERNAL\Administrator INTERNAL\administrator Administrator >> administrator > > That should work. > >> > >> > If you run 'getent group Domain\ Admins', do you get 'Administrator' >> > listed as a...

...t; > >> > So what I am suggesting is that you use 'setfacl' to remove the >> > extended ACL's, it is the only thing I can see different between my >> > working system and your non-working system >> > >> > Rowland >> >> root at machine253:/server# setfacl -b /server/users >> >> root at machine253:/server# chmod 0770 /server/programs >> root at machine253:/server# ls -l >> total 20 >> drwxrwx--- 4 root domain admins 4096 Feb 17 19:13 programs >> >> >> root at machine253:/ser...

...the > >> >> > extended ACL's, it is the only thing I can see > different between > >> >> > my working system and your non-working system > >> >> > > >> >> > Rowland > >> >> > >> >> root at machine253:/server# setfacl -b /server/users > >> >> > >> >> root at machine253:/server# chmod 0770 /server/programs > >> >> root at machine253:/server# ls -l > >> >> total 20 > >> >> drwxrwx--- 4 root domain admins 4096 Feb 1...

...-x > > other::r-x > > > > So what I am suggesting is that you use 'setfacl' to remove the > > extended ACL's, it is the only thing I can see different between my > > working system and your non-working system > > > > Rowland > > root at machine253:/server# setfacl -b /server/users > > root at machine253:/server# chmod 0770 /server/programs > root at machine253:/server# ls -l > total 20 > drwxrwx--- 4 root domain admins 4096 Feb 17 19:13 programs > > > root at machine253:/server# getfacl /server/programs &g...

...I am suggesting is that you use 'setfacl' to remove the > >> > extended ACL's, it is the only thing I can see different between > >> > my working system and your non-working system > >> > > >> > Rowland > >> > >> root at machine253:/server# setfacl -b /server/users > >> > >> root at machine253:/server# chmod 0770 /server/programs > >> root at machine253:/server# ls -l > >> total 20 > >> drwxrwx--- 4 root domain admins 4096 Feb 17 19:13 programs > >> > >&gt...

...k of familiarity with Linux, Windows, etc > settings/configurations. > > However ...... > > Following > https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs > > ** Samba Extended ACL Support > (CHECK - Expected result returned) > > root at machine253:/# smbd -b |grep HAVE_LIBACL > HAVE_LIBACL > > ** Enable Extended ACL Support in the smb.conf file > (CHECK - Specified lines are part of [global] section - Full > smb.conf provided) > > [global] > workgroup = INTERNAL > security = ADS >...

...> > extended ACL's, it is the only thing I can see >> different between >> >> >> > my working system and your non-working system >> >> >> > >> >> >> > Rowland >> >> >> >> >> >> root at machine253:/server# setfacl -b /server/users >> >> >> >> >> >> root at machine253:/server# chmod 0770 /server/programs >> >> >> root at machine253:/server# ls -l >> >> >> total 20 >> >> >> drwxrwx--- 4 root doma...

On Tue, 19 Feb 2019 14:44:05 -0500 Marco Shmerykowsky <marco at sce-engineers.com> wrote: > > >> # user administrator workaround > >> username map = /etc/samba/user.map > > > > Just to check, what is in the user.map ? > > root at machine253:/etc/samba# cat user.map > !root = INTERNAL\Administrator INTERNAL\administrator Administrator > administrator That should work. > > > > If you run 'getent group Domain\ Admins', do you get 'Administrator' > > listed as a group member e.g. > > >...

Perhaps I missed a permission change on the shared directory? It's supposed to be set to 0770, correct? I created the directory from root - can't recall what the permissions where or if I chmod'd it. Would a goof on that result in the inability to set permissions when using the windows administrator account. Basically the behavior I'm seeing? On 2019-02-18 3:36 am, Viktor

...e-engineers.com> wrote: > > > >> > >> >> # user administrator workaround > >> >> username map = /etc/samba/user.map > >> > > >> > Just to check, what is in the user.map ? > >> > >> root at machine253:/etc/samba# cat user.map > >> !root = INTERNAL\Administrator INTERNAL\administrator Administrator > >> administrator > > > > That should work. > > > >> > > >> > If you run 'getent group Domain\ Admins', do you get > >> &...

...gt; > root at sce253:/# ls -la /server > drwxrwx---+ 4 root domain admins 4096 Feb 17 19:13 programs > > ** Login to Windows10 client with INTERNAL\administrator > and launch Server Manager -> Computer Manager > > Action/Connect to another Computer -> Machine253 > > Open System Tools/Shared Folders/Shares menu > > Right click properties of "programs" share > > Share permissions assigned to INTERNAL\programs > (INTERNAL\Programs is a group created which includes > users which are allowed to have acce...

...tch 0770 8) Restore (un-comment) share definition in smb.conf -> [share-files] -> path = /server/share-files -> read only = no 9) smbcontrol all reload-config 10) restart smbd 11) Go into "Computer Management" on windows & get to "Shares" on machine253 Here is what I find odd. The "Share permissions" tab lists one of the groups I previously defined. It is not a windows "built-in" group. I created it using samba-tool on the AD. If I removed the share and then recreated it, I would expect a 'default' listing of grou...

...-> path = /server/share-files > -> read only = no > 9) smbcontrol all reload-config > 10) restart smbd If you do '9', you don't need to do '10' > 11) Go into "Computer Management" on windows & get to > "Shares" on machine253 > > Here is what I find odd. The "Share permissions" tab lists > one of the groups I previously defined. It is not a windows > "built-in" group. I created it using samba-tool on the AD. Ignore the 'shares' tab, just use the 'security' tab, for wh...

...all reload-config >> 10) restart smbd > > If you do '9', you don't need to do '10' Expect both would achieve same. Figured it wouldn't hurt. > >> 11) Go into "Computer Management" on windows & get to >> "Shares" on machine253 >> >> Here is what I find odd. The "Share permissions" tab lists >> one of the groups I previously defined. It is not a windows >> "built-in" group. I created it using samba-tool on the AD. > > Ignore the 'shares' tab, just use the '...

...'10' > > Expect both would achieve same. Figured it wouldn't hurt. Well yes, it doesn't hurt, you just don't need to do both ;-) > > > > >> 11) Go into "Computer Management" on windows & get to > >> "Shares" on machine253 > >> > >> Here is what I find odd. The "Share permissions" tab lists > >> one of the groups I previously defined. It is not a windows > >> "built-in" group. I created it using samba-tool on the AD. > > > > Ignore the 'shar...

...t both would achieve same. Figured it wouldn't hurt. > > Well yes, it doesn't hurt, you just don't need to do both ;-) > >> >> > >> >> 11) Go into "Computer Management" on windows & get to >> >> "Shares" on machine253 >> >> >> >> Here is what I find odd. The "Share permissions" tab lists >> >> one of the groups I previously defined. It is not a windows >> >> "built-in" group. I created it using samba-tool on the AD. >> > >> &gt...