[Samba] Samba 4.1 + User Homes

Neurodesarrollo infneurodcr.mtz at infomed.sld.cu
Tue Oct 29 14:29:17 MDT 2013 

El 27/10/13 11:48, spamvoll at googlemail.com escribió:
> *sry* now to the list
> 
> My workaround so far :
> -Edit the PEMS for the [User] DIR on windows
> -delete all created User HOMES
> -log in as each user and create its own HOMEDIR by hand
> 
> there should be an automated way for that, on SambaXP that has been worked
> without problems.
> 
> 
> 2013/10/27 Rowland Penny <rowlandpenny at googlemail.com>
> 
>> On 27/10/13 13:27, spamvoll at googlemail.com wrote:
>>
>>> In my case this results in the following perms:
>>>> drwxrwxr-x+   2 3000000 users  4096 Oct 22 12:57 soeldenwagner.b/ --> for
>>>>
>>> the user's home drive folder
>>>
>>>> and
>>>> drwxrwx---+ 13 3000057 users 4096 Oct 25 22:08 soeldenwagner.b/ --> the
>>>>
>>> user's profile folder
>>>
>>> I have exactly the same result.
>>> Ive deleted the HOMEDIR as user and created a new one.
>>> But its still the same, i can access every homedir.
>>> Windows access rights are the same then on profile folder.
>>>
>>> drwxrws---+  3 3000022 users   25 Okt 27 14:14 bspears
>>> drwxrwx---+ 14 3000022 users 4096 Okt 27 14:15 bspears.V2
>>>
>>> # getfacl /home/HOME/bspears/
>>> getfacl: Removing leading '/' from absolute path names
>>> # file: home/HOME/bspears/
>>> # owner: 3000022
>>> # group: users
>>> # flags: -s-
>>> user::rwx
>>> user:root:rwx
>>> group::rwx
>>> group:users:rwx
>>> group:3000000:rwx
>>> group:3000022:rwx
>>> mask::rwx
>>> other::---
>>> default:user::rwx
>>> default:user:root:rwx
>>> default:user:3000022:rwx
>>> default:group::rwx
>>> default:group:users:rwx
>>> default:group:3000000:rwx
>>> default:mask::rwx
>>> default:other::---
>>>
>>>  Hi, from the above it would seem that you are allowing all the world and
>> his dog rwx access to /home/HOME/bspears,
>> you just need to alter the facl's so that only the user 3000022 and
>> possibly root has any access, you can use either setfacl or do it from
>> windows.
>>
>> Rowland
>>
Hi:
I got a similar problem and thanks by the list all work ok.
1-
# net rpc rights grant '"Your Domain"\Domain Admins'
SeDiskOperatorPrivilege -Uadministrator

2- # net rpc rights list accounts -Uadministrator

3- Log on a Windows PC that has joined to "Your Domain" as Administrator

4- Navigate to the folder of which you want to change the permissions.

5- Right-click to the folder and choose „Properties“.

6- Go to the „Security“ tab and click the „Edit“ button.

7- Change the permissions to your needs.


Of course, you most delete the permission thats allow to the Domain
users access in each folder.

I hope that's can be usefull.

My best regards

-- 
Jesús Reyes Piedra
Admin Red Neurodearrollo,Cárdenas

La caja decía:"Requiere windows 95 o superior"...
Entonces instalé LINUX.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 553 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20131029/db63282a/attachment.pgp>

More information about the samba mailing list