[Samba] member domain idmap config ad/rid
empbilly at gmail.com
Tue May 30 18:05:56 UTC 2017
root at fileserver:~# samba -Version
root at fileserver:~# net rpc rights list privileges SeDiskOperatorPrivilege
Enter ADDC\administrator's password:
chown root:Domain\ Admins /mnt/dados >>>> ok
chmod 0770 /mnt/dados >>>> ok
root at fileserver:~# getfacl /mnt/dados/
getfacl: Removing leading '/' from absolute path names
# file: mnt/dados/
# owner: root
# group: domain\040admins
win7 machine with RSAT Tools.
The security tab as shown in the link below does not appear for me.
For me it's that way.
On Tue, May 30, 2017 at 1:13 PM, Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Tue, 30 May 2017 12:33:26 -0300
> Elias Pereira <empbilly at gmail.com> wrote:
> > *confs fileserver*
> > *smb.conf*
> > winbind nss info = rfc2307
> If you are using Samba 4.6.0 or greater, then you do not use the above
> > idmap config ADDC:unix_nss_info = yes
> > idmap config ADDC:unix_primary_group = yes
> You only use the above two lines on Samba 4.6.0 or greater
> > [storage]
> > path = /mnt/dados
> > read only = no
> > admin users = "ADDC\Domain Admins" ADDC\administrator
> You should set the ACLs from windows, so you not are not recommended
> to have the last line above.
> > *user.map*
> > !root = ADDC\Administrator ADDC\administrator
> I use:
> !root = SAMDOM\Administrator SAMDOM\administrator Administrator
> Not sure if it makes any difference ;-)
> If you are logging in to the windows machine to use ADUC as a member of
> Domain Admins, then you need to set the group on the share on the Unix
> domain member to Domain Admins i.e.
> chown root:Domain\ Admins /mnt/dados
> You will also need to give Domain Admins the rights to make changes on
> the Unix domain member (aka fileserver), see here:
> If you are logging in as Administrator, it should just work, this is
> because Administrator is mapped to root.
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba