similar to: Samba AD - Scanner permission issues

Thanks for the hint, James. In that case, I assume the man page for smb.conf is outdated. According to the manual, "ntlm auth = yes" is the default. Running testparm -sv reveals, however, that it is set to "no" by default. Having said that, changing it to yes didn't bring me further, yet, the scanner still can't connect. This is now the output of testparm -sv | grep

Hi Viktor, I didn't go through all the conversations and I'm not sure if this will > be of any help, I just wanted to inform that I've been using mapped > drives with Windows 10 for ages and never had the problems you > described. I also never added or changed the "smb encrypt" option. My > Samba file server (AD member) was set up pretty much the way as is >

On 17/11/15 17:33, Viktor Trojanovic wrote: > [global] > > netbios name = FILESERVER > workgroup = SAMDOM > security = ADS > realm = SAMDOM.EXAMPLE.COM > dedicated keytab file = /etc/krb5.keytab > kerberos method = secrets and keytab > > username map = /etc/samba/samba_usermap > > idmap config *:backend = tdb > idmap config *:range =

On 17/11/15 16:57, Viktor Trojanovic wrote: > Hi Mathias, > > Thanks for replying. It seems you're describing the situation on the > AD DC. Computer and user mode access to my DC works fine and without > any issues but I can't access the shares of my *member* server *in > computer mode*. In user mode, it all works just fine. > > Viktor > > On 17.11.2015

Let me guess. You accessing your server like : \\servername\netlogon of \\servername\sysvol Well thats protected by windows these these days. Try with \\servername.domain.tld\netlogon or \\servername.domain.tld\sysvol Does that work? Yes, There is a whole chaper of this on the list somewhere.. Best is to read howto override this. https://adsecurity.org/?p=1405 and for you

Here are my (little) view regarding shares accesses. I write that to clarify things. And it could really be of-topic as Louis seems to have gave solution. There are 2 levels of authorisation for accessing shares: the share level and FS level. For Sysvol I would keep everyone or replace it by "authenticated users" in paranoid mode as the latter refuse non-authenticated users. They are

I run a very small Samba AD, consisting of a Samba AD DC and a Samba AD Member Server, acting as file server. Today, I added a new user to the AD but I simply can't manage to get access to the file server - only for this user, all others are working fine. My AD is rfc2307 based, so I manually have to add UID's. I did so for the new user, the ID is within range and not in use. I double

On 11/21/2016 8:21 AM, Viktor Trojanovic via samba wrote: > Hi all, > > I'm running a small Samba based AD, consisting of one Samba DC and one > Samba Fileserver (AD member). > > I use rfc2307 and manually give the users their UID (there aren't many). > > This setup used to work well at the beginning but with every Samba update > (I run a rolling release), I seem

Hello, I just went to migrate my fileserver from samba3 to samba4 but i have problem with the administrator account. The group "domain admins" have the permission to manage all my shares Administrator is member of the group "domain admins" but he can't manage the security tab of all my shares when i remove "full control" to share permissions tab. While

I still have the same problem with : [root at fileserver ~]# more /usr/local/samba/etc/samba_usermapping !root = DOMAIN\Administrator DOMAIN\\Administrator DOMAIN\administrator Administrator adm inistrator ________________________________________ De : samba <samba-bounces at lists.samba.org> de la part de Rowland Penny <rowlandpenny241155 at gmail.com> Envoyé : jeudi 6 août 2015 16:06

Oh thank you Just to be sure to understand : -getent passwd | grep administrator and id administrator didn't work on Fileserver because administrator account didn't have uidNumber -it also why administrator account can't manage filserver with windows permissions Just one more thing please : Why my administrators group is mapped on unix users ? [root#fileserver ~]# net groupmap

Sorry for my mistake. It resolve the groupmap problem : [root at fileserver ~]# net groupmap list Administrators (S-1-5-32-544) -> BUILTIN\administrators Users (S-1-5-32-545) -> BUILTIN\users But i still have the administrator problem. I have follow the wiki.samba doc and i have set the SeDiskOperatorPrivilege : net rpc rights list accounts -U'DOMAIN\administrator' DOMAIN\Domain

Hello everybody. I just upgraded our Fedora fileserver to version 30, which has Samba 4.13.2. Now, I can see this errors in log: check_ntlm_password: Authentication for user [dmu60evo] -> [dmu60evo] FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1 Auth: [SMB2,(null)] user []\[dmu60evo] at [?t, 19 lis 2020 15:50:26.373477 CET] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER]

Setup: Samba AD DC and Samba AD Member Server, Win10 clients only. Samba version 4.8.1 Has something changed recently in the way ACL's are supposed to work? My existing shares work just fine but any ALC changes I make using Windows are ignored in Samba. For example, I'm creating a new folder in Windows inside an existing share and I add user User1 or group Group1 in the security tab.

I guess you want getent group, so i give you both. But administrator is the only user of "domain admin" group with problems. [root at fileserver ~]# getent passwd Domain\ Admins [root at fileserver ~]# getent group Domain\ Admins domain admins:x:512: [root at fileserver ~]# ls -la /partages/share total 181260 drwxrwxrwx+ 2 root root 4096 26 mars 2013 . drwxr-xr-x 13

Hello! My file server is running ubuntu samba 4.3.0 and today started the problem that my IDs have changed and this caused countless problems. In the logs I have the following: Jul 12 15:57:07 samba fileserver winbindd [1141] [07.12.2016 15: 57: 07.605992, 0] ../source3/winbindd/winbindd_group.c:45(fill_grent) Jul 12 15:57:07 samba fileserver winbindd [1141]: Failed to find domain 'Unix

Hello, If I try to set acl under windows, something very strange appears. For instance, if I set something for the user samuel I get this with the command getfacl : default:_*group*_:samuel.ruet:r-x And if I set something for the group sa-si I get this : default:_*use*_r:sa-si:r-x Under windows all seems good... I recently change idmap config... ( add rid backend ) Here is my smb.conf :

Hello! And my DCs now the station Ids equal, in my Fileserver this way: DC01: wbinfo -i userteste01 SERVERAD \ userteste01: *: 3000367: 100: userteste01: / home / SERVERAD / userteste01: / bin / false DC02: wbinfo -i userteste01 SERVERAD \ userteste01: *: 3000367: 100: userteste01: / home / SERVERAD / userteste01: / bin / false My Fileserver: wbinfo -i userteste01 userteste01: *: 13121: 5513:

Hello Rowland, Am 17.10.2016 um 18:06 schrieb Rowland Penny via samba: > See inline comments: > > On Mon, 17 Oct 2016 17:14:43 +0200 > Udo Willke via samba <samba at lists.samba.org> wrote: > >> So, to summarize the discussion: >> >> System accounts should not have rfc2307 IDs, only (unprivileged) >> users should. The Administrator account is the

>> Hi, how have you setup the fileserver ? >> Is it joined to the domain ? >> Can you post your fileservers smb.conf >> Rowland OT: Oops, wasn't subscribed to the mailing list :) Yes, server is joined to the domain (otherwise I would not be able to generate the principal) Server configuration is following (only global part), winbind config is there because it was