[Samba] Windows ACLs : problems

Stefan G. Weichinger lists at xunil.at
Tue Feb 25 14:01:45 UTC 2020


Am 25.02.20 um 14:54 schrieb Rowland penny via samba:
> On 25/02/2020 13:49, Stefan G. Weichinger via samba wrote:
>> Am 25.02.20 um 14:30 schrieb Rowland penny via samba:
>>
>>> OK, I give in, I will alter the wiki page, if you use the 'rid' or
>>> 'autorid'  backend, you can use Domain Admins, just do not give Domain
>>> Admins a gidNumber.
>> While you're at it ;-)
>>
>> It also isn't clear to me where "Unix Admins" comes from.
> Out of my head ;-)
>>
>> I have to add that group on the DC, add my admin-users ... right? Then
>> grant the SeDiskOperatorPrivilege ... then chgrp the files in the share?
> 
> You do not need it, it is only required if using the winbind 'ad'
> backend and only then if you don't want possible problems with sysvol.

What? Now I *don't* need it?

Sorry, can't follow here.

So far I only was able to get that mostly working by doing "chown -R
Administrator:10513" or so ...

Right now I can't access the ACLs from windows at all (on that share,
with DOM\Administrator)

feels like a loop  ....





More information about the samba mailing list