[Samba] "missing security tab" and related ACL issues
Stefan G. Weichinger
lists at xunil.at
Tue Sep 11 07:54:32 UTC 2018
Am 07.09.18 um 20:07 schrieb Rowland Penny via samba:
> On Fri, 7 Sep 2018 19:09:37 +0200
> "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:
>> But
>>
>> # net rpc rights grant "Domänen-Admins" SeDiskOperatorPrivilege -U
>> "mydomain\administrator"
>>
>> fails
>>
>> also for "mydomain\Domänen-Admins"
>
> Why is it 'Domanen-Admins' ? is the dash normal for the German version
> of Windows ?
> At least it exists ;-)
>
> Is the locale set correctly ?
tried to set the locale to a german one ...
# wbinfo -g
dom�nencomputer
dom�nen-benutzer
dom�nen-g�ste
dom�nen-admins
still that special char displayed
# wbinfo -g | grep -i adm
specops endpoint protection report admins
dnsadmins
schema-admins
organisations-admins
Übereinstimmungen in Binärdatei (Standardeingabe)
this does NOT contain "domänen-admins"
why that?
-
# smb.conf
[global]
unix charset = iso8859-15
security = ads
realm = MYDOMAIN.INTRA
workgroup = MYDOMAIN
netbios aliases = u1MYDOMAIN
server string = U1MYDOMAIN
winbind cache time = 10
winbind use default domain = yes
winbind refresh tickets = Yes
template homedir = /mnt/MSA2040/smb/Homes/%D/%U
restrict anonymous = 2
domain master = no
local master = no
preferred master = no
invalid users = root bin daemon adm sync shutdown halt mail news \
uucp
obey pam restrictions = yes
interfaces = 192.168.100.4/24 127.0.0.1
bind interfaces only = Yes
idmap config * : range = 3000-7999
idmap config * : backend = tdb
idmap config MYDOMAIN : range = 10000-20000
idmap config MYDOMAIN : backend = rid
# For ACL support on domain member
vfs objects = acl_xattr full_audit
map acl inherit = Yes
store dos attributes = Yes
nt acl support = No
force unknown acl user = Yes
unix extensions = no
follow symlinks= yes
wide links= yes
load printers = no
printcap name = /dev/null
# exe files
acl allow execute always = True
# Audit settings
full_audit:prefix = %u|%I|%S
full_audit:failure = connect
full_audit:success = mkdir rmdir write pwrite rename unlink \
chmod fchmod chown fchown ftruncate
full_audit:facility = local5
full_audit:priority = notice
# /etc/nsswitch.conf:
passwd: compat winbind files
group: compat winbind files
shadow: compat files
More information about the samba
mailing list