[Samba] W7 client cannot adjust file permissions via ADUC
rowlandpenny at googlemail.com
Wed Jan 28 10:02:45 MST 2015
On 28/01/15 16:50, Bob of Donelson Trophy wrote:
> W7 client domain member? yes.
> Logged in as domainAdministrator? yes.
> "SeDiskOperatorPrivilege" set? yes
> Read "/Setup_and_configure_file_shares_with_Windows_ACLs"? yes.
> Bob Wooden of Donelson Trophy
> 615.885.2846 (main)
> www.donelsontrophy.com 
> "Everyone deserves an award!!"
> On 2015-01-28 10:40, Marcel de Reuver wrote:
>> 2015-01-27 0:29 GMT+01:00 Bob of Donelson Trophy <bob at donelsontrophy.net>:
>>> I have been improving my DC. I now have a DC01, DC02 and a DCMEMBER01. All running sernet-samba 4.1.16 on Debian 7.8.0 thanks to Louis' (old) scripts. (Any linux client work has gone on hold, for the moment.) Next step was to adjust the file permissions as instructed on "Setup and configure file shares with Windows ACLs". When I access the "Computer Management" (thru ADUC on W7 client) it informs me that I do not have permission to access anything on the member server and I should contact my administrator.
>> Is your W7 pc a domain member and are you logged in as domain administrator
>> on that Windows client?
>> Has the domain administrator the "SeDiskOperatorPrivilege" set? See for
>> the details: https://wiki.samba.org/index.php 
>  https://wiki.samba.org/index.php
>  http://www.donelsontrophy.com
OK, you posted this earlier:
path = /home/samba/DT***RM/profiles
read only = no
admin users = +"DT***RMDomain Admins"
profile acls = yes
csc policy = disable
Is the admin users line correct or is a cut and paste error ? I would
have expected it to look like this:
admin users = +"DT***RM\Domain Admins"
Having said that, because you have this, in smb.conf:
winbind use default domain = yes
It could also be written like this:
admin users = +domain_admins
If that doesn't work, replace '+' with '@'
More information about the samba