[Samba] W7 client cannot adjust file permissions via ADUC
L.P.H. van Belle
belle at bazuin.nl
Thu Jan 29 07:05:37 MST 2015
ok, seen it..
"administratorSERNAME%"?
I'll change that, i did only some tests from windows.
and i dont never set uid/gid to Administrator.
-- Changed in the old script.
but remember, you should NEVER set UID/GID for adminstrator, because...
Now administrator has uid 50001 ...
and this should be 0 ( root )
This is why we also use the user mapping !root = "DOMAIN\Administrator" ....
Always create a new user and add this one to the group "Domain Admins"
Also, i have set profile/uid/gid/nis for the Domain Administrator.
And if you set a other user for "Domain Administrator,
on the member servers also add a line for this user in the usermapping file.
since you need root access. or..
try set the rights as starter like :
something like..
setfacl -R -m default:user:Administrator:rwx /home/samba
setfacl -R -m default:group:domain\ admins:rwx /home/samba
Louis
>-----Oorspronkelijk bericht-----
>Van: rowlandpenny at googlemail.com
>[mailto:samba-bounces at lists.samba.org] Namens Rowland Penny
>Verzonden: donderdag 29 januari 2015 14:24
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] W7 client cannot adjust file
>permissions via ADUC
>
>On 29/01/15 12:54, Bob of Donelson Trophy wrote:
>>
>>
>> Rowland,
>>
>> I have tried your various alteration suggestions and it is a
>"negative"
>> result.
>>
>> Here is the output from wbinfo -u & wbinfo -g
>>
>> root at dtmbr01:~# wbinfo -u
>> administrator
>> dns-dtdc02
>> dns-dtdc01
>> krbtgt
>> guest
>> root at dtmbr01:~# wbinfo -g
>> allowed rodc password replication group
>> enterprise read-only domain controllers
>> denied rodc password replication group
>> read-only domain controllers
>> group policy creator owners
>> ras and ias servers
>> domain controllers
>> enterprise admins
>> domain computers
>> cert publishers
>> dnsupdateproxy
>> domain admins
>> domain guests
>> schema admins
>> domain users
>> dnsadmins
>>
>> root at dtmbr01:~# getent passwd Administrator
>>
>administrator:*:50001:50006::/home/samba/DT***RM/users/administ
>ratorSERNAME%:/bin/bash
>>
>>
>> Say what, "administratorSERNAME%"?
>>
>> After running the 'generation one' script to create the
>member server, I
>> have changed nothing except the suggestions that have been
>made on this
>> mailing list. Attempting to gain access to the member server to
>> re-adjust the file permissions on "profiles" per the
>instructions on the
>> samba wiki.
>>
>> Please, thoughts?
>> ---
>>
>> -------------------------
>>
>> Bob Wooden of Donelson Trophy
>>
>> 615.885.2846 (main)
>> www.donelsontrophy.com [1]
>>
>> "Everyone deserves an award!!"
>>
>> On 2015-01-28 13:09, Rowland Penny wrote:
>>
>>> On 28/01/15 18:55, Bob of Donelson Trophy wrote:
>>>
>>>> No, I did not try the alterations but, Louis had me remove
>the "domain users" line earlier. Put the line back in and try
>alterations? (If so, I will not have time until you are
>asleep, tonight.)
>>> By all means try it, you have nothing to lose :-)
>>>
>>> I take it that 'wbinfo -u' shows all the domain users on
>the member server and 'wbinfo -g' shows all the domain groups.
>Also 'getent passwd <domain user> shows the user.
>>>
>>> Rowland
>>
>>
>> Links:
>> ------
>> [1] http://www.donelsontrophy.com
>
>Louis's script puts this line in smb.conf:
>
>template homedir = /home/samba/DT***RM/users/%USERNAME%
>
>Perhaps it should be changed to this:
>
>template homedir = /home/samba/DT***RM/users/%U
>
>I say this because your Administrators homedir seems to be the above
>line plus what I am suggesting should be removed.
>
>But what is worrying me more, Administrator has the uid of
>'50001', have
>you set this in AD ?
>
>Rowland
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list