[Samba] W7 client cannot adjust file permissions via ADUC

Rowland Penny rowlandpenny at googlemail.com
Thu Jan 29 06:23:42 MST 2015


On 29/01/15 12:54, Bob of Donelson Trophy wrote:
>   
>
> Rowland,
>
> I have tried your various alteration suggestions and it is a "negative"
> result.
>
> Here is the output from wbinfo -u & wbinfo -g
>
> root at dtmbr01:~# wbinfo -u
> administrator
> dns-dtdc02
> dns-dtdc01
> krbtgt
> guest
> root at dtmbr01:~# wbinfo -g
> allowed rodc password replication group
> enterprise read-only domain controllers
> denied rodc password replication group
> read-only domain controllers
> group policy creator owners
> ras and ias servers
> domain controllers
> enterprise admins
> domain computers
> cert publishers
> dnsupdateproxy
> domain admins
> domain guests
> schema admins
> domain users
> dnsadmins
>
> root at dtmbr01:~# getent passwd Administrator
> administrator:*:50001:50006::/home/samba/DT***RM/users/administratorSERNAME%:/bin/bash
>
>
> Say what, "administratorSERNAME%"?
>
> After running the 'generation one' script to create the member server, I
> have changed nothing except the suggestions that have been made on this
> mailing list. Attempting to gain access to the member server to
> re-adjust the file permissions on "profiles" per the instructions on the
> samba wiki.
>
> Please, thoughts?
> ---
>
> -------------------------
>
> Bob Wooden of Donelson Trophy
>
> 615.885.2846 (main)
> www.donelsontrophy.com [1]
>
> "Everyone deserves an award!!"
>
> On 2015-01-28 13:09, Rowland Penny wrote:
>
>> On 28/01/15 18:55, Bob of Donelson Trophy wrote:
>>
>>> No, I did not try the alterations but, Louis had me remove the "domain users" line earlier. Put the line back in and try alterations? (If so, I will not have time until you are asleep, tonight.)
>> By all means try it, you have nothing to lose :-)
>>
>> I take it that 'wbinfo -u' shows all the domain users on the member server and 'wbinfo -g' shows all the domain groups. Also 'getent passwd <domain user> shows the user.
>>
>> Rowland
>   
>
> Links:
> ------
> [1] http://www.donelsontrophy.com

Louis's script puts this line in smb.conf:

template homedir = /home/samba/DT***RM/users/%USERNAME%

Perhaps it should be changed to this:

template homedir = /home/samba/DT***RM/users/%U

I say this because your Administrators homedir seems to be the above 
line plus what I am suggesting should be removed.

But what is worrying me more, Administrator has the uid of '50001', have 
you set this in AD ?

Rowland


More information about the samba mailing list