[Samba] "missing security tab" and related ACL issues

Stefan G. Weichinger lists at xunil.at
Tue Sep 11 07:54:32 UTC 2018


Am 07.09.18 um 20:07 schrieb Rowland Penny via samba:
> On Fri, 7 Sep 2018 19:09:37 +0200
> "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:

>> But
>>
>> # net rpc rights grant "Domänen-Admins" SeDiskOperatorPrivilege -U
>> "mydomain\administrator"
>>
>> fails
>>
>> also for "mydomain\Domänen-Admins"
> 
> Why is it 'Domanen-Admins' ? is the dash normal for the German version
> of Windows ?
> At least it exists ;-)
> 
> Is the locale set correctly ?

tried to set the locale to a german one ... 	

# wbinfo -g
dom�nencomputer
dom�nen-benutzer
dom�nen-g�ste
dom�nen-admins

still that special char displayed

# wbinfo -g | grep -i adm
specops endpoint protection report admins
dnsadmins
schema-admins
organisations-admins
Übereinstimmungen in Binärdatei (Standardeingabe)

this does NOT contain "domänen-admins"

why that?

-

# smb.conf

[global]
unix charset = iso8859-15

security = ads
realm = MYDOMAIN.INTRA
workgroup = MYDOMAIN

netbios aliases = u1MYDOMAIN
server string = U1MYDOMAIN

winbind cache time = 10
winbind use default domain = yes
winbind refresh tickets = Yes

template homedir = /mnt/MSA2040/smb/Homes/%D/%U

restrict anonymous = 2
domain master = no
local master = no
preferred master = no
invalid users = root bin daemon adm sync shutdown halt mail news \
		uucp
obey pam restrictions = yes

interfaces = 192.168.100.4/24 127.0.0.1
bind interfaces only = Yes

idmap config * : range = 3000-7999
idmap config * : backend = tdb
idmap config MYDOMAIN : range = 10000-20000
idmap config MYDOMAIN : backend = rid

# For ACL support on domain member
vfs objects = acl_xattr full_audit
map acl inherit = Yes
store dos attributes = Yes
nt acl support = No
force unknown acl user = Yes

unix extensions = no
follow symlinks= yes
wide links= yes

load printers = no
printcap name = /dev/null

# exe files

acl allow execute always = True

# Audit settings
full_audit:prefix = %u|%I|%S
full_audit:failure = connect
full_audit:success = mkdir rmdir write pwrite rename unlink \
		     chmod fchmod chown fchown ftruncate
full_audit:facility = local5
full_audit:priority = notice

# /etc/nsswitch.conf:

passwd:      compat winbind files
group:       compat winbind files
shadow:      compat files






More information about the samba mailing list