[Samba] winbind: How to map Administrator to "root" on AD member server
Rowland Penny
rowlandpenny at googlemail.com
Sat Feb 15 16:38:16 MST 2014
On 15/02/14 22:42, Björn JACKE wrote:
> On 2014-02-15 at 00:53 +0100 Fred F sent off:
>> This is working great for normal users and groups, but I am struggling with
>> some special accounts, such as "Administrator". On the DC Samba
>> automatically assigned the uid/gid "0" to the account, which is fine for
>> me. Now I also need this mapping on the member servers, as storage may be
>> shared across the servers, so the UIDs need to stay the same.
>> So I assigned the uidNumber "0" to the "Administrator" account in the AD,
>> but unfortunately the member server cannot resolve the account's SID to a
>> uid (on the AD DC this is working!). What am I doing wrong?
> I would recommend to change the uidNumber of Administrator to a different
> unused one. Otherwise you might run into other problems, too. See also
> https://bugzilla.samba.org/show_bug.cgi?id=9837
>
> Björn
>
>
Hmm, I can see two problems here:
1) Samba maps the Administrator to 0
dn: CN=SID-500
name: Administrator
cn: SID-500
objectClass: sidMap
objectSid: SID-500
type: ID_TYPE_UID
xidNumber: 0
distinguishedName: CN=SID-500
2) where are you going to get the uidNumber from??? Samba 4 does not
store any uidNumber's until one is created i.e. there is no uidNumber to
give to the Administrator.
Rowland
More information about the samba
mailing list