[Samba] Unable to set up home share correctly

L.P.H. van Belle belle at bazuin.nl
Fri Oct 14 12:59:49 UTC 2016


> Now I'm stuck in the RSAT Computer Management Console where I am denied
> access to the share configuration.

So can someone tell me which of the below Se Privileges should not be on the "Domain Admins" group? Because setting only SeDiskOperatorPrivilege is just stupid, really this needs to be changed on the wiki. 
root = Adminstrator and Adminsitrator is in "Domain Admins" .... 
so why not giving all privileges. 

This should be always on Domain Admins imo, how else are you going to manage a domain without all needed privleges.

net rpc rights list "NTDOM\Domain Admins" -S ADDC1.dnsdomain.tld \
 -UAdministrator
Enter Administrator's password:

SeDiskOperatorPrivilege
SeTakeOwnershipPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeRemoteShutdownPrivilege
SePrintOperatorPrivilege
SeAddUsersPrivilege
SeSecurityPrivilege
SeSystemtimePrivilege
SeShutdownPrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeSystemProfilePrivilege
SeProfileSingleProcessPrivilege
SeIncreaseBasePriorityPrivilege
SeLoadDriverPrivilege
SeCreatePagefilePrivilege
SeIncreaseQuotaPrivilege
SeChangeNotifyPrivilege
SeUndockPrivilege
SeManageVolumePrivilege
SeImpersonatePrivilege
SeCreateGlobalPrivilege
SeEnableDelegationPrivilege
SeMachineAccountPrivilege

On my domain member. 
cat /etc/samba/samba_usermapping
!root = NTDOM\Administrator NTDOM\administrator

And in smb.conf (global) 
# user Administrator workaround, without it you are unable to set privileges
    username map = /etc/samba/samba_usermapping

.. reboot ! the server.. 

and dont forget to login into the domain as DOMAIN\Adminstrator on you pc. 
now try again. 
And right clik choose connect to , select your server name (not localhost)

Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Udo Willke via
> samba
> Verzonden: vrijdag 14 oktober 2016 14:33
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Unable to set up home share correctly
> 
> Hello Rowland,
> 
> Am 13.10.2016 um 18:25 schrieb Rowland Penny via samba:
> > It sounds like you don't have IDMU installed, not sure if you can
> > install it on 2012.
> 
> are you trying to say that I should install "Identity Management for
> Unix" on a Windows Server 2012? If yes, I am afraid we have a
> misunderstanding here: I don't use any Windows Server in my set-up.
> 
> I use a Fileserver with two network interfaces, one connected to a
> private network, the other connected to our university network. A Samba
> AD DC is supposed to manage a small Windows Domain in the private net.
> The fileserver also serves as a gateway to the Windows 7 workstations in
> the private net. Fileserver and AD DC are both running ubuntu 16.04 and
> have the respective Samba packages installed. For testing I have set up
> two Windows 7 Instances on ESXi inside the private net, one with the
> RSAT Tools installed and one as a user PC.
> 
> Update: I spent the morning setting up a fresh member server
> ("FILESERVER2") for testing inside the private net (with 1 NIC only,
> thereby reducing complexity) I think, I have made all the necessary
> steps and did not forget to grant the SeDiskOperatorPrivilege rights to
> the Domain Admins
> 
> root at fileserver2:/var/log/samba# net rpc rights list 'MYDOMAIN\Domain
> Admins' -U'MYDOMAIN\Administrator' -S addc01
> Enter MYDOMAIN\Administrator's password:
> SeDiskOperatorPrivilege
> 
> Now I'm stuck in the RSAT Computer Management Console where I am denied
> access to the share configuration. On the navigation tree in the left
> window "Local users and groups" is shown as locked (and I remember this
> went only away after I assigned a uidNumber to the Adminstrator account
> and made it a member of the Domain Admins Unix Group). Can't tell if
> this is a useful hint.
> 
> Best Regards
> 
> Udo
> 
> 
> 
> 
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba




More information about the samba mailing list