[Samba] Mapping the Domain Administrator Account to the Local root User

Luis Peromarta lperoma at icloud.com
Mon Nov 27 18:05:29 UTC 2023 

Also, did you grant users rights to manage services in Member Servers ?

http://samba.bigbird.es/doku.php?id=samba:server-privileges

LP
On Nov 27, 2023 at 19:02 +0100, Luis Peromarta via samba <samba at lists.samba.org>, wrote:
> Looks like your root mapping isn’t working.
>
> Did you add "min domain uid = 0” to smb.conf ?
>
> See 'Mapping the AD Administrator user to ‘root’' :
>
> http://samba.bigbird.es/doku.php?id=samba:file-server
>
> On Nov 27, 2023 at 18:58 +0100, mail--- via samba <samba at lists.samba.org>, wrote:
> > Hello,
> >
> > recently I've "updated" an AD member file server to an up-to-date Debian
> > 12, following the wiki page Setting_up_Samba_as_a_Domain_Member. Some
> > years ago I did the same with a Debian 10 VM, of which I used the data
> > disks in the new fileserver. It uses the "rid" backend, acl and is
> > configured via RSAT tools.
> >
> > Either I didn't follow the wiki page in the "Mapping the Domain
> > Administrator Account to the Local root User" part or it was not yet
> > existent years ago when I've configured the Debian 10 Samba.
> >
> > Anyways, in the actual configuration I used the username map as it's
> > part of the wiki. But then, I wasn't able to access the Samba member
> > fileserver with the computer management to check/change the permissions of my
> > shares, as the computer management didn't get access to the fileserver.
> > And, ironically, the Administrator user was also not able to access
> > their home files ("normal" users on the contrary were able to do this).
> > While the login process itself worked and the "gpresult /r" signalised,
> > that the process worked for users and administrators.
> >
> > After commenting out the "username map" parameter I've gained access to the
> > fileserver via "computer management" again and the administrator can
> > access their (redirected) folders and files again.
> >
> > While it's nice that it's working again, I wonder why and in which cases
> > the mapping is necessary?
> >
> > All the best
> > Sinni
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba

More information about the samba mailing list