[Samba] Samba 4 AD share: Access denied

steve steve at steve-ss.com
Sat Jul 26 16:42:51 MDT 2014


On Sat, 2014-07-26 at 17:20 -0400, Ryan Ashley wrote:
> Alright, I just read the responses. I have two pickup trucks and one is 
> older and acting up, so I have been working on it. On to the responses! 
> Also, I sent this once by accident to Rowland. Still not used to having 
> to change the reply field to the list. My apologies.
> 
> Yes I set g+s and u+s via chmod. This was great in Samba 3, but I can 
> undo it if needed. I believe 700028 is "SYSTEM".

Hi
But we're not interested in 700028. In any case, whatever the mapping of
the builtin group is under winbind on the file server will not be the
same as on the DC. The mapping of the builtin groups on the DC begin at
3000000 and are stored in a db called idmap. You need to know the sid to
which 70028 corresponds. wbinfo will get you there.

I've no idea why recent versions add the builtin acl but it appeared
some time after 4.1.6.

HTH
Steve




More information about the samba mailing list