[Samba] Domain Admins default ownership is BUILTIN\Administrators
Rob Mason
rob at acasta.co.uk
Fri Nov 30 18:28:07 UTC 2018
I've now spun up a second DC ready for a migration from an old DC. Just checking over a few things and have hit this problem:
Objects created by Domain Admins members default to ownership by BUILTIN\Administrators. So, when JohnDoe is logged on as JohnDoe and creates a file, its ownership becomes BUILTIN\Administrators.
I've played with perms for over an hour and cannot make any sense of this? I cannot see where/why it is defaulting to this account??
\data is chmod 2755 owned by "SAMDOM\JohnDoe":"SAMDOM\Domain Admins". Resulting files are 755 owned by "BUILTIN\Administrators":"SAMDOM\Domain Admins"
[global]
netbios name = SAGAN
realm = SAMDOM.INTRA
server role = active directory domain controller
workgroup = SAMDOM
idmap_ldb:use rfc2307 = yes
template shell = /bin/bash
winbind use default domain = true
winbind offline logon = false
winbind nss info = rfc2307
winbind enum users = yes
winbind enum groups = yes
[netlogon]
path = /var/lib/samba/sysvol/acasta.intra/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[data]
path = /data
read only = No
--
Rob Mason
Acasta Ltd - A Crown Commercial Service Supplier. CyberEssentials Certified QGCE013.
Registered in England 6619191. 42 Pitt Street, Barnsley, S70 1BB. VAT Registered 934 6797 75.
More information about the samba
mailing list