[Samba] W7 client cannot adjust file permissions via ADUC

Bob of Donelson Trophy bob at donelsontrophy.net
Fri Jan 30 12:14:19 MST 2015


There is no uidNumber or gidNumber specifically listed (there is an
objectGuid and an objectSid.) 

Did nothing. 




Bob Wooden of Donelson Trophy

615.885.2846 (main)
www.donelsontrophy.com [1]

"Everyone deserves an award!!"

On 2015-01-30 12:58, Rowland Penny wrote: 

> On 30/01/15 18:28, Bob of Donelson Trophy wrote:
>> After restoring the member server and re-running the improved "4-setup-samba4-MEMBER-wheezy.sh" script I am still having the same issue. W7 client still not allowed to access the member server. Administrator still has a uidNumber: getent passwd Administrator administrator:*:50001:50006::/home/samba/DTS***M/users/administrator:/bin/bash I have added a couple is test admin users (must have done it wrong.) Joined them to the 'Domain Admins' group and they cannot access the member server either. wbinfo -u output is: adminrob administrator dns-dtdc02 dns-dtdc01 adminnew krbtgt guest wbinfo -g output is: allowed rodc password replication group enterprise read-only domain controllers denied rodc password replication group read-only domain controllers group policy creator owners ras and ias servers domain controllers enterprise admins domain computers cert publishers dnsupdateproxy domain admins domain guests schema admins domain users dnsadmins How do I remove the uidNumber from 
domainAdministrator and re-associate domainAdminstrator to root '0'?
> OK, lets check if Administrator has a 'uidNumber', run this on your first DC:
> ldbedit -e nano -H /var/lib/samba/private/sam.ldb -b "DC=example,DC=com" -s sub '(&(objectclass=user)(cn=Administrator))'
> this should display all the information about the Administrator user, if there is a 'uidNumber' attribute, delete the entire line,same goes for a 'gidNumber' attribute, save and close nano.
> You should not have any rfc2307 attributes related to Administrator now, so go to your member server, login as a normal user and run this:
> sudo net cache flush
> then:
> getent passwd administrator
> Rowland

[1] http://www.donelsontrophy.com

More information about the samba mailing list