[Samba] MMC issue
Rowland Penny
rpenny at samba.org
Tue Dec 5 19:13:41 UTC 2017
On Tue, 5 Dec 2017 12:00:55 -0700 (MST)
Mariusz80 via samba <samba at lists.samba.org> wrote:
> Samba - General mailing list wrote
> > On Tue, 5 Dec 2017 11:11:33 -0700 (MST)
> > Mariusz80 via samba <
>
> > samba at .samba
>
> > > wrote:
> >
> >> Samba - General mailing list wrote
> >> > On Tue, 5 Dec 2017 10:37:02 -0700 (MST)
> >> > Mariusz80 via samba <
> >>
> >> > samba at .samba
> >>
> >> > > wrote:
> >> >
> >> >> Hi
> >> >> I have a strange problem with Shared folders in MMC. While I
> >> >> try to connect to linux machine and list Open files or Sessions
> >> >> I got a message "You do not have permission to view the list of
> >> >> sessions from Windows clients". The problem exists only if I
> >> >> try to connect to linux machines (Windows Server is ok),
> >> >> and only for Administrator account. From other accounts with
> >> >> Administrator priviliges there is no problem at all.
> >> >>
> >> >> In the logs there is:
> >> >> ../source3/rpc_server/srvsvc/srv_srvsvc_nt.c:1274(_srvsvc_NetFileEnum)
> >> >> Enumerating files only allowed for administrators
> >> >>
> >> >> Any advice?
> >> >>
> >> >> Thanks
> >> >> Mariusz
> >> >>
> >> >>
> >> >>
> >> >> --
> >> >> Sent from:
> >> >> http://samba.2283325.n4.nabble.com/Samba-General-f2403709.html
> >> >>
> >> >
> >> > How is Samba set up on the Linux machine ?
> >> >
> >> > Rowland
> >> >
> >> > --
> >> > To unsubscribe from this list go to the following URL and read
> >> > the instructions: https://lists.samba.org/mailman/options/samba
> >>
> >> I did it according to:
> >> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
> >> My smb.conf:
> >> [global]
> >> security = ADS
> >> workgroup = some
> >> realm = some.domain.pl
> >>
> >> allow trusted domains = Yes
> >> winbind use default domain = Yes
> >> winbind nss info = rfc2307
> >> winbind refresh tickets = Yes
> >>
> >> log file = /var/log/samba/%m.log
> >> log level = 1
> >>
> >> idmap config * : backend = tdb
> >> idmap config * : range = 3000-7999
> >>
> >> idmap config some : backend = rid
> >> idmap config some: range = 10000-999999
> >>
> >> winbind nss info = template
> >> template shell = /bin/bash
> >> template homedir = /home/%U
> >> username map = /etc/samba/user.map
> >>
> >> winbind enum users = yes
> >> winbind enum groups = yes
> >>
> >> vfs objects = acl_xattr
> >> map acl inherit = yes
> >> store dos attributes = yes
> >>
> >
> > Does 'getent passwd Administrator' give any output ?
> >
> > If it does, try adding this line to smb.conf:
> >
> > username map = /etc/samba/user.map
> >
> > Create the user.map:
> >
> > nano /etc/samba/user.map
> >
> > it should contain only:
> >
> > !root = SAMDOM\Administrator SAMDOM\administrator Administrator
> > administrator
> >
> > That is all on one line, replace 'SAMDOM' with your workgroup name
> > and, if required, change the '/etc/samba' path to the path to your
> > smb.conf.
> >
> > Rowland
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
>
> getent passwd Administrator
> administrator:*:10500:10513::/home/administrator:/bin/bash
>
> smb.conf already contains user.map
>
The fact that 'Administrator' has an ID that isn't '0' means that, to
Linux, Administrator is just another user and can only do what any
normal user can do.
You could try running 'net cache flush'
Rowland
More information about the samba
mailing list