Displaying 20 results from an estimated 50000 matches similar to: "Samba AD - Scanner permission issues"
2016 Nov 21
1
Samba AD - Scanner permission issues
Thanks for the hint, James.
In that case, I assume the man page for smb.conf is outdated. According to
the manual, "ntlm auth = yes" is the default. Running testparm -sv reveals,
however, that it is set to "no" by default.
Having said that, changing it to yes didn't bring me further, yet, the
scanner still can't connect.
This is now the output of testparm -sv | grep
2019 Apr 30
5
Windows clients require reboot once a day in order to access mapped drives
Hi Viktor,
I didn't go through all the conversations and I'm not sure if this will
> be of any help, I just wanted to inform that I've been using mapped
> drives with Windows 10 for ages and never had the problems you
> described. I also never added or changed the "smb encrypt" option. My
> Samba file server (AD member) was set up pretty much the way as is
>
2015 Nov 17
1
Permission Issues with GPO
On 17/11/15 17:33, Viktor Trojanovic wrote:
> [global]
>
> netbios name = FILESERVER
> workgroup = SAMDOM
> security = ADS
> realm = SAMDOM.EXAMPLE.COM
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
>
> username map = /etc/samba/samba_usermap
>
> idmap config *:backend = tdb
> idmap config *:range =
2015 Nov 17
4
Permission Issues with GPO
On 17/11/15 16:57, Viktor Trojanovic wrote:
> Hi Mathias,
>
> Thanks for replying. It seems you're describing the situation on the
> AD DC. Computer and user mode access to my DC works fine and without
> any issues but I can't access the shares of my *member* server *in
> computer mode*. In user mode, it all works just fine.
>
> Viktor
>
> On 17.11.2015
2015 Nov 17
3
Permission Issues with GPO
Let me guess.
You accessing your server like :
\\servername\netlogon
of
\\servername\sysvol
Well thats protected by windows these these days.
Try with
\\servername.domain.tld\netlogon
or
\\servername.domain.tld\sysvol
Does that work? Yes,
There is a whole chaper of this on the list somewhere..
Best is to read howto override this.
https://adsecurity.org/?p=1405
and for you
2016 Nov 21
0
Samba AD - Scanner permission issues
On 11/21/2016 8:21 AM, Viktor Trojanovic via samba wrote:
> Hi all,
>
> I'm running a small Samba based AD, consisting of one Samba DC and one
> Samba Fileserver (AD member).
>
> I use rfc2307 and manually give the users their UID (there aren't many).
>
> This setup used to work well at the beginning but with every Samba update
> (I run a rolling release), I seem
2015 Nov 17
2
Permission Issues with GPO
Here are my (little) view regarding shares accesses. I write that to
clarify things. And it could really be of-topic as Louis seems to have gave
solution.
There are 2 levels of authorisation for accessing shares: the share level
and FS level.
For Sysvol I would keep everyone or replace it by "authenticated users" in
paranoid mode as the latter refuse non-authenticated users.
They are
2017 Jun 19
4
New AD user cannot access file share from member server
I run a very small Samba AD, consisting of a Samba AD DC and a Samba AD
Member Server, acting as file server.
Today, I added a new user to the AD but I simply can't manage to get access
to the file server - only for this user, all others are working fine.
My AD is rfc2307 based, so I manually have to add UID's. I did so for the
new user, the ID is within range and not in use. I double
2015 Aug 06
2
Problems with administrator account
Hello,
I just went to migrate my fileserver from samba3 to samba4 but i have problem with the administrator account.
The group "domain admins" have the permission to manage all my shares
Administrator is member of the group "domain admins" but he can't manage the security tab of all my shares when i remove "full control" to share permissions tab.
While
2015 Aug 06
2
Problems with administrator account
I still have the same problem with :
[root at fileserver ~]# more /usr/local/samba/etc/samba_usermapping
!root = DOMAIN\Administrator DOMAIN\\Administrator DOMAIN\administrator Administrator adm
inistrator
________________________________________
De : samba <samba-bounces at lists.samba.org> de la part de Rowland Penny <rowlandpenny241155 at gmail.com>
Envoyé : jeudi 6 août 2015 16:06
2015 Aug 07
2
Problems with administrator account
Oh thank you
Just to be sure to understand :
-getent passwd | grep administrator and id administrator didn't work on Fileserver because administrator account didn't have uidNumber
-it also why administrator account can't manage filserver with windows permissions
Just one more thing please :
Why my administrators group is mapped on unix users ?
