[Samba] Setting permissions on AD member file server
Rowland Penny
rpenny at samba.org
Fri Mar 11 15:51:07 UTC 2022
On Fri, 2022-03-11 at 07:31 -0800, Gregory Sloop via samba wrote:
> >
> I'm feeling really stupid this AM - lets use small words to make sure
> I understand this properly - I need to add the users that need to
> edit permissions to the BUILTIN/Administrators group, because "Domain
> Admins" won't cut it. Right?
Wrong , that is how it is supposed to work.
>
> Is that normal? ...I.E. It's been a while and I don't have a native
> Windows setup to tinker on handy, but IIRC, each admin group is a
> super-set of the previous. So Domain Admins has all the rights/privs
> of Admins, plus some. And Enterprise Admins is a superset of Domain
> Admins. So, this seems like odd Samba behavior.
It isn't normal and to the best of my recollection, it used to work
like that, you logged into Windows as a member of Domain Admins and you
could change the permissions on a share. I can only do this now if I
log in as Administrator, with a user.map set in smb.conf and 'min
domain uid = 0' also set.
I think you could have found a bug :-/
Rowland
More information about the samba
mailing list