[Samba] User administrator

Rowland Penny rowlandpenny241155 at gmail.com
Wed Jul 1 21:40:26 UTC 2015 

On 01/07/15 22:18, Edson J Bueno wrote:
> [global]
>          workgroup = D***
>          realm = d***.***
>          netbios name = AD
>          server role = active directory domain controller
>          server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbindd, ntp_signd, kcc, dnsupdate
>          idmap_ldb:use rfc2307 = yes
>          kerberos method = system keytab
>          client ldap sasl wrapping = sign
>          allow dns updates = nonsecure and secure
>          nsupdate command =  /usr/bin/nsupdate -g
>          allow nt4 crypto = yes
>          kccsrv:samba_kcc = false
>          dsdb:schema update allowed = yes
> ### Winbind
>          winbind enum users = Yes
>          winbind enum groups = Yes
>          winbind use default domain = Yes
>          winbind nss info = rfc2307
>          template shell = /bin/bash
> ### Audit
>          vfs objects = full_audit
>          full_audit:success = open, opendir, write, unlink, rename,
> mkdir, rmdir, chmod, chown
>          full_audit:prefix = %u|%I|%S
>          full_audit:failure = none
>          full_audit:facility = local5
>          full_audit:priority = notice
> ### LOGS
>          log file = /var/log/samba/samba.log
>          max log size = 50000
>          log level = 3
>          debug uid = yes
>          vfs objects = recycle full_audit
> ### LIXEIRA
>          [Lixeira]
>          vfs objects = recycle
>          recycle:repository = /data/trash/%U
>          recycle:keeptree = yes
>          recycle:versions = yes
> #      recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
>          recycle:exclude_dir = tmp, cache
>          path = /data/trash/%U
>          read only = No
>
> [netlogon]
>          path = /usr/local/samba/var/locks/sysvol/d***.***/scripts
>          read only = No
> [sysvol]
>          path = /usr/local/samba/var/locks/sysvol
>          read only = No
>
> [Publicidade]
>          path = /data/publicidade
>          read only = No
>          valid users = @publicidade
> [Administrativo]
>          path = /data/financeiro
>          read only = No
>          valid users = @financeiro
>
>
>
> Define the access by group, the administrator is in all groups, for
> example there only put two groups one he has access to all normal and
> the other accesses or already asks for a password.
>
> Em 1 de julho de 2015 16:23, Rowland Penny
> <rowlandpenny241155 at gmail.com> escreveu:
>> On 01/07/15 02:41, Edson J Bueno wrote:
>>> User administrator without access to several shares
>>>
>> Quer dizer que administrador não pode acessar algumas partes, este poderia
>> ser para baixo para permissões de acesso ou má configuração.
>> Posso sugerir, porque esta falando uma lista de discussão Inglês, você
>> encontrar alguém que fala Inglês e levá-los a escrever suas perguntas.
>>
>> If the above looks wrong, don't blame me, blame google translate :-D
>>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>
>

OK, I think I understand what you mean, the AD 'Administrator' user is a 
member of all AD groups, but can only access one of these shares:

Publicidade, Administrativo

But not the other.

This sounds like a permissions problem, check the unix and windows 
permissions on both shares, they are probably different.

Rowland

More information about the samba mailing list