[Samba] Cannot set Windows ACL on Sharefolder with other user than Administrator
Rowland Penny
rpenny at samba.org
Thu Aug 4 18:05:13 UTC 2022
On Thu, 2022-08-04 at 18:54 +0200, Oliver via samba wrote:
> Dear all,
>
> some research later, I did some queries on my PDC and secondary DC.
You do not have a PDC and secondary DC, you just have two DC's and one
of them holds all the FSMO roles. In all other things, they should be
identical.
> I figure out, that the LDAP queries works and the group membership
> for
> LDAP is working.
>
> I found an error, when run samba-tool on the secondary DC. There is
> a
> missing secrets.ldb and sam.ldb .
If you do not have secrets.ldb and sam.ldb on a DC, then you have
really big problems. Have you checked if they exist or not ?
> You will find it at the end of this message.
>
> Can you help me to fix this?
> What did I wrong?
>
> Regards,
>
> Oliver
>
> General questionsmarks, may somebody could answer:
> - getent not works on Primary DC
Do you have libpam-winbind and libnss-winbind installed ?
Or if you complied Samba yourself, did you create the required links ?
> - wbinfo on Primary DC run with or without given Domain e.g.
> "DOMAIN\\USER" & "USER"
This is how it is supposed to work.
> - wbinfo on secondarys DC only runs with given Domain e.g.
> "DOMAIN\\USER"
Hmm, that isn't correct.
> - ldbsearch works only to remote host DC.
'ldbsearch' should work on both DC's
I do hope that '.local' is a replacement for your correct TLD
I think you need to compare your first DC with your second DC, they
should, apart from the hostname ipaddress etc, be identical.
I would also do some reading up on AD attributes (for instance, a group
will never have a primaryGroupID attribute).
Rowland
More information about the samba
mailing list