similar to: samba file server - sediskoperatorprivilege not being honored

Hello, Since nobody picked this up I will try to answer myself (hopefully correctly). I think I just misread documentation on wiki, but I would really appreciate a clarification. In the wiki it states: "To enable other accounts than the domain administrator to set permissions on Windows, grant |Full control| (|rwx|) to the user or group you granted the |SeDiskOperatorPrivilege|

On 03/06/2019 12:29, Kacper Wirski via samba wrote: > Hello, > > Since nobody picked this up I will try to answer myself (hopefully > correctly). > > I think I just misread documentation on wiki, but I would really > appreciate a clarification. In the wiki it states: > > "To enable other accounts than the domain administrator to set > permissions on Windows,

Ok, thank You for confirmation, I was a bit worried I have something misconfigured. On my file server I'm using backend = rid, mainly (but only) because of this (to not set in AD uid/gid for Domain Admins group). Regards, Kacper Wirski W dniu 03.06.2019 o 14:07, Rowland penny via samba pisze: > On 03/06/2019 12:29, Kacper Wirski via samba wrote: >> Hello, >> >> Since

You can add windows server 2012 to samba 4 domain as a domain member (without AD DC role) without any issues. I myself have added multiple windows 2012, 2012r2 and 2016 member servers without any issues. And, what's important, You actually DON'T want to make them DC, because of what Rowland just wrote. Regards, Kacper. W dniu 04.05.2019 o 20:19, Rowland Penny via samba pisze: >

Roland, It has been suggested that the program can run on W10 dedicated workstation. Acting as a Access database server. That statement gave me the idea that why could it not just be W2012 server and IT be the workstation OS. (But, they also said it is more efficient on W2012.) I am still weighing my options. Kacper, Your statement backs up the information that I am "gleaning" from

Hello, I'm using samba 4.9.x compiled from source on centos 7.6 Today I ran into an unknown behaviour before, which I'm not sure if it's a bug, a feature or.. just "is". I realised, that I'm unable to edit particular GPOs, with "access denied"  error, when this criteria are met: - I have user "john" that is a member of "domain admins"

Hello, I'm setting up AD user logins for centos 7.4 box. I've almost managed to do everything the way I want and the way I think it should be, but I'm missing last piece:   For ssh access I read parts of the https://wiki.samba.org/index.php/OpenSSH_Single_sign-on Most docs recommend using setting in smb.conf: winbind use default domain = no that means that all domain users have

It has become necessary to have a W2012 server on my local lan. I have an existing Samba 4 (Ubuntu) domain with two controllers, a (Ubuntu) member server and a few W10 workstations. If I am reading the wiki correctly "Joining a Windows Client or Server to a Domain" page indicates Windows clients or "servers" and the "server" portion of the lists include W2012. Now,

Hello, Thank You for fast response. I'm glad that it's a mistake somewhere on my side, it means it will work when I fix it :) Ok, first of all: Everything is on centos 7.4 All config files will be below, but to start off: behaviour is stranger than I thought, but there is a pattern: when doing [DOMAIN\kacper_wirski at vs-files ~]$ kinit -V Using default cache: /tmp/krb5cc_101003

On Wed, 1 Nov 2017 19:49:32 +0000 Rowland Penny via samba <samba at lists.samba.org> wrote: > On Wed, 1 Nov 2017 20:28:05 +0100 > Kacper Wirski <kacper.wirski at gmail.com> wrote: > > > I'm going to start with clean centos install, so I might as well use > > some additional guidelines, thank You. > > > > When You run kinit, does Your user have

Hi, I have a samba server setup as a domain member. I am trying to grant SeDiskOperatorPrivilege to some user accounts e.g. "domainaname\User", but I always get the above error. It doesnot matter what I specify as the server in -S option to the command. The command syntax I use is: net rpc rights grant "username" SeDiskOperatorPrivilege OR net -S ADserver -U

I'm configuring a standalone server(server role = standalone server) using POSIX ACLs to manage permissions on server. I need to manage permissions(At least basic ones, like read, write) from Windows GUI. Is that possible using standalone? When I try setting permissions on Windows I got this on the log: [2017/10/04 19:07:08.437837, 2] ../source3/smbd/posix_acls.c:3006(set_canon_ace_list)

I had similiar issue on samba 4.8 domain member (new files with wrong permissions), when I realised that You need to list all modules that You wish to use in "vfs objects" every time , there is no inheritance from global -> shares that is if You have e.g. [global] ... vfs object = acl_xattr .. [some share] ... vfs object = recycle .. On samba DC "acl_xattr" is

Hi, We are running a 3 DC samba AD domain, and use 802.1x authentication for the win10 workstations to access the wired network. We are facing the issue where, following windows updates, our windows clients keep changing back the 802.1x settings to the windows default, namely: to verify the server identity and do computer authentication only. The latter is no problem, but the first one

Hello again List, Marc, and Louis! I'm afraid my message from yesterday may have been TL;DR. The short version is as follows: Following the wiki's for AD member server (building from source on Debian Wheezy) and Setting up shares with Windows acls did not give the expected results First, I needed to link libnss_winbind.so to /usr/lib/x86_64-linux-gnu for winbind to work. Marc - may I

(Re-posting to list also.. Sorry forgot Cc. -Tom) Marc, Thanks for your help and clarifications. I was indeed addressing the domain controller (2012 R2) due to my misunderstanding. Addressing the request at the file server (Samba 4) to the file server fails too but with different errors. Rights list succeeds. $ net rpc rights list accounts -UDOMAIN\\Administrator Enter

root at aphrodite:/# net rpc rights list accounts -U'DOMAIN\administrator' Enter DOMAIN\administrator's password: BUILTIN\Print Operators No privileges assigned BUILTIN\Account Operators No privileges assigned BUILTIN\Backup Operators No privileges assigned BUILTIN\Server Operators No privileges assigned BUILTIN\Administrators SeMachineAccountPrivilege SeTakeOwnershipPrivilege

Hello all, I have a AD DC based on CentOS7 with sernet samba 4.1.14 with rfc2307 and function level 2008_R2. This one works so far and I can manage the AD from a windows client. Now I setup a member server based on CentOS7 with sernet samba 4.1.14 just like the wiki advises with the same smb.conf (realm etc is configured to my needs. I joined the AD and configured nsswitch. wbinfo works so far

I switched to rid module of idmapping and now winbind offers all groups and I can set SeDiskOperatorPrivilege. getent group and getent passwd are now working! Am 9. Januar 2015 15:21:32 MEZ, schrieb Rowland Penny <rowlandpenny at googlemail.com>: >On 09/01/15 13:47, Tim wrote: >> Hello all, >> >> I have a AD DC based on CentOS7 with sernet samba 4.1.14 with rfc2307

Mark, Below xxx.yyy. is my network prefix. [global] workgroup = DOMAIN realm = DOMAIN.LOCAL server string = Server %v security = ADS client signing = auto client use spnego = yes kerberos method = secrets and keytab log file = /var/log/samba/log.%m log level = 3 max log size = 50 load printers = No printcap name = /dev/null idmap config * :