[Samba] W7 client cannot adjust file permissions via ADUC
Rowland Penny
rowlandpenny at googlemail.com
Fri Jan 30 11:58:07 MST 2015
On 30/01/15 18:28, Bob of Donelson Trophy wrote:
>
>
> After restoring the member server and re-running the improved
> "4-setup-samba4-MEMBER-wheezy.sh" script I am still having the same
> issue. W7 client still not allowed to access the member server.
>
> Administrator still has a uidNumber:
>
> getent passwd Administrator
> administrator:*:50001:50006::/home/samba/DTS***M/users/administrator:/bin/bash
>
>
> I have added a couple is test admin users (must have done it wrong.)
> Joined them to the 'Domain Admins' group and they cannot access the
> member server either.
>
> wbinfo -u output is:
> adminrob
> administrator
> dns-dtdc02
> dns-dtdc01
> adminnew
> krbtgt
> guest
>
> wbinfo -g output is:
> allowed rodc password replication group
> enterprise read-only domain controllers
> denied rodc password replication group
> read-only domain controllers
> group policy creator owners
> ras and ias servers
> domain controllers
> enterprise admins
> domain computers
> cert publishers
> dnsupdateproxy
> domain admins
> domain guests
> schema admins
> domain users
> dnsadmins
>
> How do I remove the uidNumber from the domainAdministrator and
> re-associate domainAdminstrator to root '0'?
OK, lets check if Administrator has a 'uidNumber', run this on your
first DC:
ldbedit -e nano -H /var/lib/samba/private/sam.ldb -b "DC=example,DC=com"
-s sub '(&(objectclass=user)(cn=Administrator))'
this should display all the information about the Administrator user, if
there is a 'uidNumber' attribute, delete the entire line,same goes for a
'gidNumber' attribute, save and close nano.
You should not have any rfc2307 attributes related to Administrator now,
so go to your member server, login as a normal user and run this:
sudo net cache flush
then:
getent passwd administrator
Rowland
More information about the samba
mailing list