Displaying 20 results from an estimated 7000 matches similar to: "Local Administrators (group) and delegation in AD"
2015 Oct 29
4
Local Administrators (group) and delegation in AD
On 2015-10-29 09:52, Rowland Penny wrote:
> On 29/10/15 08:34, Davor Vusir wrote:
>> Hi all!
>>
>> We have got many delegations in our AD. To add a certain
>> administrator group to the local Administrators group you can use GPO
>> for Windowsservers. As Samba does not understand GPO I have initially
>> used the "username map" feature to add a
2015 Oct 29
3
Local Administrators (group) and delegation in AD
On 2015-10-29 12:23, Rowland Penny wrote:
> On 29/10/15 09:47, Davor Vusir wrote:
>> On 2015-10-29 09:52, Rowland Penny wrote:
>>> On 29/10/15 08:34, Davor Vusir wrote:
>>>> Hi all!
>>>>
>>>> We have got many delegations in our AD. To add a certain
>>>> administrator group to the local Administrators group you can use
2015 Oct 29
2
Local Administrators (group) and delegation in AD
mathias dufresne skrev den 2015-10-29 14:31:
> I'm thick :D
> I don't really understand more :(
>
No. I'm having trouble explaining. Maybe these threads are more
enlightning:
https://lists.samba.org/archive/samba/2015-April/191020.html and
http://www.spinics.net/lists/samba/msg123646.html.
> Samba can share file, printers and when samba hosts a domain samba is also
2015 Oct 30
2
Local Administrators (group) and delegation in AD
On 2015-10-29 21:32, Rowland Penny wrote:
> On 29/10/15 19:38, Davor Vusir wrote:
>>
>>
>> mathias dufresne skrev den 2015-10-29 14:31:
>>> I'm thick :D
>>> I don't really understand more :(
>>>
>>
>> No. I'm having trouble explaining. Maybe these threads are more
>> enlightning:
>>
2015 Oct 29
0
Local Administrators (group) and delegation in AD
On 29/10/15 09:47, Davor Vusir wrote:
> On 2015-10-29 09:52, Rowland Penny wrote:
>> On 29/10/15 08:34, Davor Vusir wrote:
>>> Hi all!
>>>
>>> We have got many delegations in our AD. To add a certain
>>> administrator group to the local Administrators group you can use
>>> GPO for Windowsservers. As Samba does not understand GPO I have
2015 Oct 29
0
Local Administrators (group) and delegation in AD
On 29/10/15 08:34, Davor Vusir wrote:
> Hi all!
>
> We have got many delegations in our AD. To add a certain administrator
> group to the local Administrators group you can use GPO for
> Windowsservers. As Samba does not understand GPO I have initially used
> the "username map" feature to add a domain account to become root.
> After the appropriate group is added
2015 Oct 29
0
Local Administrators (group) and delegation in AD
Hi Davor,
If I've well understood you want some AD users to be local administrators
of some UNIX machines, not necessary all your UNIX machines.
I would give these users uidNumber=0 and/or gidNumber=0. In UNIX systems
you can rename "root" as long as you keep for him UID=0. You can also have
several users sharing same UID and/or GID.
So, let's say now you have 10 users with
2015 Oct 29
0
Local Administrators (group) and delegation in AD
I'm thick :D
I don't really understand more :(
Samba can share file, printers and when samba hosts a domain samba is also
acting as a users database.
All that can be managed from Windows side or Linux side.
Delegation on Windows is quiet well documented I expect by Microsoft itself
and in the Samba Wiki.
According to that I expect your question is about how to delegate Samba
management
2015 Oct 29
0
Local Administrators (group) and delegation in AD
On 29/10/15 19:38, Davor Vusir wrote:
>
>
> mathias dufresne skrev den 2015-10-29 14:31:
>> I'm thick :D
>> I don't really understand more :(
>>
>
> No. I'm having trouble explaining. Maybe these threads are more
> enlightning:
> https://lists.samba.org/archive/samba/2015-April/191020.html and
>
2015 Nov 03
0
Local Administrators (group) and delegation in AD
On 2015-10-30 09:07, Davor Vusir wrote:
> On 2015-10-29 21:32, Rowland Penny wrote:
>> On 29/10/15 19:38, Davor Vusir wrote:
>>>
>>>
>>> mathias dufresne skrev den 2015-10-29 14:31:
>>>> I'm thick :D
>>>> I don't really understand more :(
>>>>
>>>
>>> No. I'm having trouble explaining. Maybe these
2015 Nov 03
2
Local Administrators (group) and delegation in AD
On 03/11/15 08:10, Davor Vusir wrote:
>
>
> No, Davor. That won't work. The delegated user account is not member
> of 'AD\Domain Admins' which is member of the group
> 'SERVER\Administrators'. You have to use the username map to be able
> to add the first AD-group or account to 'SERVER\Administrators'.
