[Samba] Roaming Profiles with Windows ACLs

Mark Nienberg mnlists at tippingstructural.com
Fri Oct 14 17:31:55 UTC 2016 

Right, I am using "domain admins" group instead of "administrator" user.

On Thu, Oct 13, 2016 at 5:15 AM, lingpanda101 at gmail.com <
lingpanda101 at gmail.com> wrote:

> On 10/12/2016 7:32 PM, Mark Nienberg wrote:
>
> Yes, it looks like this:
>
> https://wiki.samba.org/index.php/Implementing_roaming_
> profiles#Profile_share_using_Windows_ACLs
>
> but as I say, it works now that I have added the admin users, so I am
> satisfied for now.
>
> On Wed, Oct 12, 2016 at 11:31 AM, lingpanda101--- via samba <
> samba at lists.samba.org> wrote:
>
>> On 10/12/2016 1:34 PM, Mark Nienberg via samba wrote:
>>
>>> Well, the easy fix is to add this to the share definition:
>>>
>>>   admin users = "@STA\domain admins"
>>>
>>> The wiki implies that this should not be necessary, so I don't know if
>>> the
>>> wiki is wrong or if I failed to follow it correctly. This was my first
>>> share using Windows ACLS and it was an interesting experience, but for
>>> me I
>>> think the POSIX ACLs are easier to understand and troubleshoot. That may
>>> just be because I am more of a Linux admin than a Windows admin.
>>>
>>> Mark
>>>
>>> On Sat, Oct 8, 2016 at 12:04 PM, Mark Nienberg <
>>> mnlists at tippingstructural.com> wrote:
>>>
>>> On Fri, Oct 7, 2016 at 12:38 PM, Rowland Penny via samba <
>>>> samba at lists.samba.org> wrote:
>>>>
>>>> have you given Domain Admins the required rights ?
>>>>>
>>>>> net rpc rights grant DOMAIN\\"Domain Admins"
>>>>> SeDiskOperatorPrivilege -UAdministrator
>>>>>
>>>>> Yes. I followed this wiki example:
>>>> https://wiki.samba.org/index.php/Shares_with_Windows_ACLs
>>>>
>>>> Here is some output:
>>>>
>>>> [nienberg at gecko ~]$ net rpc rights list accounts -U'STA\myAdminAccount'
>>>>
>>>> STA\Domain Admins
>>>> SeDiskOperatorPrivilege
>>>>
>>>>
>> Do your Domain Admins have 'Full control' as a permission and 'This
>> folder, subfolders and files' on the root share under?
>>
>> --
>> -James
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
>
> The link doesn't show adding Domain Admins to the ACL permissions. I only
> see 'Administrator'. I assume you did based on your getfacl command.
>
> --
> -James
>
>

More information about the samba mailing list