[Samba] Allow user without uidNumber to access to a Samba member file server
Arnaud Cruzel
a.cruzel at ifporient.org
Wed Mar 15 16:47:29 UTC 2017
Le mercredi 15 mars 2017 à 17:01 +0100, L.P.H. van Belle via samba a
écrit :
> Ok, these :
> > For Administrator / Domain Admins / System / Creator Owner = Full
> > Control on folder, subfolders and files
>
> Are not available on the "Share security" but are on the "Security"
>
> So the "Share security settings" need only.
> Everyone FULL CONTROLL ( or Verified users )
Yes sorry, it's what I have on Share security settings
>
>
> And i think your done.
>
> > For Administrator / Domain Admins / System / Creator Owner = Full
> > Control on folder, subfolders and files
> > For Authenticated Users / Domain Users = Read and Execute on this
> > folder only
>
> In your case i suggest,
>
>
> Domain Admins
> SYSTEM
> CREATOR OWNER ( or better GROUP )
> CREATOR GROUP
> All full controll. n case of GPO things ) Authenticated users.
> Since that include also the computers.
Ok I did it.
On the 'deploy$' share for GPO, I set
Domain Admins
SYSTEM
CREATOR OWNER
CREATOR GROUP
to full control
and read and execute for everybody
on security tab everybody with full control.
But it's the same : if uidNumber is not set, no access
>
> In other cases, use "domain users" and/or the other groups you need.
>
>
> Greetz,
>
> Louis
>
>
>
>
>
> > -----Oorspronkelijk bericht-----
> > Van: Arnaud Cruzel [mailto:a.cruzel at ifporient.org]
> > Verzonden: woensdag 15 maart 2017 16:40
> > Aan: L.P.H. van Belle; samba at lists.samba.org
> > Onderwerp: Re: [Samba] Allow user without uidNumber to access to a
> > Samba
> > member file server
> >
> > Le mercredi 15 mars 2017 à 15:16 +0100, L.P.H. van Belle via samba
> > a
> > écrit :
> > > > But if he try to access to the file server (from a Windows 10
> > > > client),
> > > > he get an "Access refused".
> > >
> > > How did he access the share.
> > > \\servername\share or \\servername.dnsdom.tld\share
> > > (or by \\ip )
> >
> > by \\servername\share
> >
> >
> > >
> > > Can he access \\servername without the share.
> >
> > no it can't
> > >
> > > And the Win10 eventid + discription of the "Access refused" would
> > > be
> > > nice.
> >
> > There is no event ID neither descriptions. I don't find any entry
> > on
> > Windows event viewer.
> > >
> > > The "Share Security" settings are?
> >
> > by exemple for the share 'Shares' :
> > For Administrator / Domain Admins / System / Creator Owner = Full
> > Control on folder, subfolders and files
> > For Authenticated Users / Domain Users = Read and Execute on this
> > folder only
> >
> >
> > >
> > > It should work with rfc2307, i works fine for me
> > > ADDC 4.5.3 + members 4.5.3/4.6.0
> > > All servers in rfc2307 mode.
> >
> > Yes I don't say it's not working. The problem is for set a GPO to
> > deploy applications, I have to deploy it by user GPO.
> > If I want to do that by computer GPO I have to set uidNumber to all
> > computers. I'm lazy to do that :)
> > And now with Windows 10 who don't allow to set rfc2307 easily with
> > ADUC
> > it become very complicate to set uidNumber manually for each user.
> >
> > >
> > > But i did set extra things, so before i advice something i need
> > > the
> > > above info first.
> > >
> > >
> > > Greetz,
> > >
> > > Louis
> > >
> > >
> > >
> > >
> > >
> > >
>
>
>
>
More information about the samba
mailing list