NS Samba AD - RSAT Windows 7

Feature
28

Will do.

2 Likes
29

Does it matter if I do it on RC2 or RC1?

30

Hi Jeff,

I don’t think it matter.
I will do on RC2.
Is closer to the final version.
Is a fresh installation on a dedicated hardware.
Only Samba AD and file server modules.

1 Like
31

You can upgrade rc1 as explained here

http://docs.nethserver.org/en/v7rc/release_notes.html

1 Like
32

Hi @davidep,
It works for me!

I have attached two screenshots with “Shares” before and after modifications because “Shares” has been modified. Maybe is relevant.

BR,
Gabriel

Shares before user_map.PNG1278×797 181 KB

Shares after user_map.PNG1279×798 181 KB

2 Likes
33

As side effect, it seems Administrator lost her home directory share :smile:

Now she see /root ! :dizzy_face:

Is it acceptable though?

Edit: not for me!

2 Likes
34

Neither for me! :grinning:

35

Sorry @davidep!

I made a mistake!:pensive:
I substituted “NETH” with “ABT” (domain name) not with “PDC-AD”, which is NetBIOS name!

In the correct case, as you said, the “Shares” are the same as before modifications, but in this case, doesn’t work!

Sorry again!

1 Like
36

To block access to “/root” directory we can add this line under the [homes] section:

invalid users = root
37

You did it right! My bad! It wasn’t “NetBIOS name” but “NetBIOS domain name”!

38

Ok, let me go back to “my mistake” and insert “invalid users = root”.
Please, give me a couple of minutes.

1 Like
39

OK, “root” is still there and no administrator@abt.ro home directory.
Also, I can modify the share permissions for “root”.

40

Can you actually access the /root/ directory contents? Can you write to it?

41

“root” is shown but I cannot access it from Windows Explorer, even with “administrator”.

root access_1.PNG1267×788 216 KB

root access_2.PNG1277×798 241 KB

1 Like
42

@davidep:
Another stupid question from me:

Technically, we have two servers here: one is the AD (the container) and one is the File Server.
To which of them we must to connect with RSAT to change permissions?
Suppose we have two separate servers.
All the permissions are not given by the AD Server?

43

No, I guess…

The DC container is a vanilla Samba 4.4 installation, the whole configuration is at default, and I hope there is not any need of changing it!

The File server, (as any other Windows Server) has its settings

  • Filesystem ACLs, implemented at file system level by Posix ACLs
  • Share permissions, implemented by Samba in share_info.tdb (I guess - BTW I still don’t get why this feature can be useful as we have Filesystem ACLs)
  • administrator-as-root mapping, implemented in the previous post in smb.conf
1 Like
44

It didn’t work with me either.

I could not connect the File Server but I could connect to the domain controller.

I also received a message that username or password is incorrect to see the Shares on the Share server.

Screenshot from 2016-11-11 11-25-54.png1221×712 187 KB

The administrator share is now called the root share, however the administrator is rwx for the root share. I also agree that root share should be called the administrator share.

Screenshot from 2016-11-11 11-37-15.png1221×712 111 KB

45

Hi Jeff,

No, the “root” share is not the administrator account file home share.

Please see here, where is (edit: temporary) solved: Administrative access to all shared folders

46

Got it.

1 Like
47

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.