[Samba] MMC issue

Mariusz80 skorp77 at gmail.com
Tue Dec 5 20:15:53 UTC 2017 

Samba - General mailing list wrote
> On Tue, 5 Dec 2017 12:27:24 -0700 (MST)
> Mariusz80 via samba <

> samba at .samba

> > wrote:
> 
>> Samba - General mailing list wrote
>> > On Tue, 5 Dec 2017 12:00:55 -0700 (MST)
>> > Mariusz80 via samba <
>> 
>> > samba at .samba
>> 
>> > > wrote:
>> > 
>> >> Samba - General mailing list wrote
>> >> > On Tue, 5 Dec 2017 11:11:33 -0700 (MST)
>> >> > Mariusz80 via samba <
>> >> 
>> >> > samba at .samba
>> >> 
>> >> > > wrote:
>> >> > 
>> >> >> Samba - General mailing list wrote
>> >> >> > On Tue, 5 Dec 2017 10:37:02 -0700 (MST)
>> >> >> > Mariusz80 via samba <
>> >> >> 
>> >> >> > samba at .samba
>> >> >> 
>> >> >> > > wrote:
>> >> >> > 
>> >> >> >> Hi
>> >> >> >> I have a strange problem with Shared folders in MMC. While I
>> >> >> >> try to connect to linux machine and list Open files or
>> >> >> >> Sessions I got a message "You do not have permission to view
>> >> >> >> the list of sessions from Windows clients". The problem
>> >> >> >> exists only if I try to connect to linux machines (Windows
>> >> >> >> Server is ok), and only for Administrator account. From
>> >> >> >> other accounts with Administrator priviliges there is no
>> >> >> >> problem at all.
>> >> >> >> 
>> >> >> >> In the logs there is:
>> >> >> >>
>> >> ../source3/rpc_server/srvsvc/srv_srvsvc_nt.c:1274(_srvsvc_NetFileEnum)
>> >> >> >>   Enumerating files only allowed for administrators
>> >> >> >> 
>> >> >> >> Any advice?
>> >> >> >> 
>> >> >> >> Thanks
>> >> >> >> Mariusz
>> >> >> >> 
>> >> >> >> 
>> >> >> >> 
>> >> >> >> --
>> >> >> >> Sent from:
>> >> >> >> http://samba.2283325.n4.nabble.com/Samba-General-f2403709.html
>> >> >> >> 
>> >> >> > 
>> >> >> > How is Samba set up on the Linux machine ?
>> >> >> > 
>> >> >> > Rowland
>> >> >> > 
>> >> >> > -- 
>> >> >> > To unsubscribe from this list go to the following URL and read
>> >> >> > the instructions:
>> >> >> > https://lists.samba.org/mailman/options/samba
>> >> >> 
>> >> >> I did it according to:
>> >> >>
>> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
>> >> >> My smb.conf:
>> >> >> [global]
>> >> >>        security = ADS
>> >> >>        workgroup = some
>> >> >>        realm = some.domain.pl
>> >> >> 	   
>> >> >> 		allow trusted domains = Yes
>> >> >> 		winbind use default domain = Yes
>> >> >>         winbind nss info = rfc2307
>> >> >>         winbind refresh tickets = Yes
>> >> >> 
>> >> >>        log file = /var/log/samba/%m.log
>> >> >>        log level = 1
>> >> >> 	
>> >> >>        idmap config * : backend = tdb
>> >> >>        idmap config * : range = 3000-7999
>> >> >> 	
>> >> >> 	idmap config some : backend = rid
>> >> >> 	idmap config some: range = 10000-999999
>> >> >> 
>> >> >> 	winbind nss info = template
>> >> >> 	template shell = /bin/bash
>> >> >> 	template homedir = /home/%U
>> >> >> 	username map = /etc/samba/user.map
>> >> >> 	
>> >> >> 	winbind enum users = yes
>> >> >> 	winbind enum groups = yes
>> >> >> 
>> >> >> 	vfs objects = acl_xattr
>> >> >>        map acl inherit = yes
>> >> >>        store dos attributes = yes
>> >> >> 
>> >> > 
>> >> > Does 'getent passwd Administrator' give any output ?
>> >> > 
>> >> > If it does, try adding this line to smb.conf:
>> >> > 
>> >> > username map = /etc/samba/user.map
>> >> > 
>> >> > Create the user.map:
>> >> > 
>> >> > nano /etc/samba/user.map
>> >> > 
>> >> > it should contain only:
>> >> > 
>> >> > !root = SAMDOM\Administrator SAMDOM\administrator Administrator
>> >> > administrator
>> >> > 
>> >> > That is all on one line, replace 'SAMDOM' with your workgroup
>> >> > name and, if required, change the '/etc/samba' path to the path
>> >> > to your smb.conf.
>> >> > 
>> >> > Rowland
>> >> > 
>> >> > -- 
>> >> > To unsubscribe from this list go to the following URL and read
>> >> > the instructions:  https://lists.samba.org/mailman/options/samba
>> >> 
>> >> getent passwd Administrator
>> >> administrator:*:10500:10513::/home/administrator:/bin/bash
>> >> 
>> >> smb.conf already contains user.map
>> >> 
>> > 
>> > 
>> > The fact that 'Administrator' has an ID that isn't '0' means that,
>> > to Linux, Administrator is just another user and can only do what
>> > any normal user can do.
>> 
>> In fact on my dc Administrator has an id=0 and mmc is working
>> correctly. How can I solve that ? 
> 
> This is because on a DC, the mapping is done in idmap.ldb, so you don't
> need the user.map on a DC
>> 
>> 
>> > You could try running 'net cache flush'
>> 
>> net chache flush  doesn't give any output and nothing change.
> 
> If 'doesn't give any output' means that 'getent passwd Administrator'
> doesn't show what it did before, then try again from windows, it should
> now work.
> 
> If you are still getting output from 'getent passwd Administrator',
> please post your smb.conf
> 
> Rowland
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

getent passwd Administrator still shows:
administrator:*:10500:10513::/home/administrator:/bin/bash

smb.conf:
[global]
       security = ADS
       workgroup = some
       realm = some.domain.pl
	   
		allow trusted domains = Yes
		winbind use default domain = Yes
        winbind nss info = rfc2307
        winbind refresh tickets = Yes

       log file = /var/log/samba/%m.log
       log level = 1
	
       idmap config * : backend = tdb
       idmap config * : range = 3000-7999
	
	idmap config some : backend = rid
	idmap config some: range = 10000-999999

	winbind nss info = template
	template shell = /bin/bash
	template homedir = /home/%U


	username map = /etc/samba/user.map
	
	winbind enum users = yes
	winbind enum groups = yes

	vfs objects = acl_xattr
       map acl inherit = yes
       store dos attributes = yes



--
Sent from: http://samba.2283325.n4.nabble.com/Samba-General-f2403709.html

More information about the samba mailing list