[Samba] granting SeDiskOperatorPrivilege
Rowland Penny
rpenny at samba.org
Thu Jul 26 16:44:13 UTC 2018
On Thu, 26 Jul 2018 18:31:48 +0200
"Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:
> Am 2018-07-26 um 18:14 schrieb Rowland Penny via samba:
> > On Thu, 26 Jul 2018 17:46:26 +0200
> > "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:
> >> I also don't know how to use that group "domänen-benutzer" in
> >> "valid users" or "read list" ...
>
>
> > Stefan, you know all that knowledge you learnt about NT4-style
> > domains, well, forget most of it ;-)
> >
> > You will better setting the permissions from Windows, see here:
> > https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
>
> So you suggest getting rid of the parameters in the share-definition
> and only doing it via Windows ACLs?
Yes.
>
> > However, are you sure it is 'domanen-benutzer' ?
> > As far as I know 'benutzer' is German for 'users' and 'domanen' is
> > 'domain'.
> >
> > If I run: getent group Domain\ Users
> > I get back: domain users:x:10000:(list of users)
> >
> > So, should 'domanen-benutzer' be 'domanen benutzer'
>
> "getent group" doesn't even return the domain groups here ... oh my
If 'getent group Domain\ Users' (or what ever your German windows calls
the group) doesn't return output, then you have problems. If you are
just running 'getent group' then this will not work without the 'winbind
enum' lines in smb.conf
i.e.
winbind enum users = yes
winbind enum groups = yes
But only add these for testing.
>
>
> # wbinfo -g
> dom�nencomputer
> dom�nencontroller
> dom�nen-admins
> dom�nen-benutzer
> dom�nen-g�ste
> [..etc]
>
>
The problem here is, when I run that command on a Unix domain member, I
get all the domain groups, but the '-' is a space:
wbinfo -g
domain admins
unixgroup
enterprise read-only domain controllers
wingroup
domain users
unix admins
denied rodc password replication group
domain guests
......
Rowland
More information about the samba
mailing list