[Samba] granting SeDiskOperatorPrivilege

Stefan G. Weichinger lists at xunil.at
Thu Jul 26 16:56:07 UTC 2018


Am 2018-07-26 um 18:44 schrieb Rowland Penny via samba:

>> "getent group" doesn't even return the domain groups here ... oh my
> 
> If 'getent group Domain\ Users' (or what ever your German windows calls
> the group) doesn't return output, then you have problems. If you are
> just running 'getent group' then this will not work without the 'winbind
> enum' lines in smb.conf
> i.e.
>      winbind enum users = yes
>      winbind enum groups = yes
> 
> But only add these for testing.

I just compared nsswitch.conf with another DM server (at another
customer), looks OK to me.

passwd:      compat winbind files
group:       compat winbind files
shadow:      compat files

(the files is there because gentoo-glibc needs it, I referred to that
some months ago)

Share access for the users works, and I even managed to set up that new
share with the required permissions ... so I hesitate to fiddle with the
current config.

> The problem here is, when I run that command on a Unix domain member, I
> get all the domain groups, but the '-' is a space:
> 
>  wbinfo -g
> domain admins
> unixgroup
> enterprise read-only domain controllers
> wingroup
> domain users
> unix admins
> denied rodc password replication group
> domain guests
> ......

I will leave it for now as I am not 100% fit in these days.

thanks for now, Stefan





More information about the samba mailing list