[root#fileserver ~]# net groupmap
2018 May 13
2
ACL set in Windows not set in Samba
Setup: Samba AD DC and Samba AD Member Server, Win10 clients only. Samba
version 4.8.1
Has something changed recently in the way ACL's are supposed to work? My
existing shares work just fine but any ALC changes I make using Windows are
ignored in Samba.
For example, I'm creating a new folder in Windows inside an existing share
and I add user User1 or group Group1 in the security tab.
2015 Aug 07
2
Problems with administrator account
Sorry for my mistake.
It resolve the groupmap problem :
[root at fileserver ~]# net groupmap list
Administrators (S-1-5-32-544) -> BUILTIN\administrators
Users (S-1-5-32-545) -> BUILTIN\users
But i still have the administrator problem. I have follow the wiki.samba doc and i have set the SeDiskOperatorPrivilege :
net rpc rights list accounts -U'DOMAIN\administrator'
DOMAIN\Domain
2020 Nov 19
2
winbind use default domain = yes doesn't work on Samba 4.13?
Hello everybody.
I just upgraded our Fedora fileserver to version 30, which has Samba
4.13.2.
Now, I can see this errors in log:
check_ntlm_password: Authentication for user [dmu60evo] -> [dmu60evo]
FAILED with error NT_STATUS_NO_SUCH_USER, authoritative=1
Auth: [SMB2,(null)] user []\[dmu60evo] at [?t, 19 lis 2020
15:50:26.373477 CET] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER]
2015 Aug 07
4
Problems with administrator account
I guess you want getent group, so i give you both. But administrator is the only user of "domain admin" group with problems.
[root at fileserver ~]# getent passwd Domain\ Admins
[root at fileserver ~]# getent group Domain\ Admins
domain admins:x:512:
[root at fileserver ~]# ls -la /partages/share
total 181260
drwxrwxrwx+ 2 root root 4096 26 mars 2013 .
drwxr-xr-x 13
2016 Jul 12
2
Failed to find domain Unix Group
Hello!
My file server is running ubuntu samba 4.3.0 and today started the
problem that my IDs have changed and this caused countless problems.
In the logs I have the following:
Jul 12 15:57:07 samba fileserver winbindd [1141] [07.12.2016 15: 57:
07.605992, 0] ../source3/winbindd/winbindd_group.c:45(fill_grent)
Jul 12 15:57:07 samba fileserver winbindd [1141]: Failed to find domain
'Unix
2016 Feb 01
2
Validate Ids Multiple DC
Hello!
And my DCs now the station Ids equal, in my Fileserver this way:
DC01:
wbinfo -i userteste01
SERVERAD \ userteste01: *: 3000367: 100: userteste01: / home / SERVERAD
/ userteste01: / bin / false
DC02:
wbinfo -i userteste01
SERVERAD \ userteste01: *: 3000367: 100: userteste01: / home / SERVERAD
/ userteste01: / bin / false
My Fileserver:
wbinfo -i userteste01
userteste01: *: 13121: 5513:
2016 Sep 05
5
ACL wrong category user for group and group for user
Hello,
If I try to set acl under windows, something very strange appears.
For instance, if I set something for the user samuel I get this with the
command getfacl :
default:_*group*_:samuel.ruet:r-x
And if I set something for the group sa-si I get this :
default:_*use*_r:sa-si:r-x
Under windows all seems good...
I recently change idmap config... ( add rid backend )
Here is my smb.conf :
2016 Oct 17
3
Unable to set up home share correctly
Hello Rowland,
Am 17.10.2016 um 18:06 schrieb Rowland Penny via samba:
> See inline comments:
>
> On Mon, 17 Oct 2016 17:14:43 +0200
> Udo Willke via samba <samba at lists.samba.org> wrote:
>
>> So, to summarize the discussion:
>>
>> System accounts should not have rfc2307 IDs, only (unprivileged)
>> users should. The Administrator account is the
2014 Dec 31
2
Fwd: Re: Samba4 and sssd, keytab file expires?
>> Hi, how have you setup the fileserver ?
>> Is it joined to the domain ?
>> Can you post your fileservers smb.conf
>> Rowland
OT: Oops, wasn't subscribed to the mailing list :)
Yes, server is joined to the domain (otherwise I would not be able to
generate the principal)
Server configuration is following (only global part), winbind config is
there because it was