2012-08-17 11:44 keltezéssel, steve írta:
Hi
S4 DC with S3 fileserver.
smb.conf on the fileserver:
[global]
workgroup = ALTEA
realm = HH3.SITE
security = ADS
kerberos method = secrets and keytab
winbind enum users = Yes
winbind enum groups = Yes
idmap config *:backend = tdb
idmap config *:range = 3000-4000
idmap config ALTEA:backend = ad
idmap config ALTEA:range = 20000-40000000
idmap config ALTEA:schema_mode = rfc2307
winbind nss info = rfc2307
winbind expand groups = 2
winbind nested groups = yes
usershare allow guests = No
winbind refresh tickets = yes
[home]
path = /home2/home
read only = No
[staff]
path = /home2/staff
read only = No
[profiles]
path = /home2/profiles
read only = No
store dos attributes = Yes
create mask = 0600
directory mask = 0700
[dropbox]
path = /home2/dropbox
force create mode = 0660
force directory mode = 0770
read only = No
wbinfo -u lists Administrator but getent passwd lists only those users
with a uidNumber and gidNumber. The latter users can login to xp and
enter the shares fine. Administrator can login but gets a password
prompt each time he hits a share. Giving the correct password results
in XP stating the he has no permission to access the share.
How do I get Administrator to enter and manipulate the shares. I
thought that that was his purpose.
Cheers,
Steve
First: the Windows in the security model Administrator=root from the
Unix world it is just a predefined account memeber of the Administrators
or in a domain of the Domain Admins group and that gives access , so you
could do all the management operation from any other user account member
of the Domain Admins group.
Second: samba3 smbd and thus s3fs (I think ntvfs not, but I could be
wrong) needs that the connected user have a valid uid/gidnumber in order
to be able to check the posix acl permissions, so if you want to connect
to a Samba3 box with Administrator, first give it all the posix
attributes you've give to the other user accounts (however it doesn't
need a unixHomedirectory or loginshell if you won't login e.g. via ssh
as Administrator)
Regards
Geza Gemes
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba