[Samba] R: R: winbindd no access console with root
Corrado Ravinetto
corrado.ravinetto at lanificiocerruti.com
Thu Dec 22 10:57:14 UTC 2022
>On 22/12/2022 10:18, Corrado Ravinetto via samba wrote:
>> I compiled by my self and it's a domain member's role 😊
>No, I was trying to find out if you had compiled without the DC components, but it sounds like you just ran:
>./configure
>make
>make install
yes
>and everything ended up in /usr/local/samba/
Yes
>>
>> [global]
>> client min protocol = NT1
>> log file = /var/log/samba/message.log
>> max log size = 1000
>> ntlm auth = ntlmv1-permitted
>> os level = 250
>> realm = LXCERRUTI.COM
>> security = ADS
>> server min protocol = NT1
>> server role = member server
>> server string = Samba Member - Versione %v
>> winbind offline logon = Yes
>> winbind use default domain = Yes
>> workgroup = LXCERRUTI
>> idmap config * : range = 100000-107999
>> idmap config lxcerruti : backend = ad
>> idmap config lxcerruti : range = 0-99999
>> idmap config lxcerruti : unix_nss_info = yes
>> idmap config * : backend = tdb
>> acl allow execute always = Yes
>>
>>
>> [Vol1]
>> admin users = @g_admin
>> comment = Home Directory per ogni User
>> create mask = 0777
>> directory mask = 0777
>> hide unreadable = Yes
>> path = /Cerruti
>> read only = No
>> vfs objects = recycle
>> recycle:maxsize = 500000000
>> recycle:exclude = *.tmp *.ldb *.temp ~$* *.LCK *.dmp
>> recycle:versions = yes
>> recycle:keeptree = yes
>> recycle:touch = yes
>> recycle:repository = .recycle/%U
>>
>It looks like you upgraded from an NT4-style domain and are still thinking in NT4-style ways.
Yes, this is an upgrade from an old samba 3
>There is an obvious reason why 'root' isn't working, perhaps you will understand why after reading this:
>https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Configuring_Samba
I red this, but my Domain User have rid = 503 and all users have like primarygroup 503
Then i can't change this to all my users.
I haven't unix user, only my linux user is root thai i use to manage my linux box
So what can i change to use ONLY root as account ??
>Do you still have any pre-vista Windows machines in your domain ?
>If not, you can remove all the SMBv1 lines.
Yes, too much xp ☹
>I would also suggest you read this:
>https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
>And then set the share permissions from Windows, this will you much finer access control.
>Rowland
Thanks a lot
[Lanificio F.lli CERRUTI]
Corrado Ravinetto
Sistemi informativi
corrado.ravinetto at lanificiocerruti.com <mailto:corrado.ravinetto at lanificiocerruti.com>
T: +39 015 3591283
[Lanificio F.lli CERRUTI]
Lanificio F.lli Cerruti S.p.A.
Via Cernaia 40, 13900 - Biella (BI) Italy
www.lanificiocerruti.com <http://www.lanificiocerruti.com/>
[Twitter] <https://twitter.com/Lan_Cerruti> [Facebook] <https://www.facebook.com/LanificioCerruti> [Instagram] <https://www.instagram.com/lanificiocerruti/>
Rispetta l'ambiente, non stampare questa mail se non necessario
Respect the environment, don't print unless necessary
[Unesco]
More information about the samba
mailing list