Web lists-archives.com

Re: [Samba] Problem sysvolreset




On Mon, 20 Mar 2017 15:27:33 +0100
Björn JACKE via samba <samba@xxxxxxxxxxxxxxx> wrote:

> On 2017-03-07 at 18:48 +0000 Rowland Penny via samba sent off:
> > It is my recommendation to not give Domain Admins a gidNumber and
> > not to run sysvolreset if you add any GPOs.
> 
> anybody who uses idmap ad on a samba member server should give domain
> users and domain admins a gidnumber actually. This does not affect
> sysvol on a DC in any way unless you enable idmap_ldb:use rfc2307,
> what I would not recommend to do.
> 
> Björn
> 

Hi Bjorn,
You can recommend not doing something until you are blue in the face,
but you will not stop people doing it. ;-)

If you give Domain Admins a gidNumber, it breaks the mapping in
idmap.ldb and stops Domain Admins being able to own files and dirs in
sysvol and Domain Admins needs to own files and dirs in sysvol.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba