-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi, I've followed the cookbook and pretty much everything is working
fine! This is a proof-of-concept project for a total MS SBS 2003
replacement, so it will be a standalone server.
I'm at the point of testing and setting up directory shares from the
server. I'm doing this via CLI since we won't have an AD mgmt
workstation in the future.
The issue is, I've limited a share to a Group and to 2 users, who are in
that group. I can read the share, but can't right to it as either of the
2 users. I can write to it as Administrator, though. Not sure where to
go from here.
The group I've added is: "Unix Administrators"
This is probably too much info, but I don't know what is pertinent:
PYTHONPATH=$PYTHONPATH /usr/local/samba/bin/samba-tool group list
Allowed RODC Password Replication Group
Enterprise Read-Only Domain Controllers
Denied RODC Password Replication Group
Pre-Windows 2000 Compatible Access
Windows Authorization Access Group
Certificate Service DCOM Access
Network Configuration Operators
Terminal Server License Servers
Incoming Forest Trust Builders
Read-Only Domain Controllers
Group Policy Creator Owners
Performance Monitor Users
Cryptographic Operators
Distributed COM Users
Performance Log Users
Remote Desktop Users
Account Operators
Event Log Readers
RAS and IAS Servers
Unix Administrators
Backup Operators
Domain Controllers
Server Operators
Enterprise Admins
Print Operators
Administrators
Domain Computers
Cert Publishers
DnsUpdateProxy
Domain Admins
Domain Guests
Schema Admins
Domain Users
Replicator
IIS_IUSRS
DnsAdmins
Guests
Users
$PYTHONPATH /usr/local/samba/bin/samba-tool group listmembers "Unix
Administrators"
KateL
DanteBell
PYTHONPATH=$PYTHONPATH /usr/local/samba/bin/samba-tool domain info
192.168.4.110
Forest : sfpi-test.local
Domain : sfpi-test.local
Netbios domain : SFPI-TEST
DC name : openchangedev.sfpi-test.local
DC netbios name : OPENCHANGEDEV
Server site : Default-First-Site-Name
Client site : Default-First-Site-Name
net rpc rights list accounts -UDanteBell
Enter DanteBell's password:
BUILTIN\Print Operators
SeLoadDriverPrivilege
SeShutdownPrivilege
SeInteractiveLogonRight
BUILTIN\Account Operators
SeInteractiveLogonRight
BUILTIN\Backup Operators
SeBackupPrivilege
SeRestorePrivilege
SeShutdownPrivilege
SeInteractiveLogonRight
BUILTIN\Administrators
SeSecurityPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeSystemtimePrivilege
SeShutdownPrivilege
SeRemoteShutdownPrivilege
SeTakeOwnershipPrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeSystemProfilePrivilege
SeProfileSingleProcessPrivilege
SeIncreaseBasePriorityPrivilege
SeLoadDriverPrivilege
SeCreatePagefilePrivilege
SeIncreaseQuotaPrivilege
SeChangeNotifyPrivilege
SeUndockPrivilege
SeManageVolumePrivilege
SeImpersonatePrivilege
SeCreateGlobalPrivilege
SeEnableDelegationPrivilege
SeInteractiveLogonRight
SeNetworkLogonRight
SeRemoteInteractiveLogonRight
SFPI-TEST\Domain Admins
SeDiskOperatorPrivilege
BUILTIN\Server Operators
SeBackupPrivilege
SeSystemtimePrivilege
SeRemoteShutdownPrivilege
SeRestorePrivilege
SeShutdownPrivilege
SeInteractiveLogonRight
BUILTIN\Pre-Windows 2000 Compatible Access
SeRemoteInteractiveLogonRight
SeChangeNotifyPrivilege
cat /usr/local/samba/etc/smb.conf
# Global parameters
[global]
### Configuration required by OpenChange server ###
dcerpc endpoint servers = +epmapper, +mapiproxy
dcerpc_mapiproxy:server = true
dcerpc_mapiproxy:interfaces = exchange_emsmdb, exchange_nsp,
exchange_ds_rfr
### Configuration required by OpenChange server ###
workgroup = SFPI-TEST
realm = SFPI-TEST.local
netbios name = OPENCHANGEDEV
