Will do.
Does it matter if I do it on RC2 or RC1?
Hi Jeff,
I don’t think it matter.
I will do on RC2.
Is closer to the final version.
Is a fresh installation on a dedicated hardware.
Only Samba AD and file server modules.
Hi @davidep,
It works for me!
I have attached two screenshots with “Shares” before and after modifications because “Shares” has been modified. Maybe is relevant.
BR,
Gabriel
As side effect, it seems Administrator lost her home directory share
Now she see /root
!
Is it acceptable though?
Edit: not for me!
Neither for me!
Sorry @davidep!
I made a mistake!
I substituted “NETH” with “ABT” (domain name) not with “PDC-AD”, which is NetBIOS name!
In the correct case, as you said, the “Shares” are the same as before modifications, but in this case, doesn’t work!
Sorry again!
To block access to “/root” directory we can add this line under the [homes]
section:
invalid users = root
You did it right! My bad! It wasn’t “NetBIOS name” but “NetBIOS domain name”!
Ok, let me go back to “my mistake” and insert “invalid users = root”.
Please, give me a couple of minutes.
OK, “root” is still there and no administrator@abt.ro home directory.
Also, I can modify the share permissions for “root”.
Can you actually access the /root/ directory contents? Can you write to it?
@davidep:
Another stupid question from me:
Technically, we have two servers here: one is the AD (the container) and one is the File Server.
To which of them we must to connect with RSAT to change permissions?
Suppose we have two separate servers.
All the permissions are not given by the AD Server?
No, I guess…
The DC container is a vanilla Samba 4.4 installation, the whole configuration is at default, and I hope there is not any need of changing it!
The File server, (as any other Windows Server) has its settings
- Filesystem ACLs, implemented at file system level by Posix ACLs
- Share permissions, implemented by Samba in share_info.tdb (I guess - BTW I still don’t get why this feature can be useful as we have Filesystem ACLs)
- administrator-as-root mapping, implemented in the previous post in smb.conf
It didn’t work with me either.
I could not connect the File Server but I could connect to the domain controller.
I also received a message that username or password is incorrect to see the Shares on the Share server.
The administrator share is now called the root share, however the administrator is rwx for the root share. I also agree that root share should be called the administrator share.
Hi Jeff,
No, the “root” share is not the administrator account file home share.
Please see here, where is (edit: temporary) solved: Administrative access to all shared folders
Got it.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.