similar to: Windows ACLs : problems

Am 03.01.19 um 15:29 schrieb Rowland Penny via samba: > On Thu, 3 Jan 2019 15:08:46 +0100 > "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote: > >> >> We are in the process of switching over shares from the old way of >> doing this to Windows ACLs: >> >> disable "valid users" "write list" etc >>

On Thu, 3 Jan 2019 15:46:24 +0100 "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote: > Am 03.01.19 um 15:29 schrieb Rowland Penny via samba: > > On Thu, 3 Jan 2019 15:08:46 +0100 > > "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote: > > > >> > >> We are in the process of switching over shares

Am 03.01.19 um 16:19 schrieb Rowland Penny via samba: > On Thu, 3 Jan 2019 15:46:24 +0100 "Stefan G. Weichinger via samba" > <samba at lists.samba.org> wrote: >> observation, maybe important: > > Oh, it's more than important, guess where the Windows ACLs are stored > ;-) hmm ... ? ;) >> (share "projekte" works fine, share "QM"

We are in the process of switching over shares from the old way of doing this to Windows ACLs: disable "valid users" "write list" etc and set ACLs via Windows Explorer ... And I struggle. I am asking for a way to "start ACLs from scratch". I ran "setfacl -b -R" on the dir on the samba server and did a "chown -R root:10513" to hand it to

Samba 4.17.3 on Debian 11.6 [global] unix charset = iso8859-15 security = ads realm = COMP.INTRA workgroup = COMP dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab winbind cache time = 10 winbind use default domain = yes winbind refresh tickets = Yes template homedir = /mnt/MSA2040/smb/Homes/%D/%U domain master = no local master = no preferred master = no idmap

On Thu, 3 Jan 2019 16:33:56 +0100 "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote: > Am 03.01.19 um 16:19 schrieb Rowland Penny via samba: > > On Thu, 3 Jan 2019 15:46:24 +0100 "Stefan G. Weichinger via samba" > > <samba at lists.samba.org> wrote: > >> observation, maybe important: > > > > Oh, it's more

Last week the mobo in a DM server died, so we had to set up a fallback machine and reinstall Debian 10.2 including Samba I had smb.conf but not /var/lib/samba in backups. Restored krb5.conf and smb.conf, rejoined. Things work mostly ... but for example I get gid 10006 for "domain users" instead of 10513 before. and getent group doesn't show the AD groups, btw - I have: #

Am 13.02.23 um 12:14 schrieb Rowland Penny via samba: >> # ls -n >> insgesamt 24 >> drwxrwxr-x+ 4 0 10512 4096? 9. Dez 20:43 Test1 >> drwxrwxr-x+ 2 0 10512 4096? 9. Dez 20:41 test2 >> drwxrwxr-x+ 2 0 10512 4096? 9. Dez 20:41 test3 >> >> gid 10512 should be "domain admins" or in this case german >> "dom?nen-admins" with an ugly

On 13/02/2023 13:04, Stefan G. Weichinger via samba wrote: > I am a bit confused right now (maybe always): you told me "Administrator > shouldn't own anything on Unix" From the Unix end, you should never find Administrator owning anything. This is because, as my example showed. as a Unix use, Administrator is just a normal, unprivileged user e.g. my example Unix

On Wed, 30 May 2018 16:03:30 +0200 "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote: > We see that it is old ("SWAT", date) and ugly ... > > > # cat /etc/samba/smb.conf > # Samba config file created using SWAT > # from UNKNOWN (192.168.100.66) > # Date: 2012/07/23 14:38:02 It isn't that old;-) You wont be using swat again, it

Am 07.09.18 um 20:07 schrieb Rowland Penny via samba: > On Fri, 7 Sep 2018 19:09:37 +0200 > "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote: >> But >> >> # net rpc rights grant "Domänen-Admins" SeDiskOperatorPrivilege -U >> "mydomain\administrator" >> >> fails >> >> also for

Am 24.02.20 um 10:34 schrieb Rowland penny via samba: > Change the owner to 'root' and never use Administrator on a Unix domain > member. wiki says: # chown root:"Unix Admins" /srv/samba/Demo/ # chmod 0770 /srv/samba/Demo/ I dont't have "Unix Admins" ... and the chown to root makes my Windows-connections fail with Administrator ... the users seem to stay

Am 25.02.20 um 15:16 schrieb Rowland penny via samba: > On 25/02/2020 14:01, Stefan G. Weichinger via samba wrote: >> Am 25.02.20 um 14:54 schrieb Rowland penny via samba: >>> You do not need it, it is only required if using the winbind 'ad' >>> backend and only then if you don't want possible problems with sysvol. >> What? Now I *don't* need it?

On 24/02/2020 08:52, Stefan G. Weichinger via samba wrote: > Status: > > domain member server, Samba version 4.10.11-Debian > > > username map = /etc/samba/samba_usermapping I take it that samba_usermapping contains something like this: !root = CUSTOMER\Administrator > The share "QM" gives us issues when we edit ACLs via RSAT on windows DC. > > access

Hai Stefan, Yes, its always better to ask the list, that way everybody can learn from it. ;-) > Do you think I will have to rejoin it to the domain? No i dont think so. Please note, o dont know anything about gentoo except that they have a good wiki/info pages. If this was debian, then in this case, what i would extra do here, run : samba -b and backup all folders of samba and any thing

what do I miss here: wbinfo -u / -g -/ -pPt works [2019/09/05 17:15:25.963590, 1] ../source3/librpc/crypto/gse.c:658(gse_get_server_auth_token) gss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/SAMBA.noras.intra at NORAS.INTRA(kvno 54) in keytab MEMORY:cifs_srv_keytab (aes256-cts-hmac-sha1-96)] [2019/09/05 17:15:25.963681, 1]

Am 11.09.18 um 10:06 schrieb Rowland Penny via samba: > On Tue, 11 Sep 2018 09:54:32 +0200 > "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote: > >> Am 07.09.18 um 20:07 schrieb Rowland Penny via samba: >>> On Fri, 7 Sep 2018 19:09:37 +0200 >>> "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:

Am 03.01.19 um 16:51 schrieb Rowland Penny via samba: > Hmm, 'Projekte' works and is writeable by 'root', members of the 'qm' > and anybody else. Whilst 'QM' is only writeable by 'root'. Does this > give you any hints ? sure. changed this already in all directions before. and you also said you were following this wiki > page: > >

Am 2018-05-30 um 16:41 schrieb Rowland Penny via samba: > On Wed, 30 May 2018 16:03:30 +0200 > "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote: > >> We see that it is old ("SWAT", date) and ugly ... >> >> >> # cat /etc/samba/smb.conf >> # Samba config file created using SWAT >> # from UNKNOWN (192.168.100.66)

additional: the krb5.conf from the former admin, I assume it could or should be boiled down: # cat /etc/krb5.conf [logging] default = FILE:/var/log/krb5.log [libdefaults] ticket_lifetime = 24000 clock_skew = 300 default_realm = customer.INTRA kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true [realms] DOMAIN.LOCAL = { kdc =