Displaying 20 results from an estimated 10000 matches similar to: "W7 client cannot adjust file permissions via ADUC"
2015 Jan 28
1
W7 client cannot adjust file permissions via ADUC
Hi Bob,
Set the rights like this.
> /home 775
>
> /home/samba 775
>
> /home/samba/DT***RM 775
>
> /home/samba/DT***RM/profiles 777
for the profiles, after you set the rights in windows,
user profiles folders wil be created with the correct rights.
and only accessable by the user..
and from here you shoule be able to set the correct rights.
Can you give it a try?
2015 Jan 28
2
W7 client cannot adjust file permissions via ADUC
W7 client domain member? yes.
Logged in as domainAdministrator? yes.
"SeDiskOperatorPrivilege" set? yes
Read "/Setup_and_configure_file_shares_with_Windows_ACLs"? yes.
---
-------------------------
Bob Wooden of Donelson Trophy
615.885.2846 (main)
www.donelsontrophy.com [2]
"Everyone deserves an award!!"
On 2015-01-28 10:40, Marcel de Reuver wrote:
>
2015 Jan 30
3
W7 client cannot adjust file permissions via ADUC
Hi bob,
Yes, i have corrected the script online.
I replaced the %USERNAME with %U in the old member script,
and please dont give the user DOMAIN\Administrator any uid. not 0, nothing.. .no uid..
My best advice, leave Administrator as is and create a new user..
Add that one in "Domain Admins" and that user can have a uid.
For setting the rights.
Use setfacl to set the base
2015 Jan 29
7
W7 client cannot adjust file permissions via ADUC
Rowland,
I have tried your various alteration suggestions and it is a "negative"
result.
Here is the output from wbinfo -u & wbinfo -g
root at dtmbr01:~# wbinfo -u
administrator
dns-dtdc02
dns-dtdc01
krbtgt
guest
root at dtmbr01:~# wbinfo -g
allowed rodc password replication group
enterprise read-only domain controllers
denied rodc password replication group
read-only domain
2015 Jan 28
2
W7 client cannot adjust file permissions via ADUC
That was a cut/paste error.
I've been thinking (danger, danger) when I test kerberos it returns the
two DC's are available. Should it be including the member server also?
Didn't I see the script setup kerberos on the member server? (Remember
this was installed with the gen one scripts, not the newest scripts.)
---
-------------------------
Bob Wooden of Donelson Trophy
2015 Mar 06
3
setting up W7 profiles
Okay, so I did this to myself. I overlooked an important sentence on the
"https://wiki.samba.org/index.php/Samba_%26_Windows_Profiles". The
sentence that instructs to do "Profile share using Windows ACLs"
***OR*** "Profile share with using POSIX ACLs".
So, I have reset the permissions to how they were before I messed them
up doing the "POSIX ACLs" part.
2015 Mar 05
2
setting up W7 profiles
Rowland,
'getent group DomainUsers' indeed returns nothing.
Now, I know, you know this like the "back of your hand" but, am I wrong,
are the permissions for **profiles** somewhat (not alot) different from
permissions for file shares? Because I see that instructions (on the
wiki) for file sharing reads differently.
Thanks, again.
---
-------------------------
Bob Wooden
2015 Jan 30
2
W7 client cannot adjust file permissions via ADUC
On 30/01/15 18:28, Bob of Donelson Trophy wrote:
>
>
> After restoring the member server and re-running the improved
> "4-setup-samba4-MEMBER-wheezy.sh" script I am still having the same
> issue. W7 client still not allowed to access the member server.
>
> Administrator still has a uidNumber:
>
> getent passwd Administrator
>
2015 Jan 30
2
W7 client cannot adjust file permissions via ADUC
On 30/01/15 19:14, Bob of Donelson Trophy wrote:
>
>
> There is no uidNumber or gidNumber specifically listed (there is an
> objectGuid and an objectSid.)
>
> Did nothing.
>
> Now?
>
> ---
>
> -------------------------
>
> Bob Wooden of Donelson Trophy
>
> 615.885.2846 (main)
> www.donelsontrophy.com [1]
>
> "Everyone deserves an
2015 Mar 06
1
setting up W7 profiles
On my test system I can only get 'getent -V' to respond.
Member server smb.conf file:
root at mbr01:~# cat /etc/samba/smb.conf
[global]
workgroup = TEST
security = ADS
realm = TEST.BOB
netbios name = mbr01
domain master = no
host msdfs = no
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
client signing = if_required
## map id's outside to
2015 Mar 09
2
setting up W7 profiles
Gentlemen,
First, let me point out that sometimes (and sometimes not) the mailing
list will strip out some backslash marks in cut and paste. So, if there
is a backslash missing . . . well, ignore that missing mark.
