[Samba] "missing security tab" and related ACL issues
Rowland Penny
rpenny at samba.org
Tue Sep 11 08:06:48 UTC 2018
On Tue, 11 Sep 2018 09:54:32 +0200
"Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:
> Am 07.09.18 um 20:07 schrieb Rowland Penny via samba:
> > On Fri, 7 Sep 2018 19:09:37 +0200
> > "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:
>
> >> But
> >>
> >> # net rpc rights grant "Domänen-Admins" SeDiskOperatorPrivilege -U
> >> "mydomain\administrator"
> >>
> >> fails
> >>
> >> also for "mydomain\Domänen-Admins"
> >
> > Why is it 'Domanen-Admins' ? is the dash normal for the German
> > version of Windows ?
> > At least it exists ;-)
> >
> > Is the locale set correctly ?
>
> tried to set the locale to a german one ...
>
> # wbinfo -g
> dom�nencomputer
> dom�nen-benutzer
> dom�nen-g�ste
> dom�nen-admins
>
> still that special char displayed
>
> # wbinfo -g | grep -i adm
> specops endpoint protection report admins
> dnsadmins
> schema-admins
> organisations-admins
> Übereinstimmungen in Binärdatei (Standardeingabe)
>
> this does NOT contain "domänen-admins"
>
> why that?
>
> -
>
> # smb.conf
>
> [global]
> unix charset = iso8859-15
>
> security = ads
> realm = MYDOMAIN.INTRA
> workgroup = MYDOMAIN
>
> netbios aliases = u1MYDOMAIN
> server string = U1MYDOMAIN
>
> winbind cache time = 10
> winbind use default domain = yes
> winbind refresh tickets = Yes
>
> template homedir = /mnt/MSA2040/smb/Homes/%D/%U
>
> restrict anonymous = 2
> domain master = no
> local master = no
> preferred master = no
> invalid users = root bin daemon adm sync shutdown halt mail news \
> uucp
> obey pam restrictions = yes
>
> interfaces = 192.168.100.4/24 127.0.0.1
> bind interfaces only = Yes
>
> idmap config * : range = 3000-7999
> idmap config * : backend = tdb
> idmap config MYDOMAIN : range = 10000-20000
> idmap config MYDOMAIN : backend = rid
>
> # For ACL support on domain member
> vfs objects = acl_xattr full_audit
> map acl inherit = Yes
> store dos attributes = Yes
> nt acl support = No
> force unknown acl user = Yes
>
> unix extensions = no
> follow symlinks= yes
> wide links= yes
>
> load printers = no
> printcap name = /dev/null
>
> # exe files
>
> acl allow execute always = True
>
> # Audit settings
> full_audit:prefix = %u|%I|%S
> full_audit:failure = connect
> full_audit:success = mkdir rmdir write pwrite rename unlink \
> chmod fchmod chown fchown ftruncate
> full_audit:facility = local5
> full_audit:priority = notice
>
> # /etc/nsswitch.conf:
>
> passwd: compat winbind files
> group: compat winbind files
> shadow: compat files
>
There doesn't seem to be anything wrong there and has I never had that
problem, I am a bit stuck now ;-)
Perhaps someone else from Germany has had this problem and would care
to post ?
Rowland
More information about the samba
mailing list