[Samba] More on sysvol maintenance
Rowland Penny
rpenny at samba.org
Wed May 24 15:31:32 UTC 2023
On 24/05/2023 16:12, Luis Peromarta via samba wrote:
> Yes and yes, 1007
> On 24 May 2023 at 17:07 +0200, samba at lists.samba.org, wrote:
>>
>> Are you by any chance using rfc2307 attributes and if so, have you given
>> Domain Admins a gidNumber ?
OK, then I suggest you write out 100 times:
I must read the Samba wiki
Particularly this page:
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs#Granting_the_SeDiskOperatorPrivilege_Privilege
Windows has this quaint idea that groups can own things, Unix hasn't.
When you gave Domain Admins a gidNumber, you turned it from a Windows
group into a Unix group.
You now have two options:
Remove 'idmap_ldb:use rfc2307 = yes' from your DC's smb.conf , this will
allow the DC to ignore the rfc2307 attributes (all of them) and Domain
Admims will become a Windows group again (you will probably need to run
'net cache flush')
Remove the gidNumber attribute from Domain Admins
Rowland
More information about the samba
mailing list