>
No, Davor, you don't have to use a
2015 Nov 04
1
Local Administrators (group) and delegation in AD
On 04/11/15 15:09, mathias dufresne wrote:
> As Davor wants to delegate I expect he does not want to give
> Administrator password to these persons ;) And using a keytab to
> avoid giving them the password is not a solution: they would be able
> to perform everything they want on samba, which is certainly far from
> the delegation he initially thought...
Ah, what I posted was
2015 Jul 08
6
vfs module recycler
this module doesn't seem to want to work on anything but a root ubuntu
filesystem. It won't work on any external drives or secondary drives just
the main one. This poses as a problem for a system with several drives.
if i delete on a secondary drive of any sort with any use in a samba share
over smb i get the folders placed in the recycle bin but no file.
I have a sent copy of the config
2018 Mar 11
2
Run smbd in AD user context
2018-03-10 19:48 GMT+01:00 Jeremy Allison <jra at samba.org>:
> On Sat, Mar 10, 2018 at 01:10:46PM +0100, Davor Vusir via samba wrote:
> >
> > Off list I got a tip on using become_user(). A soon as I get a grip on
> how
> > to extract the calling user's vuid I give it a try I have of course tried
> > other functions; become_user_permanently( ),
2014 Nov 03
1
Samba 4.2.0 rc2 and winbindd, uid-/gidNumber and xidNumber
Trying out 4.2.0 rc2 and winbindd. Below is the AD DC's smb.conf.
Samba on the AD DC is updated from 4.1.3.
I'm having trouble getting uid-/gidNumbers. Just xidNumbers are
displayed. All domain account and groups have got it assigned. What
did I miss?
Is it possible that the outcome from the commands run on the AD DC is
a product from the fact that the domains NetBIOS-name is EXAMPLE and
2018 Mar 10
2
Run smbd in AD user context
2018-03-09 20:39 GMT+01:00 Jeremy Allison <jra at samba.org>:
> On Fri, Mar 09, 2018 at 12:07:54PM +0100, Davor Vusir via samba wrote:
> > Hi all!
> >
> > Is it possible to run smbd in an AD user's context?
> > If not, is it possible to have smbd to tell a third-party function to not
> > stray outside from logged on user's (AD user) context (home
2015 Apr 19
2
Possible Security Hole (Bug?)
Hi Andrey,
2015-04-19 0:12 GMT+02:00 Andrey Repin <anrdaemon at yandex.ru>:
> Greetings, Davor Vusir!
>
>>> Hi, there are two separate points of view here, map 'Administrator' to the
>>> 'root' user, or give 'Administrator' a uidNumber. If you do the first then
>>> 'Administrator' can change directory settings on a Unix
2015 Mar 04
2
Domain Member Server (wheezy) - Unable to edit permissions of share without usermapping - shall I add to Wiki?
Hi Davor,
If the mapping of administrator to root is not ideal, I do like the idea of
having a specific FileShareAdmin group.
But, why chown and not simply chgrp?
Thanks!
Shane Robinson
Chief Administrative Officer
SimpeQ Care Inc.
t. 604.988.3103 ext. 104
c. 604.506.3311
f. 604.988.3105
Please consider the environment before printing this email.
-----Original Message-----
From:
2015 Jul 06
1
Rejoin dc to domain
Dear Davor
We receive an error message at the command "list domains"
ntdsutil
metadata cleanup
connections
connect to server <DC with fsmo roles>
quit
select operation target
error: error at handling the input
invalid syntax
-> list domains
But the command is correct!
Am 02.07.2015 um 21:11 schrieb Davor Vusir:
> You might need to do a meta data cleanup before
2015 Mar 04
3
Domain Member Server (wheezy) - Unable to edit permissions of share without usermapping - shall I add to Wiki?
2015-03-04 19:59 GMT+01:00 Rowland Penny <rowlandpenny at googlemail.com>:
> On 04/03/15 18:31, Shane Robinson wrote:
>>
>> Hello again Rowland, list!
>>
>> Sorry for the delayed response, and top posting.
>>
>> To recap:
>> I'd like to complete the member server wiki so that ACLs can be set from
>> windows without taking undocumented