[Samba] Log errors on domain member
Rowland Penny
rpenny at samba.org
Tue Jan 31 19:27:35 UTC 2023
On 31/01/2023 19:14, Peter Milesson via samba wrote:
> Hi Michael,
>
> I don't see any reason, that the 11025 computer account should have any
> unix permissions on the server whatsoever. The server is setup using
> Windows ACLs exclusively, no unix or posix acls or permissions involved
> at all. There should be no unix access for client machines, not for
> users either BTW, and if Samba complains, it's a Samba bug. The path is
> obviously accessible by the domain users through Samba, otherwise their
> Windows environment wouldn't work (of which I would be very quickly
> informed).
>
> Best regards,
>
> Peter
>
>
>
The problem with computers in AD domain is that they are just users with
an extra objectclass, so, as far as Samba is concerned, they are users.
In an ldap search you can filter them out, perhaps Samba needs to do
this as standard, unless they need to be a user (for some unknown
reason, some people do want this). Of course this may be what is
supposed to happen (don't ask me about 'C') and something has gone wrong.
Rowland
More information about the samba
mailing list