[Samba] Mapping the Domain Administrator Account to the Local root User

[Luis Peromarta]

Looks like your root mapping isn’t working.

Did you add "min domain uid = 0” to smb.conf ?

See 'Mapping the AD Administrator user to ‘root’' :

http://samba.bigbird.es/doku.php?id=samba:file-server

On Nov 27, 2023 at 18:58 +0100, mail--- via samba <samba at lists.samba.org>, wrote:
> Hello,
>
> recently I've "updated" an AD member file server to an up-to-date Debian
> 12, following the wiki page Setting_up_Samba_as_a_Domain_Member. Some
> years ago I did the same with a Debian 10 VM, of which I used the data
> disks in the new fileserver. It uses the "rid" backend, acl and is
> configured via RSAT tools.
>
> Either I didn't follow the wiki page in the "Mapping the Domain
> Administrator Account to the Local root User" part or it was not yet
> existent years ago when I've configured the Debian 10 Samba.
>
> Anyways, in the actual configuration I used the username map as it's
> part of the wiki. But then, I wasn't able to access the Samba member
> fileserver with the computer management to check/change the permissions of my
> shares, as the computer management didn't get access to the fileserver.
> And, ironically, the Administrator user was also not able to access
> their home files ("normal" users on the contrary were able to do this).
> While the login process itself worked and the "gpresult /r" signalised,
> that the process worked for users and administrators.
>
> After commenting out the "username map" parameter I've gained access to the
> fileserver via "computer management" again and the administrator can
> access their (redirected) folders and files again.
>
> While it's nice that it's working again, I wonder why and in which cases
> the mapping is necessary?
>
> All the best
> Sinni
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba