[Samba] missing group affiliation on ad dc
Rowland Penny
rpenny at samba.org
Tue Oct 9 15:54:47 UTC 2018
On Tue, 9 Oct 2018 17:17:44 +0200
basti mueller via samba <samba at lists.samba.org> wrote:
First things first, please don't open a new thread for an existing
thread.
> Might I found (a reason for) my problem.
>
> Domain ID's and BUILTIN ID's are overlapping.
I wouldn't know, you NEVER posted the smb.conf.
>
> For example "EXAMPLE\domain admins" has gid "512", "EXAMPLE\backup"
> has gid "10039" and "BUILTIN\print operators" has 550. Could this be
> a problem?
As you said, your AD domain was classicupgraded from an existing
NT4-style domain, so you will have very low IDs for most if not all
your users and groups.
Two of the groups you mention are 'Well Known SIDs' and, from the low
IDs (which are actually the groups RID), came from the upgrade. This is
one of the reasons that I have come round to the opinion it isn't worth
the effort to classic upgrade, you will probably find it easier to set
up a new domain.
>My strange group/share access-problem stillt exists, I
> can't figure it out >.<
> By the way... if my "exampleuser" just try to access the share via
> windows 10 - everything works without problems!
>
Try posting your smb.conf
Rowland
More information about the samba
mailing list