There is AD on Samba, there is no author of creation. Lost access to the ball, the admin has it, and the affected user on another computer also has it. Where to dig?

#

#2020-09-17 11:17:01

linux

#, 2020-09-17 11:17:01

There is AD on Samba (it seems 4 versions), there is no author of creation - he quit.
The servers themselves are wanted, the tab "Permissions" in the properties of the ball is not available even to the domain administrator.
There are domain admins, there are no roots.

How to competently take control of such an economy in general, so as not to bring down everything?

And specifically - how to return the balls to the user, without reloading the system?
At the same time:
- the computer is quite in the domain (some computers fell off, had to be re-entered, they did not try it, while it is necessary to provide the opportunity to work with the data set both on the computer and on our share)
- under the affected account, on another computer access to the balls without problems
- under the account of the domain administrator (login to the affected computer for the first time) also without problems

In the usual Windows infrastructure, I have never seen anything like this (((

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

#

#, 2020-09-18
@mindtester

~~solved - removing the computer from the domain and entering it back~~
is more tricky, you need to:
- check that the correct values are assigned to AD on the "UNIX attributes" tab
- update WinbindCache, for example like this raafat.tawasol.net/clear-winbind-cache
- look with the klist command which controllers issue crooked tickets, restart samba
ps on them, in the end, it was still necessary to recreate the user profile

J

Janus74, 2020-09-17
@Janus74

Change the owner of the directory, this requires administrator rights on the computer where the ball is located. Then you can view the security section and add the necessary permissions.