[Samba] W7 client cannot adjust file permissions via ADUC
L.P.H. van Belle
belle at bazuin.nl
Thu Jan 29 07:05:37 MST 2015
ok, seen it..
I'll change that, i did only some tests from windows.
and i dont never set uid/gid to Administrator.
-- Changed in the old script.
but remember, you should NEVER set UID/GID for adminstrator, because...
Now administrator has uid 50001 ...
and this should be 0 ( root )
This is why we also use the user mapping !root = "DOMAIN\Administrator" ....
Always create a new user and add this one to the group "Domain Admins"
Also, i have set profile/uid/gid/nis for the Domain Administrator.
And if you set a other user for "Domain Administrator,
on the member servers also add a line for this user in the usermapping file.
since you need root access. or..
try set the rights as starter like :
setfacl -R -m default:user:Administrator:rwx /home/samba
setfacl -R -m default:group:domain\ admins:rwx /home/samba
>Van: rowlandpenny at googlemail.com
>[mailto:samba-bounces at lists.samba.org] Namens Rowland Penny
>Verzonden: donderdag 29 januari 2015 14:24
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] W7 client cannot adjust file
>permissions via ADUC
>On 29/01/15 12:54, Bob of Donelson Trophy wrote:
>> I have tried your various alteration suggestions and it is a
>> Here is the output from wbinfo -u & wbinfo -g
>> root at dtmbr01:~# wbinfo -u
>> root at dtmbr01:~# wbinfo -g
>> allowed rodc password replication group
>> enterprise read-only domain controllers
>> denied rodc password replication group
>> read-only domain controllers
>> group policy creator owners
>> ras and ias servers
>> domain controllers
>> enterprise admins
>> domain computers
>> cert publishers
>> domain admins
>> domain guests
>> schema admins
>> domain users
>> root at dtmbr01:~# getent passwd Administrator
>> Say what, "administratorSERNAME%"?
>> After running the 'generation one' script to create the
>member server, I
>> have changed nothing except the suggestions that have been
>made on this
>> mailing list. Attempting to gain access to the member server to
>> re-adjust the file permissions on "profiles" per the
>instructions on the
>> samba wiki.
>> Please, thoughts?
>> Bob Wooden of Donelson Trophy
>> 615.885.2846 (main)
>> www.donelsontrophy.com 
>> "Everyone deserves an award!!"
>> On 2015-01-28 13:09, Rowland Penny wrote:
>>> On 28/01/15 18:55, Bob of Donelson Trophy wrote:
>>>> No, I did not try the alterations but, Louis had me remove
>the "domain users" line earlier. Put the line back in and try
>alterations? (If so, I will not have time until you are
>>> By all means try it, you have nothing to lose :-)
>>> I take it that 'wbinfo -u' shows all the domain users on
>the member server and 'wbinfo -g' shows all the domain groups.
>Also 'getent passwd <domain user> shows the user.
>>  http://www.donelsontrophy.com
>Louis's script puts this line in smb.conf:
>template homedir = /home/samba/DT***RM/users/%USERNAME%
>Perhaps it should be changed to this:
>template homedir = /home/samba/DT***RM/users/%U
>I say this because your Administrators homedir seems to be the above
>line plus what I am suggesting should be removed.
>But what is worrying me more, Administrator has the uid of
>you set this in AD ?
>To unsubscribe from this list go to the following URL and read the
More information about the samba