Displaying 20 results from an estimated 10000 matches similar to: "Expected behaviour of domain\administrator on Linux AD domain member"
2019 Jul 03
2
cannot set filesystem permissions on shares
Finaly, i was waiting for this one. ;-)
Now after all changes Rowland suggested.
Run this : getfacl /home/users
Show the output.
There are 5 things you need to think in.
1) The folder rights
2) The share rights
3) Posix or windows ACL's? ( use Windows ACL's my advice. )
4) Dont forget the "Primary Group".
5) If you use chmod, you must re-apply the windows ACL again on
2018 Nov 06
3
classicupgrade
Hai,
Ok, i expected a bit different outputs.
On my DC, i use /home/samba/sysvol and /home/samba/netlogon.
This is what i expected.
getfacl /home/samba/
getfacl: Removing leading '/' from absolute path names
# file: home/samba/
# owner: root
# group: BUILTIN\134administrators
user::rwx
user:root:rwx
group::rwx
group:BUILTIN\134administrators:rwx
2018 Nov 06
3
classicupgrade
Hello Luis
tomorrow i'm not in office, reply to you thursday
One question : who is owner and whats rights for dir
/home
/home/samba
/home/samba/sysvol
because, from windows client, user into domain admins, when i change in
security tab, explorer always crash
bye
Il 06/11/2018 17:16, L.P.H. van Belle via samba ha scritto:
> Ok, next,
>
> From a windows pc connect to
2024 Jan 30
2
Behavior of acl_xattr:ignore system acls = yes on a share
Hi folks,
It seems that the setting acl_xattr:ignore system acls = yes reduces
Windows compatibility when defined for a share. In all attempts I have
used Windows tools (except editing smb.conf)
Assume there is a share, where the files and folders in the share root
should at least be readable by anybody having access to the share. For
the sake of simplicity the following permissions apply on
2024 Jan 31
1
Behavior of acl_xattr:ignore system acls = yes on a share
Does you filesystem support extended attributes? What does "|getfattr -n
security.NTACL |filename" return?||
On 30.01.2024 16:13, Peter Milesson wrote:
> Hi folks,
>
> It seems that the setting acl_xattr:ignore system acls = yes reduces
> Windows compatibility when defined for a share. In all attempts I have
> used Windows tools (except editing smb.conf)
>
> Assume
2015 Aug 07
1
Problems with administrator account
I have a mapping beetween administrator and root on my fileserver, i sent you yesterday. My administrator account didn't have uid.
I didnt have mapping or winbindd on my DC. The wiki says it's optional and i have separate my fileserver to my DC.
So id administrator didn't return anything on DC or on Fileserver.
My probleme is that :
Administrator is a member of "domain
2019 Sep 25
2
Unable to use BUILTIN AD groups on a domain member
I have set up a share on a domain member server and am attempting to set the ACLs from a domain-joined Windows 7 computer as per the
WiKi at https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
I want to use one of the BUILTIN groups, Backup Operators to be able to have Full Control on files in the share (as it will be used
for backups). However, when trying to assign the
2015 Aug 07
4
Problems with administrator account
I guess you want getent group, so i give you both. But administrator is the only user of "domain admin" group with problems.
[root at fileserver ~]# getent passwd Domain\ Admins
[root at fileserver ~]# getent group Domain\ Admins
domain admins:x:512:
[root at fileserver ~]# ls -la /partages/share
total 181260
drwxrwxrwx+ 2 root root 4096 26 mars 2013 .
drwxr-xr-x 13
2015 Aug 07
2
Problems with administrator account
> So id administrator didn't return anything on DC or on Fileserver.
ow.. but administrator on a DC should retun id 0 ..
without any mappings.
try setting or "authenticated users", or put "everybody" back on the share rights and test again.
whats the primary group of the Administrator?
Did you leave it at "domain user" or did you change it to the
2015 Aug 07
4
Problems with administrator account
Yes, LAN is the workgroup name.
I made a test, i removed all the ACL with setfacl -b mysharename
[root at fileserv]# getfacl share/
# file: share/
# owner: root
# group: root
user::rwx
group::rwx
other::---
Going to Windows side and Added "Domain Admins" in permission tab to
read/modify/total
Security Tab is denied even for my others account in domain Admins group
looking again
2015 Aug 07
2
Problems with administrator account
Sorry for my mistake.
