[Samba] Acls

[Philip Offermans]

ohw. Miss spelling. I did not mess with idmap config. Autocorrect:)

> On 4 Sep 2020, at 18:57, Rowland penny via samba <samba at lists.samba.org> wrote:
> 
> On 04/09/2020 17:28, Philip Offermans via samba wrote:
>> Hi I have some problems with setting permissions on my share. I think it has to do that I didn’t configure this
>> 
>> If you use the winbind 'ad' backend on Unix domain members and you add a gidNumber attribute to the Domain Admins group in AD, you will break the mapping in idmap.ldb. Domain Admins is mapped as ID_TYPE_BOTH in  idmap.ldb, this is to allow the group to own files in Sysvol on a Samba AD DC. It is suggested you create a new AD group (Unix Admins for instance), give this group a gidNumber attribute and add it to the Administrators group and then, on Unix, use the group wherever you would normally use Domain Admins.
>> 
>> I am using a raspberry pi. And don’t know how to set this up.
> 
> Is this on the DC or the Unix domain member ?
> 
> If the Unix domain member, I don't that is your problem, you have 'idmap config <win domain>:range = 3000000-4000000' in your smb.conf and the ID numbers on a DC (which is where I think you got 3000000 from) are neither uidNumber or gidNumber attributes, they are xidNumber attributes and are only used on a DC. So have you added any uidNumber or gidNumber attributes to AD ?
> 
>> 
>> Philip
>> 
>> p.s. can an admin block Emma the hooker😂. She is sending spam. It’s anoying
> 
> I am very sure that 'Emma' isn't a registered Samba mailing list user and I am certain that she is not sending emails through our email servers, so we have no way to block her ;-)
> 
> Rowland
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba