similar to: samba file server - sediskoperatorprivilege not being honored

Hello, Since nobody picked this up I will try to answer myself (hopefully correctly). I think I just misread documentation on wiki, but I would really appreciate a clarification. In the wiki it states: "To enable other accounts than the domain administrator to set permissions on Windows, grant |Full control| (|rwx|) to the user or group you granted the |SeDiskOperatorPrivilege|

On 03/06/2019 12:29, Kacper Wirski via samba wrote: > Hello, > > Since nobody picked this up I will try to answer myself (hopefully > correctly). > > I think I just misread documentation on wiki, but I would really > appreciate a clarification. In the wiki it states: > > "To enable other accounts than the domain administrator to set > permissions on Windows,

Ok, thank You for confirmation, I was a bit worried I have something misconfigured. On my file server I'm using backend = rid, mainly (but only) because of this (to not set in AD uid/gid for Domain Admins group). Regards, Kacper Wirski W dniu 03.06.2019 o 14:07, Rowland penny via samba pisze: > On 03/06/2019 12:29, Kacper Wirski via samba wrote: >> Hello, >> >> Since

You can add windows server 2012 to samba 4 domain as a domain member (without AD DC role) without any issues. I myself have added multiple windows 2012, 2012r2 and 2016 member servers without any issues. And, what's important, You actually DON'T want to make them DC, because of what Rowland just wrote. Regards, Kacper. W dniu 04.05.2019 o 20:19, Rowland Penny via samba pisze: >

Hello, I'm using samba 4.9.x compiled from source on centos 7.6 Today I ran into an unknown behaviour before, which I'm not sure if it's a bug, a feature or.. just "is". I realised, that I'm unable to edit particular GPOs, with "access denied"  error, when this criteria are met: - I have user "john" that is a member of "domain admins"

Roland, It has been suggested that the program can run on W10 dedicated workstation. Acting as a Access database server. That statement gave me the idea that why could it not just be W2012 server and IT be the workstation OS. (But, they also said it is more efficient on W2012.) I am still weighing my options. Kacper, Your statement backs up the information that I am "gleaning" from

Hello, I'm setting up AD user logins for centos 7.4 box. I've almost managed to do everything the way I want and the way I think it should be, but I'm missing last piece:   For ssh access I read parts of the https://wiki.samba.org/index.php/OpenSSH_Single_sign-on Most docs recommend using setting in smb.conf: winbind use default domain = no that means that all domain users have

It has become necessary to have a W2012 server on my local lan. I have an existing Samba 4 (Ubuntu) domain with two controllers, a (Ubuntu) member server and a few W10 workstations. If I am reading the wiki correctly "Joining a Windows Client or Server to a Domain" page indicates Windows clients or "servers" and the "server" portion of the lists include W2012. Now,

Hi, I have a samba server setup as a domain member. I am trying to grant SeDiskOperatorPrivilege to some user accounts e.g. "domainaname\User", but I always get the above error. It doesnot matter what I specify as the server in -S option to the command. The command syntax I use is: net rpc rights grant "username" SeDiskOperatorPrivilege OR net -S ADserver -U

Hello, Thank You for fast response. I'm glad that it's a mistake somewhere on my side, it means it will work when I fix it :) Ok, first of all: Everything is on centos 7.4 All config files will be below, but to start off: behaviour is stranger than I thought, but there is a pattern: when doing [DOMAIN\kacper_wirski at vs-files ~]$ kinit -V Using default cache: /tmp/krb5cc_101003

I'm configuring a standalone server(server role = standalone server) using POSIX ACLs to manage permissions on server. I need to manage permissions(At least basic ones, like read, write) from Windows GUI. Is that possible using standalone? When I try setting permissions on Windows I got this on the log: [2017/10/04 19:07:08.437837, 2] ../source3/smbd/posix_acls.c:3006(set_canon_ace_list)

We’ve just recently moved over to Samba 4. It looks as if “force directory security mode” doesn’t work in samba 4. So I’m trying to setup the Windows ACLs on our groups share. I’ve been working on this for a few days. I’ve read over the docs, it seems like all the google links are purple and I’m still stuck. Hopefully someone here will have an idea. We’re running Windows 2008R2 for our AD

On Wed, 1 Nov 2017 19:49:32 +0000 Rowland Penny via samba <samba at lists.samba.org> wrote: > On Wed, 1 Nov 2017 20:28:05 +0100 > Kacper Wirski <kacper.wirski at gmail.com> wrote: > > > I'm going to start with clean centos install, so I might as well use > > some additional guidelines, thank You. > > > > When You run kinit, does Your user have

Hai, I've just read you howto, and its a very good start point. You may have to correct a few small things there, but imo pretty good yes. This : > chown root."domain admins" /SHAREPATH Is/should not needed. setacl -m g:"domain admins":rwx,g:"domain users":rx /SHARELOCALPATH ^^^^^^ you did mean setfacl ? But same, yes it works, and better then above, but

Hello again List, Marc, and Louis! I'm afraid my message from yesterday may have been TL;DR. The short version is as follows: Following the wiki's for AD member server (building from source on Debian Wheezy) and Setting up shares with Windows acls did not give the expected results First, I needed to link libnss_winbind.so to /usr/lib/x86_64-linux-gnu for winbind to work. Marc - may I

On Wed, 23 Apr 2025 14:35:16 +0200 Kacper Wirski via samba <samba at lists.samba.org> wrote: > What is the best approach to change samba ad dc's own password? > Windows machines change periodically, linux domain members can simply > re-join domain, but when it comes to DC's I can't find any > recommended steps? Is re-joining domain as domain controller viable >

(Re-posting to list also.. Sorry forgot Cc. -Tom) Marc, Thanks for your help and clarifications. I was indeed addressing the domain controller (2012 R2) due to my misunderstanding. Addressing the request at the file server (Samba 4) to the file server fails too but with different errors. Rights list succeeds. $ net rpc rights list accounts -UDOMAIN\\Administrator Enter

root at aphrodite:/# net rpc rights list accounts -U'DOMAIN\administrator' Enter DOMAIN\administrator's password: BUILTIN\Print Operators No privileges assigned BUILTIN\Account Operators No privileges assigned BUILTIN\Backup Operators No privileges assigned BUILTIN\Server Operators No privileges assigned BUILTIN\Administrators SeMachineAccountPrivilege SeTakeOwnershipPrivilege

Hello all, I have a AD DC based on CentOS7 with sernet samba 4.1.14 with rfc2307 and function level 2008_R2. This one works so far and I can manage the AD from a windows client. Now I setup a member server based on CentOS7 with sernet samba 4.1.14 just like the wiki advises with the same smb.conf (realm etc is configured to my needs. I joined the AD and configured nsswitch. wbinfo works so far

I switched to rid module of idmapping and now winbind offers all groups and I can set SeDiskOperatorPrivilege. getent group and getent passwd are now working! Am 9. Januar 2015 15:21:32 MEZ, schrieb Rowland Penny <rowlandpenny at googlemail.com>: >On 09/01/15 13:47, Tim wrote: >> Hello all, >> >> I have a AD DC based on CentOS7 with sernet samba 4.1.14 with rfc2307