It resolve the groupmap problem :
[root at fileserver ~]# net groupmap list
Administrators (S-1-5-32-544) -> BUILTIN\administrators
Users (S-1-5-32-545) -> BUILTIN\users
But i still have the administrator problem. I have follow the wiki.samba doc and i have set the SeDiskOperatorPrivilege :
net rpc rights list accounts -U'DOMAIN\administrator'
DOMAIN\Domain
2015 Aug 07
2
Problems with administrator account
Oh thank you
Just to be sure to understand :
-getent passwd | grep administrator and id administrator didn't work on Fileserver because administrator account didn't have uidNumber
-it also why administrator account can't manage filserver with windows permissions
Just one more thing please :
Why my administrators group is mapped on unix users ?
[root#fileserver ~]# net groupmap
2018 Sep 21
6
[SOLVED] Samba 4: 'Access denied' error when accessing user profile during logon
Hai,
Now, i did not know you used the DC for the profiles here but yes it looks good.
Small comment on point 3 and 4.
3) Its good, you might notice a few more rights there compaired to what i posted,
thats because you have your profiles on the DC but the settings are good.
4) yes, the security is ok, i like the higher security setting and try to mimic the windows settings as much as
2019 Jun 04
2
How to fix mapping Administrator to root
Hi Rowland ,
I have followed the wiki's step, the DNS works OK and I have use the fileserver for 2 years.
here's a share folder "IT"'s acl
getfacl IT/
# file: IT/
# owner: root
# group: domain\040admins
user::rwx
user:root:rwx
group::rwx
group:domain\040admins:rwx
group:it:rwx
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:group::---
2019 Sep 25
1
Unable to use BUILTIN AD groups on a domain member
On 25 September 2019 17:25, Rowland penny wrote:
> On 25/09/2019 16:25, Roy Eastwood via samba wrote:
> > I have set up a share on a domain member server and am attempting to set the ACLs from a domain-joined Windows 7 computer as
> per the
> > WiKi at https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
> >
> > I want to use one of the BUILTIN
2018 Jun 14
4
Admin UID changed with upgrade to 4.8.2
On Thu, 14 Jun 2018 09:39:46 +0200
"L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
> And i did read the Comment to for Rowland below,
> On debian you need :
> libnss-winbind libpam-winbind to be installed.
> I think you miss one of these.
They are the glue that connects Samba to nsswitch and allows 'getent
passwd username' to work. Without
2015 Aug 06
2
Problems with administrator account
Hello,
I just went to migrate my fileserver from samba3 to samba4 but i have problem with the administrator account.
The group "domain admins" have the permission to manage all my shares
Administrator is member of the group "domain admins" but he can't manage the security tab of all my shares when i remove "full control" to share permissions tab.
While
2013 Dec 04
1
Samba 4.1 DFS Share only access by administrator
Dear all,
I am testeing the dfs functions with Samba4.
In my global section: host msdfs=yes
vfs objects = dfs_samba4
Later on setting a dfs root:
[dfs]
path = /windows/dfs
read only = No
msdfs root = Yes
ls -s the shares in this root.
lrwxrwxrwx 1 root root 19 2. Dez 09:29 difaem -> msdfs:linux2\difaem
lrwxrwxrwx 1 root root 20 2. Dez 09:29 leitung ->
2020 Oct 26
7
GPO fail and sysvol perm errors
> It's needed after every GPO addition and edit. There must be a root
> cause to hunt down somewhere. Or is it a bug in 4.13.0 ?
Yes, and no.
Yes, its a bug.
No, in my opionion its an old setting thats just needs some updating.
Try this.
samba-tool ntacl set
"O:LAG:BAD:P(A;OICI;0x001f01ff;;;BA)(A;OICI;0x001200a9;;;SO)(A;OICI;0x001f01
2015 Aug 06
2
Problems with administrator account
I still have the same problem with :
[root at fileserver ~]# more /usr/local/samba/etc/samba_usermapping
!root = DOMAIN\Administrator DOMAIN\\Administrator DOMAIN\administrator Administrator adm
inistrator
________________________________________
De : samba <samba-bounces at lists.samba.org> de la part de Rowland Penny <rowlandpenny241155 at gmail.com>
Envoyé : jeudi 6 août 2015 16:06