[Samba] Roaming Profiles with Windows ACLs
lingpanda101 at gmail.com
lingpanda101 at gmail.com
Thu Oct 13 12:15:12 UTC 2016
On 10/12/2016 7:32 PM, Mark Nienberg wrote:
> Yes, it looks like this:
>
> https://wiki.samba.org/index.php/Implementing_roaming_profiles#Profile_share_using_Windows_ACLs
>
> but as I say, it works now that I have added the admin users, so I am
> satisfied for now.
>
> On Wed, Oct 12, 2016 at 11:31 AM, lingpanda101--- via samba
> <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote:
>
> On 10/12/2016 1:34 PM, Mark Nienberg via samba wrote:
>
> Well, the easy fix is to add this to the share definition:
>
> admin users = "@STA\domain admins"
>
> The wiki implies that this should not be necessary, so I don't
> know if the
> wiki is wrong or if I failed to follow it correctly. This was
> my first
> share using Windows ACLS and it was an interesting experience,
> but for me I
> think the POSIX ACLs are easier to understand and
> troubleshoot. That may
> just be because I am more of a Linux admin than a Windows admin.
>
> Mark
>
> On Sat, Oct 8, 2016 at 12:04 PM, Mark Nienberg <
> mnlists at tippingstructural.com
> <mailto:mnlists at tippingstructural.com>> wrote:
>
> On Fri, Oct 7, 2016 at 12:38 PM, Rowland Penny via samba <
> samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote:
>
> have you given Domain Admins the required rights ?
>
> net rpc rights grant DOMAIN\\"Domain Admins"
> SeDiskOperatorPrivilege -UAdministrator
>
> Yes. I followed this wiki example:
> https://wiki.samba.org/index.php/Shares_with_Windows_ACLs
> <https://wiki.samba.org/index.php/Shares_with_Windows_ACLs>
>
> Here is some output:
>
> [nienberg at gecko ~]$ net rpc rights list accounts
> -U'STA\myAdminAccount'
>
> STA\Domain Admins
> SeDiskOperatorPrivilege
>
>
> Do your Domain Admins have 'Full control' as a permission and
> 'This folder, subfolders and files' on the root share under?
>
> --
> -James
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
> <https://lists.samba.org/mailman/options/samba>
>
>
The link doesn't show adding Domain Admins to the ACL permissions. I
only see 'Administrator'. I assume you did based on your getfacl command.
--
-James
More information about the samba
mailing list