[Samba] Files get created as BUILTIN\administrators

Dirk Bonenkamp - ProActive dirk at proactive.nl
Fri Dec 2 10:26:23 UTC 2016 

Hi Louis & list,

Thank you for your answer.

I'm running Ubuntu 12.04 64 bit on this machine and I'm using the sernet
packages. The others are 14.04 and 16.04, using stock ubuntu packages.

It's a share called 'developers' and it works as users homedirs. My
getfacl is the same to yours. I've already compared the share security
settings, they are the same. Things work fine for all the other users,
only not for the domain admins. Looks like samba does not 'translate' to
the correct uid or something like that.

smb.conf is pasted below. I've manually added the "idmap_ldb:use rfc2307
= yes", but this doesn't help.

Cheers,

Dirk

# Global parameters
[global]
        netbios name = DEV
        realm = PROACTIVE.LOCAL
        workgroup = PROACTIVE
        server role = active directory domain controller
        idmap_ldb:use rfc2307 = yes

        log file = /var/log/samba/%m.log
        log level = 3
[netlogon]
        path = /var/lib/samba/sysvol/proactive.local/scripts
        read only = No

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No

[development]
        path = /var/www/developers
        read only = no

[icons]
        path = /var/base/icn
        read only = no

[simplesaml]
        path = /var/base/simplesaml
        read only = no


On 02-12-16 10:53, L.P.H. van Belle via samba wrote:
> Hai Dirk, 
>
> Your os is? 
> And this happens on what share?  
> I'm guessing sysvol, since this is a default sysvol right. 
>
> Its also handy to provide a saniticed smb.conf that helps. 
>
> And last, what does : getfact testfile_or_folder 
> show as right?
>
> For example, all my user homedirs show : 
> drwxrwx---+ 13 root  root 4096 Apr 11  2016 testuser
> but the windows acl is used in the background. 
>
> So this does not have to be a problem. 
>
> Just find where the difference is. 
> Compair all share security settings on you DC.s correct them. 
> !!! BE VERY CAREFULL IF THESE SERVERS ARE IN PRODUCTION !!! 
> Then check all rights on  security ( file/folder ) 
>
>
>
> Greetz, 
>
> Louis
>
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Dirk Bonenkamp -
>> ProActive via samba
>> Verzonden: vrijdag 2 december 2016 10:28
>> Aan: samba at lists.samba.org
>> Onderwerp: [Samba] Files get created as BUILTIN\administrators
>>
>> Hi All,
>>
>> I've got a problem on a Samba Active Directory domain controller. This
>> is the third controller in our network, and the only one with this
>> problem. When I try to create a file, it is created with this
>> persmissions:
>>
>> -rwxrwxr-x+  1 BUILTIN\administrators users          0 dec  2 08:28 test*
>>
>> On the other machines, it gets created as dirk.users, which is how I
>> would like it to work.
>>
>> I am a domain admin. The 'normal' users have no problem.
>>
>> I'm running samba 4.5.1-9.
>>
>> Any Ideas?
>>
>> Thank you in advance,
>>
>> Dirk
>>
>>
>>
>>
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
 
ProActive Software

More information about the samba mailing list