[Samba] Computer Management - Share Security - No Read Access

[Rowland Penny]

On Fri, 22 Feb 2019 10:45:38 -0500
Marco Shmerykowsky via samba <samba at lists.samba.org> wrote:

> -------- Original Message --------
> Subject: Re: [Samba] Computer Management - Share Security - No Read 
> Access
> Date: 2019-02-22 10:30 am
>  From: Marco Shmerykowsky <marco at sce-engineers.com>
> To: "L.P.H. van Belle" <belle at bazuin.nl>
> 
> > Ok, debian?
> > https://github.com/thctlo/samba4/blob/master/howtos/stretch-base-3.1-samba-member-debian-install.txt
> > https://github.com/thctlo/samba4/blob/master/howtos/stretch-base-3.2-samba-member-fileserver.txt
> > Have a look at it, it might give you some ideas, this is how i
> > install my servers.
> > 
> > I needs a bit of updating, but in general its still ok.
> > Just keep an eye on the smb.conf and its contents that might need a
> > bit updateing.
> > And use :  apt-get install samba winbind acl attr libnss-winbind
> > libpam-winbind \
> >  ntp krb5-user bind9utils ldb-tools smbclient -y
> 
> Two things that I notice which differ from the information on
> see on the wiki to date:
> 
> 1) Your install routine mentions 'acl'
> 
>     Yes the wiki mentions make sure its installed and I thought
>     I had checked this, but shouldn't it be listed on the wiki?

This is a 'belt and braces approach'. it is normally installed by
default on Debian based distros.

> 
> 2) The wiki old mentioned SeDiskOperatorPivilege
> 
>     The member-fileserver document seems to set a number
>     of items.  Is this belt and suspenders or do all this
>     things need to be set explicitly?

Certain things need to be in place before you can set the permissions
from Windows, the wiki page shows these steps. The only step I didn't
state in the document I sent you is (and I Apologise for this), you
must log into Windows as either 'DOMAIN\Administrator' or as
'DOMAIN\username' where 'username' is a user that is a member of
Domain Admins. 

Rowland