[Samba] Mapping the Domain Administrator Account to the Local root User
mail at rhizomatic-nomad.net
mail at rhizomatic-nomad.net
Mon Nov 27 17:57:21 UTC 2023
Hello,
recently I've "updated" an AD member file server to an up-to-date Debian
12, following the wiki page Setting_up_Samba_as_a_Domain_Member. Some
years ago I did the same with a Debian 10 VM, of which I used the data
disks in the new fileserver. It uses the "rid" backend, acl and is
configured via RSAT tools.
Either I didn't follow the wiki page in the "Mapping the Domain
Administrator Account to the Local root User" part or it was not yet
existent years ago when I've configured the Debian 10 Samba.
Anyways, in the actual configuration I used the username map as it's
part of the wiki. But then, I wasn't able to access the Samba member
fileserver with the computer management to check/change the permissions of my
shares, as the computer management didn't get access to the fileserver.
And, ironically, the Administrator user was also not able to access
their home files ("normal" users on the contrary were able to do this).
While the login process itself worked and the "gpresult /r" signalised,
that the process worked for users and administrators.
After commenting out the "username map" parameter I've gained access to the
fileserver via "computer management" again and the administrator can
access their (redirected) folders and files again.
While it's nice that it's working again, I wonder why and in which cases
the mapping is necessary?
All the best
Sinni
More information about the samba
mailing list