Louis,
When your script runs it creates the following default permissions:
root at mbr01:~# ls -alh /home/samba/TEST/profiles
total 8.0K
drwxr-xr-t 2 root root 4.0K Feb 21 18:39
2015 Jan 29
4
W7 client cannot adjust file permissions via ADUC
Rowland,
I think you have confused my email with a different thread.
Uhm . . what?
---
-------------------------
Bob Wooden of Donelson Trophy
615.885.2846 (main)
www.donelsontrophy.com [1]
"Everyone deserves an award!!"
On 2015-01-29 07:30, Rowland Penny wrote:
> On 29/01/15 12:54, Bob of Donelson Trophy wrote:
> Rowland, I have tried your various alteration
2015 Feb 02
3
DC01 & DC02 differences?
I have created a DC01 & DC02 with Louis's (generation one) scripts. I
have noticed, during some testing that 'pam-auth-update' shows PAM
profiles Kerberos, Unix & Winbind listed on DC01.
The DC02 only lists Kerberos & Unix and Winbind is missing.
I thought that the two DC's were suppose to be identical? If DC01 goes
"down" DC02 cannot carry a winbind
2016 Nov 14
3
Member server losing smb connection
On 2016-11-14 08:39, L.P.H. van Belle via samba wrote:
> Is this on a windows 7 or 10 client or both?
> Are you useing \\FQ.DN\share or \\hostname\share
> Try the FQ.DN, as Microsoft advices.
>
> And where are the TLS parameters in the below config.
> Did you set this up?
>
> Greetz,
>
> Louis
>
>> -----Oorspronkelijk bericht-----
>> Van:
2015 Jan 29
1
W7 client cannot adjust file permissions via ADUC
Rowland,
The email here is a little crazy at the moment. Your reply to my email
sent this morning (7 or 8 hours ago) just popped up. And this is since
you I have emailed some more confusion.
This thread is on HOLD UNTIL FURTHER NOTICE.
Let's let the email world settle down. I am currently receiving emails
from this morning and I am confused. And let get my head around all that
we have
2015 Mar 05
6
setting up W7 profiles
I am setting up W7 profiles following the "Samba & Windows Profiles" on
the Sambawiki.
If it matters, I have two functional DC's and one member server.
When I run '# chmod 1770 /srv/samba/profiles' (on the member server) the
permissions changed to:
root at mbr01:~# ls -alh /srv/samba/profiles
total 12K
drwxrwx--T+ 2 root root 4.0K Mar 1 10:21 .
drwxr-xr-t 5 root
2015 Mar 09
4
setting up W7 profiles
Bob, to the following..
set the in smb.conf not more not less.
On the member server.
[profiles$]
path = /home/samba/TEST/profiles
read only = no
acl_xattr:ignore system acl = yes
restart samba
now type
chown root:root /home/samba/TEST/profiles
chmod 1777 /home/samba/TEST/profiles
Now go to the wiki and set the correct rights for a profile share.
and ONLY for AD! ( not the POSIX )
2015 Feb 27
2
NT_STATUS_CONNECTION_REFUSED, again!!!
At one point, I thought the same. Tried a "sleep 5" and still got some
failures. (That was before I started counting the fails.) This is a P4
3.2Ghz with 1Gb RAM. Could it be that sluggish (at that moment) and need
a "sleep 10" or "sleep 15" or more? It worked on my VM (of course it is
running on a multi-core Xeon processor so maybe a sleep?) I'm going to
try
2015 Jan 30
2
W7 client cannot adjust file permissions via ADUC
On 30/01/15 20:48, Bob of Donelson Trophy wrote:
>
>
> Okay, added 'gidNumber: 10000' to the domain users group on DC1. (Was
> within my range 500-40000.)
>
> getnet passwd [user] returns nothing on DC1.
>
> W7 client still a "no".
>
> And now?
>
>
Have you tried getent on the member server ?
Lets forget W7 for the moment, get the Unix
2015 Feb 27
3
NT_STATUS_CONNECTION_REFUSED, again!!!
Thanks Rowland but that idea did not work.
I will simply grant access to those that failed manually.
(Really wish I had kept the VM that the scripthad worked on so I could
go back and see what happened but, too late, I have already deleted to
save precious hard drive space.)
If I have any issues, I'll be back.
---
-------------------------
Bob Wooden of Donelson Trophy
615.885.2846