[Samba] Unable to set up home share correctly
Rowland Penny
rpenny at samba.org
Fri Oct 14 13:04:34 UTC 2016
On Fri, 14 Oct 2016 14:32:52 +0200
Udo Willke via samba <samba at lists.samba.org> wrote:
> Hello Rowland,
>
> Am 13.10.2016 um 18:25 schrieb Rowland Penny via samba:
> > It sounds like you don't have IDMU installed, not sure if you can
> > install it on 2012.
>
> are you trying to say that I should install "Identity Management for
> Unix" on a Windows Server 2012? If yes, I am afraid we have a
> misunderstanding here: I don't use any Windows Server in my set-up.
>
> I use a Fileserver with two network interfaces, one connected to a
> private network, the other connected to our university network. A
> Samba AD DC is supposed to manage a small Windows Domain in the
> private net. The fileserver also serves as a gateway to the Windows 7
> workstations in the private net. Fileserver and AD DC are both
> running ubuntu 16.04 and have the respective Samba packages
> installed. For testing I have set up two Windows 7 Instances on ESXi
> inside the private net, one with the RSAT Tools installed and one as
> a user PC.
>
> Update: I spent the morning setting up a fresh member server
> ("FILESERVER2") for testing inside the private net (with 1 NIC only,
> thereby reducing complexity) I think, I have made all the necessary
> steps and did not forget to grant the SeDiskOperatorPrivilege rights
> to the Domain Admins
>
> root at fileserver2:/var/log/samba# net rpc rights list 'MYDOMAIN\Domain
> Admins' -U'MYDOMAIN\Administrator' -S addc01
> Enter MYDOMAIN\Administrator's password:
> SeDiskOperatorPrivilege
>
> Now I'm stuck in the RSAT Computer Management Console where I am
> denied access to the share configuration. On the navigation tree in
> the left window "Local users and groups" is shown as locked (and I
> remember this went only away after I assigned a uidNumber to the
> Adminstrator account and made it a member of the Domain Admins Unix
> Group). Can't tell if this is a useful hint.
>
I could have sworn you mentioned a 2012 server, so if you are
authenticating the fileserver to a Samba AD DC, did you provision the
DC with '--use-rfc2307' ?
Not a problem if you didn't, see here:
https://wiki.samba.org/index.php/Setting_up_RFC2307_in_AD#Installing_NIS_extensions
The 'Administrator' is always a member of 'Domain Admins'
Did you remember to add the 'user.map' line to smb.conf ?
Rowland
More information about the samba
mailing list