[Samba] MMC issue

Rowland Penny rpenny at samba.org
Tue Dec 5 19:58:04 UTC 2017 

On Tue, 5 Dec 2017 12:27:24 -0700 (MST)
Mariusz80 via samba <samba at lists.samba.org> wrote:

> Samba - General mailing list wrote
> > On Tue, 5 Dec 2017 12:00:55 -0700 (MST)
> > Mariusz80 via samba <
> 
> > samba at .samba
> 
> > > wrote:
> > 
> >> Samba - General mailing list wrote
> >> > On Tue, 5 Dec 2017 11:11:33 -0700 (MST)
> >> > Mariusz80 via samba <
> >> 
> >> > samba at .samba
> >> 
> >> > > wrote:
> >> > 
> >> >> Samba - General mailing list wrote
> >> >> > On Tue, 5 Dec 2017 10:37:02 -0700 (MST)
> >> >> > Mariusz80 via samba <
> >> >> 
> >> >> > samba at .samba
> >> >> 
> >> >> > > wrote:
> >> >> > 
> >> >> >> Hi
> >> >> >> I have a strange problem with Shared folders in MMC. While I
> >> >> >> try to connect to linux machine and list Open files or
> >> >> >> Sessions I got a message "You do not have permission to view
> >> >> >> the list of sessions from Windows clients". The problem
> >> >> >> exists only if I try to connect to linux machines (Windows
> >> >> >> Server is ok), and only for Administrator account. From
> >> >> >> other accounts with Administrator priviliges there is no
> >> >> >> problem at all.
> >> >> >> 
> >> >> >> In the logs there is:
> >> >> >>
> >> ../source3/rpc_server/srvsvc/srv_srvsvc_nt.c:1274(_srvsvc_NetFileEnum)
> >> >> >>   Enumerating files only allowed for administrators
> >> >> >> 
> >> >> >> Any advice?
> >> >> >> 
> >> >> >> Thanks
> >> >> >> Mariusz
> >> >> >> 
> >> >> >> 
> >> >> >> 
> >> >> >> --
> >> >> >> Sent from:
> >> >> >> http://samba.2283325.n4.nabble.com/Samba-General-f2403709.html
> >> >> >> 
> >> >> > 
> >> >> > How is Samba set up on the Linux machine ?
> >> >> > 
> >> >> > Rowland
> >> >> > 
> >> >> > -- 
> >> >> > To unsubscribe from this list go to the following URL and read
> >> >> > the instructions:
> >> >> > https://lists.samba.org/mailman/options/samba
> >> >> 
> >> >> I did it according to:
> >> >> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
> >> >> My smb.conf:
> >> >> [global]
> >> >>        security = ADS
> >> >>        workgroup = some
> >> >>        realm = some.domain.pl
> >> >> 	   
> >> >> 		allow trusted domains = Yes
> >> >> 		winbind use default domain = Yes
> >> >>         winbind nss info = rfc2307
> >> >>         winbind refresh tickets = Yes
> >> >> 
> >> >>        log file = /var/log/samba/%m.log
> >> >>        log level = 1
> >> >> 	
> >> >>        idmap config * : backend = tdb
> >> >>        idmap config * : range = 3000-7999
> >> >> 	
> >> >> 	idmap config some : backend = rid
> >> >> 	idmap config some: range = 10000-999999
> >> >> 
> >> >> 	winbind nss info = template
> >> >> 	template shell = /bin/bash
> >> >> 	template homedir = /home/%U
> >> >> 	username map = /etc/samba/user.map
> >> >> 	
> >> >> 	winbind enum users = yes
> >> >> 	winbind enum groups = yes
> >> >> 
> >> >> 	vfs objects = acl_xattr
> >> >>        map acl inherit = yes
> >> >>        store dos attributes = yes
> >> >> 
> >> > 
> >> > Does 'getent passwd Administrator' give any output ?
> >> > 
> >> > If it does, try adding this line to smb.conf:
> >> > 
> >> > username map = /etc/samba/user.map
> >> > 
> >> > Create the user.map:
> >> > 
> >> > nano /etc/samba/user.map
> >> > 
> >> > it should contain only:
> >> > 
> >> > !root = SAMDOM\Administrator SAMDOM\administrator Administrator
> >> > administrator
> >> > 
> >> > That is all on one line, replace 'SAMDOM' with your workgroup
> >> > name and, if required, change the '/etc/samba' path to the path
> >> > to your smb.conf.
> >> > 
> >> > Rowland
> >> > 
> >> > -- 
> >> > To unsubscribe from this list go to the following URL and read
> >> > the instructions:  https://lists.samba.org/mailman/options/samba
> >> 
> >> getent passwd Administrator
> >> administrator:*:10500:10513::/home/administrator:/bin/bash
> >> 
> >> smb.conf already contains user.map
> >> 
> > 
> > 
> > The fact that 'Administrator' has an ID that isn't '0' means that,
> > to Linux, Administrator is just another user and can only do what
> > any normal user can do.
> 
> In fact on my dc Administrator has an id=0 and mmc is working
> correctly. How can I solve that ? 

This is because on a DC, the mapping is done in idmap.ldb, so you don't
need the user.map on a DC
> 
> 
> > You could try running 'net cache flush'
> 
> net chache flush  doesn't give any output and nothing change.

If 'doesn't give any output' means that 'getent passwd Administrator'
doesn't show what it did before, then try again from windows, it should
now work.

If you are still getting output from 'getent passwd Administrator',
please post your smb.conf

Rowland

More information about the samba mailing list