Prev: hardlink unlink-before-save?
Next: Slow domain logons with samba PDC
From: L. A. Walsh on 21 Jun 2010 02:00
I'm a little fuzzy about this, but I can't think of why samba would
provide rights if it wasn't for this case.

As mentioned in the HOWTO, domain admins, on a samba host,
have no special rights other than what are assigned using
"net rpc rights". So I assigned the "TakeOwnerShip" right
to that group. I placed myself in that group.

Then on a workstation, I log in as "domain\me" (as opposed
to local login).
The I use explorer to browse a directory owned by
user/group 'dummy/dummy' on a share on the domain server.
Trying to create a subdirectory there, fails, as expected.
However, when I try taking ownership of that directory --
that also fails with a permission denied.

Why? FWIW, I am in the local-workstation's admin
group, so I can take possession of local files in such
a situation.

Also, FWIW, I am in the domain server's "Administrators"
group which is a unix group that is mapped to the built
"Administrators" group.

I'm running winbind, and my /etc/nsswitch.conf file
has:
passwd: files winbind
group: files winbind

I am NOT running nscd -- as the HOWTO says it can cause
a conflict (though trying it with nscd seems to make no difference).


Is this suppose to work?

Should rights assigned to domain groups also propagate to domain machines?

I.e. should 'Domain Admins' having the "Take ownership" right
allow a user to take file ownership on a workstation if it was
their only rights-enabling SID?

If domain rights DON't work this way -- they what are they for?

-l


--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
 | 
Pages: 1
Prev: hardlink unlink-before-save?
Next: Slow domain logons with samba PDC