[Samba] Windows ACLs : problems
Rowland penny
rpenny at samba.org
Tue Feb 25 13:16:28 UTC 2020
On 25/02/2020 13:04, Stefan G. Weichinger via samba wrote:
> Am 24.02.20 um 10:34 schrieb Rowland penny via samba:
>
>> Change the owner to 'root' and never use Administrator on a Unix domain
>> member.
> wiki says:
>
> # chown root:"Unix Admins" /srv/samba/Demo/
> # chmod 0770 /srv/samba/Demo/
>
> I dont't have "Unix Admins" ...
And it says immediately above that: .... For example:
And further up the page, in a blue 'NOTE' box, it says this:
If you use the winbind 'ad' backend on Unix domain members and you add a
gidNumber attribute to the |Domain Admins| group in AD, you will break
the mapping in |idmap.ldb|. |Domain Admins| is mapped as |ID_TYPE_BOTH|
in |idmap.ldb|, this is to allow the group to own files in |Sysvol| on a
Samba AD DC. It is suggested you create a new group (|Unix Admins| for
instance), give this group a |gidNumber| attribute and add it to the
|Administrators| group and then, on Unix, use the group wherever you
would normally use |Domain Admins|.
You do not need to use another group, but if give Domain Admins a
gidNumber, you will have problems in sysvol.
> and the chown to root makes my Windows-connections fail with
> Administrator ...
Do you have a user.map line in smb.conf ?
Something like this:
username map = /etc/samba/smb.conf
Which contains something like this:
!root = DOMAIN\Administrator
Rowland
More information about the samba
mailing list