[Samba] W7 client cannot adjust file permissions via ADUC

Bob of Donelson Trophy bob at donelsontrophy.net
Wed Jan 28 10:57:40 MST 2015 

 

That was a cut/paste error. 

I've been thinking (danger, danger) when I test kerberos it returns the
two DC's are available. Should it be including the member server also?
Didn't I see the script setup kerberos on the member server? (Remember
this was installed with the gen one scripts, not the newest scripts.) 

---

-------------------------

Bob Wooden of Donelson Trophy

615.885.2846 (main)
www.donelsontrophy.com [1]

"Everyone deserves an award!!"

On 2015-01-28 11:02, Rowland Penny wrote: 

> On 28/01/15 16:50, Bob of Donelson Trophy wrote:
> W7 client domain member? yes. Logged in as domainAdministrator? yes. "SeDiskOperatorPrivilege" set? yes Read "/Setup_and_configure_file_shares_with_Windows_ACLs"? yes. --- ------------------------- Bob Wooden of Donelson Trophy 615.885.2846 (main) www.donelsontrophy.com [1] [2 [1]] "Everyone deserves an award!!" On 2015-01-28 10:40, Marcel de Reuver wrote: 2015-01-27 0:29 GMT+01:00 Bob of Donelson Trophy <bob at donelsontrophy.net>: I have been improving my DC. I now have a DC01, DC02 and a DCMEMBER01. All running sernet-samba 4.1.16 on Debian 7.8.0 thanks to Louis' (old) scripts. (Any linux client work has gone on hold, for the moment.) Next step was to adjust the file permissions as instructed on "Setup and configure file shares with Windows ACLs". When I access the "Computer Management" (thru ADUC on W7 client) it informs me that I do not have permission to access anything on the member server and I should contact my administrator. Is your W7 pc a domain member and are you 
 logged
in as domain administrator on that Windows client? Has the domain administrator the "SeDiskOperatorPrivilege" set? See for the details: https://wiki.samba.org/index.php [2] [1 [2]] /Setup_and_configure_file_shares_with_Windows_ACLs#SeDiskOperatorPrivilege Regards, Marcel
 Links: ------ [1] https://wiki.samba.org/index.php [2] [2]
http://www.donelsontrophy.com [1] 

OK, you posted this earlier:

[profiles$]
 path = /home/samba/DT***RM/profiles
 read only = no
 admin users = +"DT***RMDomain Admins"
 profile acls = yes
 csc policy = disable

Is the admin users line correct or is a cut and paste error ? I would
have expected it to look like this:

admin users = +"DT***RMDomain Admins"

Having said that, because you have this, in smb.conf:

winbind use default domain = yes

It could also be written like this:

admin users = +domain_admins

If that doesn't work, replace '+' with '@'

Rowland
 

Links:
------
[1] http://www.donelsontrophy.com
[2] https://wiki.samba.org/index.php

More information about the samba mailing list