[Samba] Samba shares for raoming profiles and redirected folders
James B. Byrne
byrnejb at harte-lyne.ca
Thu Jun 11 20:29:34 UTC 2020
On our existing samba43 installation I see this:
ll -d /var/samba4/BROCKLEY-2016/USERS/
drwxrwx---+ 21 root BROCKLEY-2016\domain admins 512 Feb 14 08:43
/var/samba4/BROCKLEY-2016/USERS/
ll -d /var/samba4/BROCKLEY/USERS/
drwxr-xr-x 3 root wheel 3 Jun 11 14:32 /var/samba4/BROCKLEY/USERS/
I have read
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs#Granting_the_SeDiskOperatorPrivilege_Privilege
and to be frank, this leaves me more confused than anything else.
I have done this:
net rpc rights grant "BROCKLEY\administrator" SeDiskOperatorPrivilege -U
"BROCKLEY\administrator"
Enter BROCKLEY\administrator's password:
Successfully granted rights.
net rpc rights grant "BROCKLEY\domain admins" SeDiskOperatorPrivilege -U
"BROCKLEY\administrator"
Enter BROCKLEY\administrator's password:
Successfully granted rights.
net rpc rights list privileges SeDiskOperatorPrivilege -U "BROCKLEY\administrator"
Enter BROCKLEY\administrator's password:
SeDiskOperatorPrivilege:
BROCKLEY\Administrator
BROCKLEY\Domain Admins
But, I suspect that this is at best unnecessary and at worse total wrong.
I have tried to set the USERS security setting from RSAT but the console simply
closes whenever I try to open the security tab.
I did this once for the existing domain and I do not recall having this much
difficulty.
On the existing domain there is no entry in /etc/group having to do with samba.
How do I set the group to BROCKLEY\domain admins for
/var/samba4/BROCKLEY/USERS/ on the new location?
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
More information about the samba
mailing list