[Samba] User administrator
Rowland Penny
rowlandpenny241155 at gmail.com
Wed Jul 1 22:02:32 UTC 2015
On 01/07/15 22:55, Edson J Bueno wrote:
> you have a manual on this subject?
You could try here:
https://wiki.samba.org/index.php/Setup_and_configure_file_shares_with_Windows_ACLs
>
> if so then he is allowed to administrative and not have to finance,
No, sorry, if there is a question there, I do not understand it. I will
repeat what I said before, please find an English speaker and get them
to write your questions.
Also, could you please keep these posts onlist, do not email me direct.
Rowland
>
>
> 2015-07-01 17:40 GMT-04:00 Rowland Penny <rowlandpenny241155 at gmail.com>:
>> On 01/07/15 22:18, Edson J Bueno wrote:
>>> [global]
>>> workgroup = D***
>>> realm = d***.***
>>> netbios name = AD
>>> server role = active directory domain controller
>>> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
>>> drepl, winbindd, ntp_signd, kcc, dnsupdate
>>> idmap_ldb:use rfc2307 = yes
>>> kerberos method = system keytab
>>> client ldap sasl wrapping = sign
>>> allow dns updates = nonsecure and secure
>>> nsupdate command = /usr/bin/nsupdate -g
>>> allow nt4 crypto = yes
>>> kccsrv:samba_kcc = false
>>> dsdb:schema update allowed = yes
>>> ### Winbind
>>> winbind enum users = Yes
>>> winbind enum groups = Yes
>>> winbind use default domain = Yes
>>> winbind nss info = rfc2307
>>> template shell = /bin/bash
>>> ### Audit
>>> vfs objects = full_audit
>>> full_audit:success = open, opendir, write, unlink, rename,
>>> mkdir, rmdir, chmod, chown
>>> full_audit:prefix = %u|%I|%S
>>> full_audit:failure = none
>>> full_audit:facility = local5
>>> full_audit:priority = notice
>>> ### LOGS
>>> log file = /var/log/samba/samba.log
>>> max log size = 50000
>>> log level = 3
>>> debug uid = yes
>>> vfs objects = recycle full_audit
>>> ### LIXEIRA
>>> [Lixeira]
>>> vfs objects = recycle
>>> recycle:repository = /data/trash/%U
>>> recycle:keeptree = yes
>>> recycle:versions = yes
>>> # recycle:exclude = *.tmp, *.log, *.obj, ~*.*, *.bak, *.iso
>>> recycle:exclude_dir = tmp, cache
>>> path = /data/trash/%U
>>> read only = No
>>>
>>> [netlogon]
>>> path = /usr/local/samba/var/locks/sysvol/d***.***/scripts
>>> read only = No
>>> [sysvol]
>>> path = /usr/local/samba/var/locks/sysvol
>>> read only = No
>>>
>>> [Publicidade]
>>> path = /data/publicidade
>>> read only = No
>>> valid users = @publicidade
>>> [Administrativo]
>>> path = /data/financeiro
>>> read only = No
>>> valid users = @financeiro
>>>
>>>
>>>
>>> Define the access by group, the administrator is in all groups, for
>>> example there only put two groups one he has access to all normal and
>>> the other accesses or already asks for a password.
>>>
>>> Em 1 de julho de 2015 16:23, Rowland Penny
>>> <rowlandpenny241155 at gmail.com> escreveu:
>>>> On 01/07/15 02:41, Edson J Bueno wrote:
>>>>> User administrator without access to several shares
>>>>>
>>>> Quer dizer que administrador não pode acessar algumas partes, este
>>>> poderia
>>>> ser para baixo para permissões de acesso ou má configuração.
>>>> Posso sugerir, porque esta falando uma lista de discussão Inglês, você
>>>> encontrar alguém que fala Inglês e levá-los a escrever suas perguntas.
>>>>
>>>> If the above looks wrong, don't blame me, blame google translate :-D
>>>>
>>>> Rowland
>>>>
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>
>>>
>> OK, I think I understand what you mean, the AD 'Administrator' user is a
>> member of all AD groups, but can only access one of these shares:
>>
>> Publicidade, Administrativo
>>
>> But not the other.
>>
>> This sounds like a permissions problem, check the unix and windows
>> permissions on both shares, they are probably different.
>>
>> Rowland
>>
>
>
More information about the samba
mailing list