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbind, ntp_signd, kcc, dnsupdate
[netlogon]
path = /usr/local/samba/var/locks/sysvol/sfpi-test.local/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
[Homes]
path = /var/openchange/users/%U
read only = no
[IT]
path = /var/openchange/IT
preserve case = yes
browseable = yes
read only = no
hide special files = yes
valid users = @Unix Administrators,DanteBell,KateL
[Profiles]
path = /var/openchange/Profiles
read only = no
smbclient --user=DanteBell --workgroup=SFPI-TEST --debug=9
--list=192.168.4.110
Enter DanteBell's password:
Domain=[SFPI-TEST] OS=[Unix] Server=[Samba 4.1.0]
Sharename Type Comment
--------- ---- -------
netlogon Disk
sysvol Disk
Homes Disk
IT Disk
Profiles Disk
IPC$ IPC IPC Service (Samba 4.1.0)
Domain=[SFPI-TEST] OS=[Unix] Server=[Samba 4.1.0]
Server Comment
--------- -------
Workgroup Master
--------- -------
smbclient --user=DanteBell --workgroup=SFPI-TEST --debug=9
--list=192.168.4.110
Enter DanteBell's password:
Domain=[SFPI-TEST] OS=[Unix] Server=[Samba 4.1.0]
Sharename Type Comment
--------- ---- -------
netlogon Disk
sysvol Disk
Homes Disk
IT Disk
Profiles Disk
IPC$ IPC IPC Service (Samba 4.1.0)
Domain=[SFPI-TEST] OS=[Unix] Server=[Samba 4.1.0]
Server Comment
--------- -------
Workgroup Master
--------- -------
dante@dexter:~$ smbclient -U DanteBell -W SFPI-TEST //192.168.4.110/IT
Enter DanteBell's password:
Domain=[SFPI-TEST] OS=[Unix] Server=[Samba 4.1.0]
smb: \> dir
. D 0 Thu Jan 23 13:46:42 2014
.. D 0 Tue Jan 28 14:14:24 2014
3C16685_User_Guide.pdf A 1803778 Thu Aug 25 13:28:01 2011
46802 blocks of size 1048576. 44365 blocks available
smb: \> touch dante
touch: command not found
smb: \> mkdir dante
NT_STATUS_ACCESS_DENIED making remote directory \dante
smb log (running in single mode)
schannel_store_session_key_tdb: stored schannel info with key
SECRETS/SCHANNEL/OPENCHANGEDEV
No hostname for target computer passed in, cannot use kerberos for this
connection
Got NTLMSSP neg_flags=0x60088235
Got challenge flags:
Got NTLMSSP neg_flags=0x60898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088235
Got user=[OPENCHANGEDEV$] domain=[SFPI-TEST] workstation=[OPENCHANGEDEV]
len1=24 len2=196
auth_check_password_send: Checking password for unmapped user
[SFPI-TEST]\[OPENCHANGEDEV$]@[OPENCHANGEDEV]
auth_check_password_send: mapped user is:
[SFPI-TEST]\[OPENCHANGEDEV$]@[OPENCHANGEDEV]
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088235
No hostname for target computer passed in, cannot use kerberos for this
connection
Got NTLMSSP neg_flags=0x60088235
Got challenge flags:
Got NTLMSSP neg_flags=0x60898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088235
Got user=[OPENCHANGEDEV$] domain=[SFPI-TEST] workstation=[OPENCHANGEDEV]
len1=24 len2=196
auth_check_password_send: Checking password for unmapped user
[SFPI-TEST]\[OPENCHANGEDEV$]@[OPENCHANGEDEV]
auth_check_password_send: mapped user is:
[SFPI-TEST]\[OPENCHANGEDEV$]@[OPENCHANGEDEV]
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088235
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQEcBAEBAgAGBQJS6TeOAAoJEBD3tmcdd5Sfq48IAIA3ljl6MtR3vPY5jHcAdxH6
ZNInQhee3aU4oxXGSKuH0OOl/VgvGyw6+mhylLWx9vlWoOiGASLpCAKnoiclUFoV
bWJsXRPUUeUtyVsdBOjbHZ+go2j0EVihyE8suzBFPTJmI3DlDieen6ZGUkc+s+6w
v2cNJNzxesqqnJN2XoZ3WD3PYCmQpSsMofe9gqkDPcXe/2W/k/6AyHqF+u3xpmuX
2U9hhPtyIV5O0ZgzsH+g54CmIhuydWlx3aHdZ9upx+SqS34uV6h3B72WKK+I99+P
I8JYhD0mDEMy3CZaOfFjrCCMhK5+Ld0g0MVm9EQN4G+4a3nbPil4LVUrSQAJ0CY=
=938B
-----END PGP SIGNATURE-----
_______________________________________________
devel mailing list
[email protected]
http://mailman.openchange.org/listinfo/devel
