[Samba] Roaming Profiles with Windows ACLs

lingpanda101 at gmail.com lingpanda101 at gmail.com
Thu Oct 13 12:15:12 UTC 2016


On 10/12/2016 7:32 PM, Mark Nienberg wrote:
> Yes, it looks like this:
>
> https://wiki.samba.org/index.php/Implementing_roaming_profiles#Profile_share_using_Windows_ACLs
>
> but as I say, it works now that I have added the admin users, so I am 
> satisfied for now.
>
> On Wed, Oct 12, 2016 at 11:31 AM, lingpanda101--- via samba 
> <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote:
>
>     On 10/12/2016 1:34 PM, Mark Nienberg via samba wrote:
>
>         Well, the easy fix is to add this to the share definition:
>
>           admin users = "@STA\domain admins"
>
>         The wiki implies that this should not be necessary, so I don't
>         know if the
>         wiki is wrong or if I failed to follow it correctly. This was
>         my first
>         share using Windows ACLS and it was an interesting experience,
>         but for me I
>         think the POSIX ACLs are easier to understand and
>         troubleshoot. That may
>         just be because I am more of a Linux admin than a Windows admin.
>
>         Mark
>
>         On Sat, Oct 8, 2016 at 12:04 PM, Mark Nienberg <
>         mnlists at tippingstructural.com
>         <mailto:mnlists at tippingstructural.com>> wrote:
>
>             On Fri, Oct 7, 2016 at 12:38 PM, Rowland Penny via samba <
>             samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote:
>
>                 have you given Domain Admins the required rights ?
>
>                 net rpc rights grant DOMAIN\\"Domain Admins"
>                 SeDiskOperatorPrivilege -UAdministrator
>
>             Yes. I followed this wiki example:
>             https://wiki.samba.org/index.php/Shares_with_Windows_ACLs
>             <https://wiki.samba.org/index.php/Shares_with_Windows_ACLs>
>
>             Here is some output:
>
>             [nienberg at gecko ~]$ net rpc rights list accounts
>             -U'STA\myAdminAccount'
>
>             STA\Domain Admins
>             SeDiskOperatorPrivilege
>
>
>     Do your Domain Admins have 'Full control' as a permission and
>     'This folder, subfolders and files' on the root share under?
>
>     -- 
>     -James
>
>
>
>     -- 
>     To unsubscribe from this list go to the following URL and read the
>     instructions: https://lists.samba.org/mailman/options/samba
>     <https://lists.samba.org/mailman/options/samba>
>
>

The link doesn't show adding Domain Admins to the ACL permissions. I 
only see 'Administrator'. I assume you did based on your getfacl command.

-- 
-James



More information about the samba mailing list