[Samba] Samba shares for raoming profiles and redirected folders
Rowland penny
rpenny at samba.org
Thu Jun 11 21:06:05 UTC 2020
On 11/06/2020 21:29, James B. Byrne via samba wrote:
> On our existing samba43 installation I see this:
>
> ll -d /var/samba4/BROCKLEY-2016/USERS/
> drwxrwx---+ 21 root BROCKLEY-2016\domain admins 512 Feb 14 08:43
> /var/samba4/BROCKLEY-2016/USERS/
The Unix permissions show that there are ACLs set
>
> ll -d /var/samba4/BROCKLEY/USERS/
> drwxr-xr-x 3 root wheel 3 Jun 11 14:32 /var/samba4/BROCKLEY/USERS/
No ACLS set
>
> I have read
> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs#Granting_the_SeDiskOperatorPrivilege_Privilege
> and to be frank, this leaves me more confused than anything else.
What has confused you ? if you can tell us, I might be able to make it
clearer.
>
> I have done this:
>
> net rpc rights grant "BROCKLEY\administrator" SeDiskOperatorPrivilege -U
> "BROCKLEY\administrator"
> Enter BROCKLEY\administrator's password:
> Successfully granted rights.
>
> net rpc rights grant "BROCKLEY\domain admins" SeDiskOperatorPrivilege -U
> "BROCKLEY\administrator"
> Enter BROCKLEY\administrator's password:
> Successfully granted rights.
>
> net rpc rights list privileges SeDiskOperatorPrivilege -U "BROCKLEY\administrator"
> Enter BROCKLEY\administrator's password:
> SeDiskOperatorPrivilege:
> BROCKLEY\Administrator
> BROCKLEY\Domain Admins
>
>
> But, I suspect that this is at best unnecessary and at worse total wrong.
Required, but possibly not a good idea when it comes to Domain Admins,
is this on a DC ?
>
> I have tried to set the USERS security setting from RSAT but the console simply
> closes whenever I try to open the security tab.
>
> I did this once for the existing domain and I do not recall having this much
> difficulty.
>
> On the existing domain there is no entry in /etc/group having to do with samba.
I am extremely glad to hear that, because there shouldn't be ;-)
> How do I set the group to BROCKLEY\domain admins for
> /var/samba4/BROCKLEY/USERS/ on the new location?
I would use the equivalent of the Linux chrgp command, but this would
entail 'getent group Domain\ Users' producing output.
Not sure how Freebsd does this, does it use /etc/nsswitch ?
Do you have the equivalent of the libnss-winbind, libpam-winbind and
libpam-krb5 packages installed ?
Rowland
More information about the samba
mailing list