[Samba] granting SeDiskOperatorPrivilege
rpenny at samba.org
Thu Jul 26 16:44:13 UTC 2018
On Thu, 26 Jul 2018 18:31:48 +0200
"Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:
> Am 2018-07-26 um 18:14 schrieb Rowland Penny via samba:
> > On Thu, 26 Jul 2018 17:46:26 +0200
> > "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:
> >> I also don't know how to use that group "domänen-benutzer" in
> >> "valid users" or "read list" ...
> > Stefan, you know all that knowledge you learnt about NT4-style
> > domains, well, forget most of it ;-)
> > You will better setting the permissions from Windows, see here:
> > https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
> So you suggest getting rid of the parameters in the share-definition
> and only doing it via Windows ACLs?
> > However, are you sure it is 'domanen-benutzer' ?
> > As far as I know 'benutzer' is German for 'users' and 'domanen' is
> > 'domain'.
> > If I run: getent group Domain\ Users
> > I get back: domain users:x:10000:(list of users)
> > So, should 'domanen-benutzer' be 'domanen benutzer'
> "getent group" doesn't even return the domain groups here ... oh my
If 'getent group Domain\ Users' (or what ever your German windows calls
the group) doesn't return output, then you have problems. If you are
just running 'getent group' then this will not work without the 'winbind
enum' lines in smb.conf
winbind enum users = yes
winbind enum groups = yes
But only add these for testing.
> # wbinfo -g
The problem here is, when I run that command on a Unix domain member, I
get all the domain groups, but the '-' is a space:
enterprise read-only domain controllers
denied rodc password replication group
More information about the samba