[Samba] Permissions issue on domain member server (samba as an appliance)
Greg Dickie
greg at justaguy.ca
Sun Oct 29 21:08:36 UTC 2023
OK I found an account with RID 500 but it has another username. I
inherited this AD from 15+ years ago. Everything looks fine, all the
computer management stuff works and I can manipulate permissions and
security BUT running robocopy still gives "Error 1314 Copying N
TFS Security to destination Directory ********* A required privilege is not
held by the client". I just noticed it does say the user but the client.
Hmmmm.
Thanks,
Greg
On Sun, Oct 29, 2023 at 4:53 PM Luis Peromarta via samba <
samba at lists.samba.org> wrote:
> Administrator is a built in account in the AD. When you provisioned the
> domain with a password , that was Administrators password.
>
> LP
> On 29 Oct 2023 at 21:36 +0100, Greg Dickie via samba <
> samba at lists.samba.org>, wrote:
> > Hey Rowland,
> >
> > Sorry, I'm thick. I understand why you would not want to create a linux
> > user called Administrator but then where will the credentials come from?
> In
> > my AD, I do not have a user called Administrator. I guess I must have a
> > user with RID 500 though, I'll look for that.
> >
> > Thanks for your help,
> > Greg
> >
> > On Sat, Oct 28, 2023 at 3:09 AM Rowland Penny via samba <
> > samba at lists.samba.org> wrote:
> >
> > > On Fri, 27 Oct 2023 16:14:52 -0400
> > > Greg Dickie <greg at justaguy.ca> wrote:
> > >
> > > > Hey Rowland,
> > > >
> > > > Hmmm. I may have misunderstood. I don't believe it explicitly said to
> > > > do that but I took it as that. Should I create a local Administrator
> > > > account instead?
> > > >
> > >
> > > The whole idea behind the user map on a Unix domain member is to map
> > > the Domain Administrator account (RID 500) to the Unix user 'root'.
> > > When you do something on Windows as 'Administrator' is done on Unix as
> > > 'root'.
> > >
> > > I would never use 'Administrator' directly on Unix and here is why:
> > >
> > > I use the 'rid' idmap backend and if I run 'getent passwd
> > > administrator', I get:
> > >
> > > administrator:*:10500:10513::/home/administrator:/bin/bash
> > >
> > > As you can see 'Administrator' has the ID '10500', which makes it a
> > > normal Unix user with no special powers. However, from Windows via
> > > Samba, the 'Administrator' ID is set to '0' by the user map and I hope
> > > you realise what other Unix user has the ID '0'.
> > >
> > > If you haven't realised yet, no, do not create a local Administrator,
> > > for one thing, you already have one :-)
> > >
> > > Rowland
> > >
> > >
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions: https://lists.samba.org/mailman/options/samba
> > >
> >
> >
> > --
> >
> >
> > Greg Dickie
> > just a guy
> > 514-983-5400
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
--
Greg Dickie
just a guy
514-983-5400
More information about the samba
mailing list