[Samba] Allow user without uidNumber to access to a Samba member file server
L.P.H. van Belle
belle at bazuin.nl
Wed Mar 15 16:01:16 UTC 2017
Ok, these :
> For Administrator / Domain Admins / System / Creator Owner = Full
> Control on folder, subfolders and files
Are not available on the "Share security" but are on the "Security"
So the "Share security settings" need only.
Everyone FULL CONTROLL ( or Verified users )
And i think your done.
> For Administrator / Domain Admins / System / Creator Owner = Full Control on folder, subfolders and files
> For Authenticated Users / Domain Users = Read and Execute on this folder only
In your case i suggest,
Domain Admins
SYSTEM
CREATOR OWNER ( or better GROUP )
CREATOR GROUP
All full controll.
Authenticated users OR Domain Users. Setting both isnt needed. With at least read.
I suggest you set ( in case of GPO things ) Authenticated users.
Since that include also the computers.
In other cases, use "domain users" and/or the other groups you need.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: Arnaud Cruzel [mailto:a.cruzel at ifporient.org]
> Verzonden: woensdag 15 maart 2017 16:40
> Aan: L.P.H. van Belle; samba at lists.samba.org
> Onderwerp: Re: [Samba] Allow user without uidNumber to access to a Samba
> member file server
>
> Le mercredi 15 mars 2017 à 15:16 +0100, L.P.H. van Belle via samba a
> écrit :
> > > But if he try to access to the file server (from a Windows 10
> > > client),
> > > he get an "Access refused".
> >
> > How did he access the share.
> > \\servername\share or \\servername.dnsdom.tld\share
> > (or by \\ip )
> by \\servername\share
>
>
> >
> > Can he access \\servername without the share.
> no it can't
> >
> > And the Win10 eventid + discription of the "Access refused" would be
> > nice.
> There is no event ID neither descriptions. I don't find any entry on
> Windows event viewer.
> >
> > The "Share Security" settings are?
> by exemple for the share 'Shares' :
> For Administrator / Domain Admins / System / Creator Owner = Full
> Control on folder, subfolders and files
> For Authenticated Users / Domain Users = Read and Execute on this
> folder only
>
>
> >
> > It should work with rfc2307, i works fine for me
> > ADDC 4.5.3 + members 4.5.3/4.6.0
> > All servers in rfc2307 mode.
> Yes I don't say it's not working. The problem is for set a GPO to
> deploy applications, I have to deploy it by user GPO.
> If I want to do that by computer GPO I have to set uidNumber to all
> computers. I'm lazy to do that :)
> And now with Windows 10 who don't allow to set rfc2307 easily with ADUC
> it become very complicate to set uidNumber manually for each user.
>
> >
> > But i did set extra things, so before i advice something i need the
> > above info first.
> >
> >
> > Greetz,
> >
> > Louis
> >
> >
> >
> >
> >
> >
More information about the samba
mailing list