[Samba] Setting permissions on AD member file server
Rowland Penny
rpenny at samba.org
Fri Mar 11 16:22:27 UTC 2022
On Fri, 2022-03-11 at 08:02 -0800, Gregory Sloop via samba wrote:
> > On Fri, 2022-03-11 at 07:31 -0800, Gregory Sloop via samba wrote:
> > > I'm feeling really stupid this AM - lets use small words to make
> > > sure
> > > I understand this properly - I need to add the users that need to
> > > edit permissions to the BUILTIN/Administrators group, because
> > > "Domain
> > > Admins" won't cut it. Right?
> > Wrong , that is how it is supposed to work.\
>
> Huh?!
> Wrong, meaning, that Domain Admins *should* be able to change
> permissions, and now it's "wrong" and doesn't work that way?
> Or "Wrong" Domain admins shouldn't be able to change permissions?
I understood what I typed, but you evidently didn't :-D
Lets try again.
Members of the Domain Admins group (and the Administrators group etc)
should be able to change the permissions on a Unix share from Windows,
as shown here:
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
This used to work, I can no longer get it to work, the only way I can
change permissions from Windows is to log into Windows as
Administrator, with 'min domain uid = 0' and a user.map set in
smb.conf.
I 'think' the last security update broke this, but I could be wrong.
Rowland
More information about the samba
mailing list