[Samba] Re: Admins cannot change folder ownership

[Markus Klimke]

ww m-pubsyssamba wrote:
> Hi All,
> 
> 	how can I allow an administrator to have permission to change folder ownership from windows explorer?
> The Samba server is an AD domain member server and I'm using group mapping not winbind for users and groups in Samba, I've 
> tried mapping both the Administrators and Domain Admins groups to UNIX groups of which my test user is a member of but I always 
> get a permission denied error when attempting to change the ownership of a folder. Anyone like to explain this to me?
> 
> 	thanks in advance, cheers Andy.

Hi Andy,

I can't give you a total solution solving your (our, you are definitly 
not alone with this) problem. This problem is a mapping conflict. If you 
try to change the permissions on windows side, you will see in the samba 
log, that it can't map the SID under windows to a UID under unix. This 
will take, I think, a deeper look into the ACL's. I think, that we have 
to use winbind at all, because it makes the SID->UID mapping. Using 
group mapping is recommended, I think, but you have to consider the 
rid's. If you make a usual mapping to the "Domain Users" group without 
defining the rid, the last part of the SID will be generated 
automatically (algorithm mapping, or so).

No solution, but maybe a hint. If you solve it, please post.

-markus