[Samba] RHEL 7.1 and Samba 4.1.12 partial success
Jay Bietz
bietz at pasco.com
Fri May 22 09:43:41 MDT 2015
I'm having issues with a couple of areas of Samba Setup.
I can see (from my Win 8.1 workstation) the shares for the server for my test share \\p30\download<file:///\\p30\download> and \\p30\bietz<file:///\\p30\bietz> my home folder.
I don't have permissions to access the folders and/or can't create or delete files.
I had an upgraded Active Directory domain from Windows server 2003 to Windows 2012 R2 AD domain controllers.
I also use winmin Version 1.75 to admin Samba ...
In the document " Setup a Samba AD Member Server" last release page ~8 -
Setting up PAM Auth...
I see the addition below.
account [default=bad success=ok user_unknown=ignore] pam_winbind.so # <-- add this line
but my choices are for pam_windbind.so are in a drop down and my choices are.
Sufficient (Success authentication immediately on success)
Optional (Success or failure is ignored)
Required (Fail Authentication at end on failure)
Requisite (Fail Authentication Immediately on failure)
Nothing like the [default=bad success=ok user_unknown=ignore] in the documentation.
Q - what is the correct value to use?
Also the line in the same PAM Auth area
account required pam_unix.so broken_shadow
I'm not allowed to add the broken_shadow as a parameter
Q: Is this a problem?
In document " Setup_and_configure_file_shares_with_windows_ACL#Related_documentation"
Area SeDiskOperatorPrivilege
I use the command for adding SeDiskOperatorPrivilege and when I run the command as seen below I have an error.
[root at p30 samba]# net rpc rights grant 'ROSEVILLE\Domain Admins' SeDiskOperatorPrivilege -U 'ROSEVILLE\admin' -I pas-vad01.roseville.pasco.com -d3
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
Processing section "[global]"
WARNING: The "idmap gid" option is deprecated
WARNING: The "idmap uid" option is deprecated
WARNING: The "socket address" option is deprecated
WARNING: The "enable privileges" option is deprecated
interpret_interface: Adding interface 172.16.1.30/255.255.0.0
added interface 172.16.1.30/255 ip=172.16.1.30 bcast=172.16.255.255 netmask=255.255.0.0
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Enter ROSEVILLE\adminp20's password:
Connecting to 172.16.0.24 at port 445
Doing spnego session setup (blob length=120)
got OID=1.3.6.1.4.1.311.2.2.30
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.2.840.113554.1.2.2.3
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178 at please_ignore
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088215
Failed to grant privileges for ROSEVILLE\Domain Admins (NT_STATUS_NO_SUCH_PRIVILEGE)
rpc command function failed! (NT_STATUS_NO_SUCH_PRIVILEGE)
return code = -1
I do see that BUILTIN\Administrators has SeDiskOperatorPrivilege listed so what am I doing wrong ?
[root at p30 samba]# net rpc rights list accounts -U'ROSEVILLE\adminp20'
Enter ROSEVILLE\adminp20's password:
BUILTIN\Print Operators
No privileges assigned
BUILTIN\Account Operators
No privileges assigned
BUILTIN\Backup Operators
No privileges assigned
BUILTIN\Server Operators
No privileges assigned
BUILTIN\Administrators
SeMachineAccountPrivilege
SeTakeOwnershipPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeRemoteShutdownPrivilege
SePrintOperatorPrivilege
SeAddUsersPrivilege
SeDiskOperatorPrivilege
SeSecurityPrivilege
SeSystemtimePrivilege
SeShutdownPrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeSystemProfilePrivilege
SeProfileSingleProcessPrivilege
SeIncreaseBasePriorityPrivilege
SeLoadDriverPrivilege
SeCreatePagefilePrivilege
SeIncreaseQuotaPrivilege
SeChangeNotifyPrivilege
SeUndockPrivilege
SeManageVolumePrivilege
SeImpersonatePrivilege
SeCreateGlobalPrivilege
SeEnableDelegationPrivilege
Everyone
No privileges assigned
Thanks for your time
Jay Bietz
IT & Facilities Manager,
bietz at pasco.com
PASCO scientific
10101 Foothills Blvd
Roseville, CA 95747
916 786 3800 ext 8350 Direct
916 786 8905 Fax
www.pasco.com<http://www.pasco.com>
Celebrating 50 years of innovation in science education
NOTICE: The information contained in this email and any document attached hereto is intended only for the named recipient(s). If you are not the intended recipient, nor the employee or agent responsible for delivering this message in confidence to the intended recipient(s), you are hereby notified that you have received this transmittal in error, and any review, dissemination, distribution or copying of this transmittal or its attachments is strictly prohibited. If you have received this transmittal and/or attachments in error, please notify me immediately by reply e-mail and then delete this message, including any attachments.
More information about the samba
mailing list