similar to: Group membership not being honored

I have samba server joined to a domain that I'm trying to use ads security and acls on. I can set acls on the Unix file system, and access from a windows client seems to honor them. I can't view the acls under the security tab, all I see are the standard Unix permissions instead. If I try to add an entry to the acl, I get an access denied error, even if the user is on the list of admin

The smbpasswd on my PDC (Solaris 9, Samba 3.026a) will truncate or corrupt passwords over 8 chars. The smbpasswd command on the linux clients (Samba 3.024a) is OK. Anyone know if this is a samba version issue or something solaris specific. Thanks

I've got a samba install on Linux with winbind installed, etc. I've configured it the same as I have under Solaris, but for some reason, I can't chown a file to an AD username. I have joined the box to the domain, I can wbinfo -u/-g and get lists of users and groups on the domain. When I run getent passwd or getent group, however, I don't see any of the domain users and groups.

Hello, I've a share with preset permissions on different directories including acls. So in one folder for example users can only read and into other read and write. Everything works fine. The Problem is if one user decides to change the permission of a file or directory (via Windows) the acls and permissions get are messed up. How can I restrict users from changing permission on a share? I

Guys I was so frustrated about installing samba with ADS and winbind support on solaris 8. After fixing many problems, I am now facing another problem: I created a directory "test" in the samba share and was editing a file under the directory "test" and in the meantime the machine was rebooted. After the machine is started, the whole directory "test" is gone. I

We have a SAMBA built from source code, and we want to enable offline bit in SAMBA, Can anybody can give some advices on this? Thanks. Vincent

On Tue, Jan 13, 2015 at 2:32 PM, Thomas Burger <tburger at eritron.de> wrote: > What works: ... > - getfacl / setfacl setting with domain object names. > > My issue: > Authorization is not working. For example: > - Write list / read list / valid users options in smb.conf are not > honored. ... > - Skipped the samba authorization and moved this to the filesystem

I am having a problem getting Samba to use the linux group membership when following a symlink. On the Linux side, I have a soft link from the user's home directory to the shared directory. ln -s /home/shared/testgroup testshare In the smb.conf I have: [homes] comment = Home Directories browseable = no writable = yes valid users = %S force create mode = 0660 delete

Hello all, after spending the last days fighting and researching I hope someone can point me to an solution here. Even if I am using Debian / Ubuntu since years I wouldn?t consider myself as a Linux professional. I have some experience though. What I try to accomplish: - Centrally administrated groups for file services. Right now it is only one server but there will be more. Setup: - System

> > Can you check if this file exists: > /usr/local/samba/lib/security/pam_winbind.so For historical reasons, I used a prefix of /opt/samba when I compiled: [root at smbfs1 shares]# ls -al /opt/samba/lib/security/pam_winbind.so -rwxr-xr-x 1 root root 63837 Mar 17 19:54 /opt/samba/lib/security/pam_winbind.so relevant config lines in case they are helpful: [global] lock directory =

I'm just finished FreeBSD/AD integration via Kerberos/LDAP and now I can manage unix users/groups from AD. I want to grant access to IMAP based on user membership in certain group. Is it possible? Can you give me some hints? Thanks in advance! -- ? ?????????, ?????? ????? ??? "???????" : ?????????? ??, WEB-?????????? http://www.elantech.ru +7 (495) 589 68 81 +7 (926) 575 22 11

On 15.01.15 09:52, Peter Serbe wrote: > On Tue, Jan 13, 2015 at 2:32 PM, Thomas Burger <tburger at eritron.de> wrote: > >> What works: > ... >> - getfacl / setfacl setting with domain object names. >> >> My issue: >> Authorization is not working. For example: >> - Write list / read list / valid users options in smb.conf are not >>

Rowland Penny schrieb am 15.01.2015 22:00: [RFC2307] > For samba4 active directory, read microsoft AD, so you don't have to > provision anything else, you just need to learn how to properly use what > you already have. > > Rowland Rowland is right, of course. But(!) things might be simpler with the RFC2307 attributes. Without the attributes You need to set the

See inline comments On 23/03/16 15:32, Joseph Dickson wrote: > Greetings! > > I am working with Samba 4 as a domain member fileserver (not a domain > controller, just a normal ads member fileserver). Operating system is > Centos 7. SSSD is configured and pulling information correctly. > > I had to work around a bug that wasn't fixed in a released version, so I am >

On 23/03/16 20:16, Joseph Dickson wrote: >> OK, you should use the standard 'rwx' permissions *or* ACLs, not both. If >> you create a directory on Unix that you want to share, set the owner:group >> to root:'Domain Admins' and permissions to 0770. You will then be able to >> set the permissions from windows or with setfacl on the Unix machine, you >>

On 23/03/16 16:18, Joseph Dickson wrote: > Thanks for the reply! I'm confused on a few bits: > > > To change a users primary group is a bit like jumping through hoops, you >> have to add the user to the group that you want to be the new primary >> group, then change the primaryGroupID attribute to contain the RID of the >> new group and then finally add the user

I was experimenting with centralized administration of Linux administrative privileges, so I created the group. (I have to assume that there's nothing fundamentally wrong with creating a domain group for some special purpose.) I then added to /etc/sudoers: ??? %SAMDOM\\wheel ALL=(ALL:ALL) ALL and to /etc/pam.d/su ??? auth??????? required??? pam_wheel.so use_uid group=SAMDOM\wheel With

Hi, On Tue, Jan 13, 2015 at 2:32 PM, Thomas Burger <tburger at eritron.de> wrote: > Hello all, > > after spending the last days fighting and researching I hope someone can > point me to an solution here. > > Even if I am using Debian / Ubuntu since years I wouldn?t consider myself > as a Linux professional. I have some experience though. > > What I try to

On Fri, 14 Feb 2025 10:03:33 -0500 "John R. Graham via samba" <samba at lists.samba.org> wrote: > On my Linux domain members, group membership for my domain login is > reported as: > > ??? terra #? id SAMDOM\\jgraham > ??? uid=11105(SAMDOM\jgraham) gid=10513(SAMDOM\domain users) > groups=10513(SAMDOM\domain >

> > OK, you should use the standard 'rwx' permissions *or* ACLs, not both. If > you create a directory on Unix that you want to share, set the owner:group > to root:'Domain Admins' and permissions to 0770. You will then be able to > set the permissions from windows or with setfacl on the Unix machine, you > do not need the 'force group' lines in smb.conf,