[Samba] Setting permissions on AD member file server

Rowland Penny rpenny at samba.org
Fri Mar 11 22:25:43 UTC 2022

On Fri, 2022-03-11 at 22:10 +0000, spindles seven via samba wrote:
> On 11 March 2022 15:51 Rowland Penny wrote:
> > On Fri, 2022-03-11 at 07:31 -0800, Gregory Sloop via samba wrote:
> > It isn't normal and to the best of my recollection, it used to work
> > like that, you logged
> > into Windows as a member of Domain Admins and you could change the
> > permissions on a share. I can only do this now if I log in as
> > Administrator, with a
> > user.map set in smb.conf and 'min domain uid = 0' also set.
> > 
> > I think you could have found a bug :-/
> > 
> Possibly.  I have found that in order to use a 'Domain Admins' user
> to set permissions from Windows (rather than the Administrator
> account) I needed to give 'Domain Admins' (or BUILTIN/Administrators)
> write access to the folder.

I take it you found that out from here:


> I follow Louis' very detailed explanation in an earlier thread to set
> permissions in Linux (see 
> https://lists.samba.org/archive/samba/2021-November/238776.html )
> before setting them from Windows using a Domain Admin user and it
> works fine as far as I can tell. 

That is what I was getting at, it used to work. A member of Domain
Admins logged into Windows could change the permissions on a share,
provided everything was set up correctly on the Unix domain member. I
can now only do this with Administrator.


More information about the samba mailing list