search for: secauthz

Hi Rowland >Hi Marcio, we would need more info, where are you migrating the home folders from ? and where to ? I copied Windows Server 2008 folders and permissions with ROBOCOPY to my Samba 4 server. >I know you mentioned a Win 2008 server, are the home folders stored on that ? The personal folders were stored on it (Windows), but now they are on my new Samba 4 file server. >Another

...decipher it, for instance, (A;OICIIO;WOWDGRGWGX;;;CO) is: (ACCESS_ALLOWED_ACE_TYPE;OBJECT_INHERIT_ACE CONTAINER_INHERIT_ACE INHERIT_ONLY_ACE;WRITE_OWNER WRITE_DAC GENERIC_READ GENERIC_WRITE GENERIC_EXECUTE;;;SECURITY_CREATOR_OWNER_RID) See here: https://docs.microsoft.com/en-us/windows/win32/secauthz/ace-strings and here: https://docs.microsoft.com/en-us/windows/win32/secauthz/sid-strings?redirectedfrom=MSDN Rowland

...utput command: samba-tool ntacl get /var/lib/samba/sysvol --as-sddl O:LAG:S-1-22-2-0D:(A;;0x001f01ff;;;LA)(A;;0x001200a9;;;S-1-22-2-0)(A;;0x001200a9;;;WD)(A;OICIIO;0x001f01ff;;;CO)(A;OICIIO;0x001200a9;;;CG)(A;OICIIO;0x001200a9;; ;WD) >See here: >https://docs.microsoft.com/en-us/windows/win32/secauthz/ace-strings >and here: > https://docs.microsoft.com/en-us/windows/win32/secauthz/sid-strings?redirectedfrom=MSDN Sorry, I accessed the links, read the content and found it very complicated. I confess that I understood practically nothing. I checked out another strange situation. I am apply...

On Thu, 2019-06-13 at 17:10 +0100, Rowland penny via samba wrote: > I do not really care what Microsoft calls them, to me a SID identifies a > domain, a RID identifies an object in a domain and a SID-RID is a > combination of the two and identifies an object in a particular domain. > > If you want to call a SID-RID a SID, be my guest, I will not stop you ;-) Rowland, it helps

...S ACL's are stored in in a file security.NTACL, this is a an Extended Attribute. This is used with the Unix permissions to set the ACL's you get with getfacl. This is probably as clear as mud, but it is a very complicated, try reading this: https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/ace-strings Also reading 'man vfs_acl_xattr' might help Rowland

Morning all. I am reading trough https://www.samba.org/samba/docs/current/man-html/smb.conf.5.html As I was curious what exactly 'map acl inherit' does. "This boolean parameter is only relevant for systems that do not support standardized NFS4 ACLs but only a POSIX draft implementation of ACLs. Linux is the only common UNIX system which does still not offer standardized NFS4 ACLs

...ed? > > https://wiki.samba.org/index.php/Samba_Member_Server_Troubleshooting > > No, I mean SePrivileges in general. What would I want them for? Old but shows enough: https://www.samba.org/samba/docs/old/Samba3-HOWTO/rights.html And : https://docs.microsoft.com/en-us/windows/desktop/secauthz/privileges > > >>> Windows and it updates are moving fast > >> > >> Sure, but not really relevant here, since the member server broke > >> authentication for all client OSes, not just Windows clients. > >> `smbclient > >> -L //localhos...

Hello, I'm really stumped and would greatly appreciate some help. *Situation* I have a couple windows 10 pro hosts that I have joined to a Samba4 AD domain. I have created 3 users in the domain, one that is a member of Domain Admins and two that are only members of the Domain Users group. I have two samba shares (details below) on a separate samba file server. The share permissions were

HOn Tue, 26 Mar 2019 09:29:41 +0000 Rowland Penny via samba <samba at lists.samba.org> wrote: > On Tue, 26 Mar 2019 05:18:20 +0100 > Franta Hanzlík <franta at hanzlici.cz> wrote: > > > Hi Tim and Rowland, thanks for Your support! > > I was thinking about e.g. Python 2.7.15 compatibility (as newer Samba > > versions require Python3), but You are right, here

Hai Sven, And still i see/think you should change some things to get a better base setup. And no its not bike shedding.... It is making a standard setup, work from there. [libdefaults] default_realm = AD.TAO.AT dns_lookup_realm = true < if you have multple REALM, else false. (default_realm = AD.TAO.AT) dns_lookup_kdc = true Checking file: /etc/nsswitch.conf passwd: files