[Samba] 'Administrator' account (UID 0) on Samba member of a Samba4 AD DC

[Alex Matthews]

Hi all,

I have a samba server as member of an AD DC.
In said AD DC there is the 'administrator' user which has the default 
UID of 0 (the same as root)
from the ADDC:

# id administrator
uid=0(root) gid=513(SMC\Domain Users) groups=0(root),513(SMC\Domain 
Users),3000005(SMC\Group Policy Creator Owners),3000009(SMC\Enterprise 
Admins),512(SMC\Domain Admins),3000007(SMC\Schema Admins)

from the member server:
# id administrator
id: administrator: no such user

It also does not appear in wbinfo -u or getent passwd

The issue is that if I log on to a windows machine as the administrator 
user I cannot access a share on the member server as it does not 
authenticate.

my smb.conf is pretty simple:

[global]
         workgroup = SMC
         realm = internal.stmaryscollege.co.uk
         netbios name = PVE-ARCH-S3-02
         security = ADS
         encrypt passwords = yes
         server role = MEMBER SERVER

         idmap config *:backend = tdb
         idmap config *:range = 70001-80000
         idmap config SMC:backend = ad
         idmap config SMC:schema_mode = rfc2307
         idmap config SMC:range = 0-40000

         winbind nss info = rfc2307
         winbind trusted domains only = no
         winbind use default domain = yes
         winbind enum users  = yes
         winbind enum groups = yes

(Note: I changed the idmap config SMC:range to include '0' as I thought 
this might encourage samba to idmap the root user... but no dice...)


Thanks,

Alex