[Samba] Roaming Profiles with Windows ACLs

Mark Nienberg mnlists at tippingstructural.com
Wed Oct 12 17:34:01 UTC 2016

Well, the easy fix is to add this to the share definition:

 admin users = "@STA\domain admins"

The wiki implies that this should not be necessary, so I don't know if the
wiki is wrong or if I failed to follow it correctly. This was my first
share using Windows ACLS and it was an interesting experience, but for me I
think the POSIX ACLs are easier to understand and troubleshoot. That may
just be because I am more of a Linux admin than a Windows admin.


On Sat, Oct 8, 2016 at 12:04 PM, Mark Nienberg <
mnlists at tippingstructural.com> wrote:

> On Fri, Oct 7, 2016 at 12:38 PM, Rowland Penny via samba <
> samba at lists.samba.org> wrote:
>> have you given Domain Admins the required rights ?
>> net rpc rights grant DOMAIN\\"Domain Admins"
>> SeDiskOperatorPrivilege -UAdministrator
> Yes. I followed this wiki example:
> https://wiki.samba.org/index.php/Shares_with_Windows_ACLs
> Here is some output:
> [nienberg at gecko ~]$ net rpc rights list accounts -U'STA\myAdminAccount'
> STA\Domain Admins
> SeDiskOperatorPrivilege

More information about the samba mailing list