[Samba] Mapping the Domain Administrator Account to the Local root User

mail at rhizomatic-nomad.net mail at rhizomatic-nomad.net
Mon Nov 27 18:45:01 UTC 2023 

The user rights I've granted, but this "min domain uid = 0” parameter
seems to be important and is not documented in the Samba wiki. After
adding it I can access the files and administrate the fileserver as wanted.

Sinni


On 27.11.2023 19:05:29, Luis Peromarta via samba wrote:
> Also, did you grant users rights to manage services in Member Servers ?
> 
> http://samba.bigbird.es/doku.php?id=samba:server-privileges
> 
> LP
> On Nov 27, 2023 at 19:02 +0100, Luis Peromarta via samba <samba at lists.samba.org>, wrote:
> > Looks like your root mapping isn’t working.
> >
> > Did you add "min domain uid = 0” to smb.conf ?
> >
> > See 'Mapping the AD Administrator user to ‘root’' :
> >
> > http://samba.bigbird.es/doku.php?id=samba:file-server
> >
> > On Nov 27, 2023 at 18:58 +0100, mail--- via samba <samba at lists.samba.org>, wrote:
> > > Hello,
> > >
> > > recently I've "updated" an AD member file server to an up-to-date Debian
> > > 12, following the wiki page Setting_up_Samba_as_a_Domain_Member. Some
> > > years ago I did the same with a Debian 10 VM, of which I used the data
> > > disks in the new fileserver. It uses the "rid" backend, acl and is
> > > configured via RSAT tools.
> > >
> > > Either I didn't follow the wiki page in the "Mapping the Domain
> > > Administrator Account to the Local root User" part or it was not yet
> > > existent years ago when I've configured the Debian 10 Samba.
> > >
> > > Anyways, in the actual configuration I used the username map as it's
> > > part of the wiki. But then, I wasn't able to access the Samba member
> > > fileserver with the computer management to check/change the permissions of my
> > > shares, as the computer management didn't get access to the fileserver.
> > > And, ironically, the Administrator user was also not able to access
> > > their home files ("normal" users on the contrary were able to do this).
> > > While the login process itself worked and the "gpresult /r" signalised,
> > > that the process worked for users and administrators.
> > >
> > > After commenting out the "username map" parameter I've gained access to the
> > > fileserver via "computer management" again and the administrator can
> > > access their (redirected) folders and files again.
> > >
> > > While it's nice that it's working again, I wonder why and in which cases
> > > the mapping is necessary?
> > >
> > > All the best
> > > Sinni
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions: https://lists.samba.org/mailman/options/samba
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list