[Samba] W7 client cannot adjust file permissions via ADUC

Bob of Donelson Trophy bob at donelsontrophy.net
Thu Jan 29 19:52:10 MST 2015 

 

Thursday's emails were erratic due to a server (somewhere in email land)
that had gone haywire. Here in the midwest United States peaceful
silence from the samba-list. Then about mid-afternoon, BAM! Email's
began to arrive in a very erratic manner. Emails from 1300 hours were
arriving before emails from 0900 hours and I began reading and
responding and got I confused as I am sure everyone was. 

Tranquility has settled, we have all had time to "take a breath" and
once again it is time to move forward. 

Rowland, 

Thanks for your help and patience, so far. 

Louis, 

>From what I can understand from your email, there was an error within
your "4-setup-sernet-samba4-MEMBER-wheezy.sh" script that caused my
domainAdministrator to create a uidNumber when it should not have had a
uidNumber (should be "0" for root.) And now you have corrected the
script so it will not do that again. 

The simplest solution for me is this. Revert to my initial Debian
installation backup (created just prior to my running the uidNumber
creation script the first time) and re-run the now revised
"4-setup-sernet-samba4-MEMBER-wheezy.sh". 

This is what I am going to do. 

Now, Louis, the script has been corrected, yes? 
---

-------------------------

Bob Wooden of Donelson Trophy

615.885.2846 (main)
www.donelsontrophy.com [1]

"Everyone deserves an award!!"

On 2015-01-29 08:05, L.P.H. van Belle wrote: 

> ok, seen it.. 
> 
> "administratorSERNAME%"? 
> 
> I'll change that, i did only some tests from windows. 
> and i dont never set uid/gid to Administrator. 
> 
> -- Changed in the old script. 
> 
> but remember, you should NEVER set UID/GID for adminstrator, because... 
> 
> Now administrator has uid 50001 ... 
> and this should be 0 ( root ) 
> This is why we also use the user mapping !root = "DOMAINAdministrator" .... 
> 
> Always create a new user and add this one to the group "Domain Admins" 
> 
> Also, i have set profile/uid/gid/nis for the Domain Administrator. 
> And if you set a other user for "Domain Administrator, 
> on the member servers also add a line for this user in the usermapping file. 
> since you need root access. or.. 
> try set the rights as starter like : 
> 
> something like.. 
> setfacl -R -m default:user:Administrator:rwx /home/samba 
> setfacl -R -m default:group:domain admins:rwx /home/samba 
> 
> Louis
> -----Oorspronkelijk bericht----- Van: rowlandpenny at googlemail.com [mailto:samba-bounces at lists.samba.org] Namens Rowland Penny Verzonden: donderdag 29 januari 2015 14:24 Aan: samba at lists.samba.org Onderwerp: Re: [Samba] W7 client cannot adjust file permissions via ADUC On 29/01/15 12:54, Bob of Donelson Trophy wrote: Rowland, I have tried your various alteration suggestions and it is a "negative" result. Here is the output from wbinfo -u & wbinfo -g root at dtmbr01:~# wbinfo -u administrator dns-dtdc02 dns-dtdc01 krbtgt guest root at dtmbr01:~# wbinfo -g allowed rodc password replication group enterprise read-only domain controllers denied rodc password replication group read-only domain controllers group policy creator owners ras and ias servers domain controllers enterprise admins domain computers cert publishers dnsupdateproxy domain admins domain guests schema admins domain users dnsadmins root at dtmbr01:~# getent passwd Administrator
administrator:*:50001:50006::/home/samba/DT***RM/users/administ ratorSERNAME%:/bin/bash Say what, "administratorSERNAME%"? After running the 'generation one' script to create the member server, I have changed nothing except the suggestions that have been made on this mailing list. Attempting to gain access to the member server to re-adjust the file permissions on "profiles" per the instructions on the samba wiki. Please, thoughts? --- ------------------------- Bob Wooden of Donelson Trophy 615.885.2846 (main) www.donelsontrophy.com [1] [1 [1]] "Everyone deserves an award!!" On 2015-01-28 13:09, Rowland Penny wrote: On 28/01/15 18:55, Bob of Donelson Trophy wrote: No, I did not try the alterations but, Louis had me remove
 the "domain users" line earlier. Put the line back in and try
alterations? (If so, I will not have time until you are asleep,
tonight.) 

>> By all means try it, you have nothing to lose :-) I take it that 'wbinfo -u' shows all the domain users on
 the member server and 'wbinfo -g' shows all the domain groups. Also
'getent passwd <domain user> shows the user. 

>> Rowland
> Links: ------ [1] http://www.donelsontrophy.com [1]
 Louis's script puts this line in smb.conf: template homedir =
/home/samba/DT***RM/users/%USERNAME% Perhaps it should be changed to
this: template homedir = /home/samba/DT***RM/users/%U I say this because
your Administrators homedir seems to be the above line plus what I am
suggesting should be removed. But what is worrying me more,
Administrator has the uid of '50001', have you set this in AD ? Rowland
-- To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba [2] 

Links:
------
[1] http://www.donelsontrophy.com
[2] https://lists.samba.org/mailman/options/samba

More information about the samba mailing list