[Samba] MMC issue
Mariusz80
skorp77 at gmail.com
Tue Dec 5 20:15:53 UTC 2017
Samba - General mailing list wrote
> On Tue, 5 Dec 2017 12:27:24 -0700 (MST)
> Mariusz80 via samba <
> samba at .samba
> > wrote:
>
>> Samba - General mailing list wrote
>> > On Tue, 5 Dec 2017 12:00:55 -0700 (MST)
>> > Mariusz80 via samba <
>>
>> > samba at .samba
>>
>> > > wrote:
>> >
>> >> Samba - General mailing list wrote
>> >> > On Tue, 5 Dec 2017 11:11:33 -0700 (MST)
>> >> > Mariusz80 via samba <
>> >>
>> >> > samba at .samba
>> >>
>> >> > > wrote:
>> >> >
>> >> >> Samba - General mailing list wrote
>> >> >> > On Tue, 5 Dec 2017 10:37:02 -0700 (MST)
>> >> >> > Mariusz80 via samba <
>> >> >>
>> >> >> > samba at .samba
>> >> >>
>> >> >> > > wrote:
>> >> >> >
>> >> >> >> Hi
>> >> >> >> I have a strange problem with Shared folders in MMC. While I
>> >> >> >> try to connect to linux machine and list Open files or
>> >> >> >> Sessions I got a message "You do not have permission to view
>> >> >> >> the list of sessions from Windows clients". The problem
>> >> >> >> exists only if I try to connect to linux machines (Windows
>> >> >> >> Server is ok), and only for Administrator account. From
>> >> >> >> other accounts with Administrator priviliges there is no
>> >> >> >> problem at all.
>> >> >> >>
>> >> >> >> In the logs there is:
>> >> >> >>
>> >> ../source3/rpc_server/srvsvc/srv_srvsvc_nt.c:1274(_srvsvc_NetFileEnum)
>> >> >> >> Enumerating files only allowed for administrators
>> >> >> >>
>> >> >> >> Any advice?
>> >> >> >>
>> >> >> >> Thanks
>> >> >> >> Mariusz
>> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >> >> --
>> >> >> >> Sent from:
>> >> >> >> http://samba.2283325.n4.nabble.com/Samba-General-f2403709.html
>> >> >> >>
>> >> >> >
>> >> >> > How is Samba set up on the Linux machine ?
>> >> >> >
>> >> >> > Rowland
>> >> >> >
>> >> >> > --
>> >> >> > To unsubscribe from this list go to the following URL and read
>> >> >> > the instructions:
>> >> >> > https://lists.samba.org/mailman/options/samba
>> >> >>
>> >> >> I did it according to:
>> >> >>
>> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
>> >> >> My smb.conf:
>> >> >> [global]
>> >> >> security = ADS
>> >> >> workgroup = some
>> >> >> realm = some.domain.pl
>> >> >>
>> >> >> allow trusted domains = Yes
>> >> >> winbind use default domain = Yes
>> >> >> winbind nss info = rfc2307
>> >> >> winbind refresh tickets = Yes
>> >> >>
>> >> >> log file = /var/log/samba/%m.log
>> >> >> log level = 1
>> >> >>
>> >> >> idmap config * : backend = tdb
>> >> >> idmap config * : range = 3000-7999
>> >> >>
>> >> >> idmap config some : backend = rid
>> >> >> idmap config some: range = 10000-999999
>> >> >>
>> >> >> winbind nss info = template
>> >> >> template shell = /bin/bash
>> >> >> template homedir = /home/%U
>> >> >> username map = /etc/samba/user.map
>> >> >>
>> >> >> winbind enum users = yes
>> >> >> winbind enum groups = yes
>> >> >>
>> >> >> vfs objects = acl_xattr
>> >> >> map acl inherit = yes
>> >> >> store dos attributes = yes
>> >> >>
>> >> >
>> >> > Does 'getent passwd Administrator' give any output ?
>> >> >
>> >> > If it does, try adding this line to smb.conf:
>> >> >
>> >> > username map = /etc/samba/user.map
>> >> >
>> >> > Create the user.map:
>> >> >
>> >> > nano /etc/samba/user.map
>> >> >
>> >> > it should contain only:
>> >> >
>> >> > !root = SAMDOM\Administrator SAMDOM\administrator Administrator
>> >> > administrator
>> >> >
>> >> > That is all on one line, replace 'SAMDOM' with your workgroup
>> >> > name and, if required, change the '/etc/samba' path to the path
>> >> > to your smb.conf.
>> >> >
>> >> > Rowland
>> >> >
>> >> > --
>> >> > To unsubscribe from this list go to the following URL and read
>> >> > the instructions: https://lists.samba.org/mailman/options/samba
>> >>
>> >> getent passwd Administrator
>> >> administrator:*:10500:10513::/home/administrator:/bin/bash
>> >>
>> >> smb.conf already contains user.map
>> >>
>> >
>> >
>> > The fact that 'Administrator' has an ID that isn't '0' means that,
>> > to Linux, Administrator is just another user and can only do what
>> > any normal user can do.
>>
>> In fact on my dc Administrator has an id=0 and mmc is working
>> correctly. How can I solve that ?
>
> This is because on a DC, the mapping is done in idmap.ldb, so you don't
> need the user.map on a DC
>>
>>
>> > You could try running 'net cache flush'
>>
>> net chache flush doesn't give any output and nothing change.
>
> If 'doesn't give any output' means that 'getent passwd Administrator'
> doesn't show what it did before, then try again from windows, it should
> now work.
>
> If you are still getting output from 'getent passwd Administrator',
> please post your smb.conf
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
getent passwd Administrator still shows:
administrator:*:10500:10513::/home/administrator:/bin/bash
smb.conf:
[global]
security = ADS
workgroup = some
realm = some.domain.pl
allow trusted domains = Yes
winbind use default domain = Yes
winbind nss info = rfc2307
winbind refresh tickets = Yes
log file = /var/log/samba/%m.log
log level = 1
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config some : backend = rid
idmap config some: range = 10000-999999
winbind nss info = template
template shell = /bin/bash
template homedir = /home/%U
username map = /etc/samba/user.map
winbind enum users = yes
winbind enum groups = yes
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
--
Sent from: http://samba.2283325.n4.nabble.com/Samba-General-f2403709.html
More information about the samba
mailing list