similar to: using Windows AD unwanted Group rights get applied to new Files

On Fri, 10 Aug 2018 13:20:15 +0100 "miguel medalha" <medalist at sapo.pt> wrote: > > > > By default, every AD user is a member of 'Domain Users' and so, > > > > when you use the 'rid' backend every Unix user gets the group as > > > > their primary group. > > > > > > > The only way to change this is by using

> > > By default, every AD user is a member of 'Domain Users' and so, > > > when you use the 'rid' backend every Unix user gets the group as > > > their primary group. > > > > > The only way to change this is by using a version of Samba >= 4.6.0 > > > and use the 'ad' backend (...) > > > > You can also

On Fri, 10 Aug 2018 14:32:01 +0100 "miguel medalha" <medalist at sapo.pt> wrote: > > >having a particular group > > > set as "Primary group" > > > How are setting the 'primary group' ? > > The 'primary group' had been set a long time ago, when the system was > created. It had been set with ADUC, under the

On Fri, 10 Aug 2018 15:19:03 +0100 "miguel medalha" <medalist at sapo.pt> wrote: > > > What does 'getent passwd ausername' return on a Unix domain member ? > > For that same user, it returns the user ID and the ID for "Domain > users". Then the users primary group is 'Domain Users' and this is what Unix will use to create

> By default, every AD user is a member of 'Domain Users' and so, > when you use the 'rid' backend every Unix user gets the group as > their primary group. > The only way to change this is by using a version of Samba >= 4.6.0 and > use the 'ad' backend  (...) You can also use RSAT and define some other group as the user's primary group, and still

> > I logged on to Windows 7 as a regular user > What do you mean by 'regular user' ? I used the expression 'regular user' because I wanted to make it clear that this user does not have any administrative rights whatsoever. > >having a particular group > > set as "Primary group" > How are setting the 'primary group' ? The

We're using a bunch of AD groups ? all users/groups are created and managed with ADUC. Domain Users is the primary group for all users, plus a few for our departments (and Domain Admins). All groups have their posixGroup attributes filled out. wbinfo --group-info and getent group show the correct membership for all groups except Domain Users. smb.conf: http://pastebin.com/ymrXZJ5u Already

Hi, we have some Samba shares joined a existing Windows AD. Everything works well with complex user rights. But the problem ist that when a user creates a new file the standard windows group (domain-user) is also applied as a permission to the file. This breaks all the security because all users have now full acess to this file. (because all users are in the domain-user group) All parent

On Tue, 7 Aug 2018 11:52:31 +0000 VELARTIS Philipp Dürhammer <p.duerhammer at velartis.at> wrote: > HI, > > Ubuntu 16.04 newest Updates. Windows 2016 Server RD and > Domaincontroller. When we set the rights through windows everything > is fine. But creating Files on Windows Share adds allways the primary > group "Domänen-Benutzer" to the file. And every user is

On Mon, 23 Jul 2018 17:19:07 +0800 d tbsky <tbskyd at gmail.com> wrote: > 2018-07-23 17:02 GMT+08:00 Rowland Penny via samba > <samba at lists.samba.org>: > > On Mon, 23 Jul 2018 16:46:50 +0800 > > d tbsky <tbskyd at gmail.com> wrote: > > > >> 2018-07-23 16:04 GMT+08:00 Rowland Penny via samba > >> <samba at lists.samba.org>: >

Hello Marc, thank you for your answer. I already added gidNumber 513 for the group. Now I added the two additional attribute for the group. I installed RSAT, and enabled the necessary modules according to the Samba wiki. I opened AD users and computers, and Domain Users' properties. When I click on the UNIX Attributes tab, I get an error: Execution denied. On the panel I see: NIS Domain: xxx;

On Mon, 23 Jul 2018 16:46:50 +0800 d tbsky <tbskyd at gmail.com> wrote: > 2018-07-23 16:04 GMT+08:00 Rowland Penny via samba > <samba at lists.samba.org>: > >> >>> idmap config SAMDOM:range = 1000-999999 > >> idmap config SAMDOM:unix_primary_group = yes > > > > That isn't a bug, it is a feature ;-) > > Before 4.6.0

Hi, Anyone know why I don't get the properties window when I try to create a new user or view a user's properties. Was working fine last week when I created 3 or 4 test users. I'm using the same workstation I had installed RSAT on and created the users with before. Any idea's? -- Regards, Phil

On Mon, 23 Jul 2018 18:22:55 +0800 d tbsky <tbskyd at gmail.com> wrote: > 2018-07-23 18:01 GMT+08:00 Rowland Penny via samba > <samba at lists.samba.org>: > > On Mon, 23 Jul 2018 17:19:07 +0800 > > When I said 'ignored', I should have said 'ignored by Unix', if your > > users are logging into Windows, then they are not using the > >

On 6/19/2017 7:51 AM, Viktor Trojanovic via samba wrote: > That's correct, I don't have "Unix Attributes" but through the advanced > view I have access to all attributes. > > The ldbsearch command is not returning anything in my case, it gives me 0 > records - no matter which user I try, even the Administrator. I checked the > command several times to make sure

Because of other issues using ADUC, I tried to remove a domain member using: > samba-tool group removemembers "Domain Computers" MARKA\$ Removed members from group Domain Computers As shown, it say it "Removed members", but ... > samba-tool group listmembers "Domain Computers" : LABRAT$ : OHPRSSTORAGE$ MARKA$ : COMMON$ : listmembers still shows the computer

I'm reading this page on the Samba Wiki: https://wiki.samba.org/index.php/Idmap_config_ad I'm reading the information at the end about gidNumber and primaryGroupID, and everything is making sense. (In fact, I recently implemented code to set a user's gidNumber to the gidNumber of their primary group. I see now that this is the default behavior of Samba (winbind?) and that this was

On 6/19/2017 9:12 AM, Viktor Trojanovic via samba wrote: > On 19 June 2017 at 14:56, Rowland Penny via samba <samba at lists.samba.org> > wrote: > >> On Mon, 19 Jun 2017 14:46:34 +0200 >> Viktor Trojanovic <viktor at troja.ch> wrote: >> >>> On 19 June 2017 at 14:20, lingpanda101 via samba >>> <samba at lists.samba.org> wrote:

Hi When I add the posixGroup class to an AD group, add a user to the group and set their primaryGroupID, I can add members to the group: samba-tool group addmembers debusers lynn2 ERROR(ldb): Failed to add members "lynn2" to group "debusers" - samldb: member CN=lynn2,CN=Users,DC=hh3,DC=site already set via primaryGroupID 1106 where lynn2 is a user who has been added to

On Tue, 28 May 2019 11:04:01 +0200 Denis Cardon <dcardon at tranquil.it> wrote: > Hi Mark, > > > Because of other issues using ADUC, I tried to remove a domain member using: > > > >> samba-tool group removemembers "Domain Computers" MARKA\$ > > Removed members from group Domain Computers > > > > As shown, it say it "Removed