[Samba] centos 6.5 sernet-samba 4.1.6 member server winbind idmap fail

Rowland Penny rowlandpenny at googlemail.com
Thu Apr 10 12:24:50 MDT 2014 

On 10/04/14 19:09, Lorenzo Faleschini wrote:
> When I go into the share permissions and security tab in compmgmt.msc
> I see Administrator with a red X on it (as if it was disabled, but 
> it's not in ADUC).
>
> I created another account (otheradmin) with UNIX Attributes, added to 
> Domain Admins (and set this as primary UNIX group)
>
> with this user seems that  I can manage shares correctly (and get rid 
> of Everyone's permissions)
>
> there's a strange behaviour for administrator user
>
> Il 10/04/2014 19:21, Rowland Penny ha scritto:
>>> eg: getent group "MY\\Domain Admins" - works
>>>       getent group - doesn't show anything
>>>
>>
>> You have a problem somewhere, getent should display all users, local 
>> and domain. There seems to be bug in getent (or is a feature) when it 
>> comes to groups, you must use 'getent group <domain group name>'
>
> getent -V returns 2.12
>
> anyway
> getent passwd returns system users + domain users (that have UID set)
>
> getent group returns only system groups
>
> getent group "MY\\Domain Admins" returns
>     domain admins:x:10000:otheradmin,administrator
> getent group "MY\\Domain Users" returns
>     domain users:x:10001:
> (the users are not listed in the "Domain Users" group by default? 
> because is the everyone's default group?)
>
>>> Now my problem is that if I try to setup share permissions I can 
>>> manage the share only if I leave "Full Control" to "Everyone".. and 
>>> this is quite useless.
>>>
>> Where are the shares stored, on the Samba DC or or on the fileserver ?
>
> shares are on fileserver (I've checked the behaviour of Administrator 
> user also on the DC and the red X is always there)
>
>>
>> Rowland
>
> thanks for your time Rowland
>
> Lorenzo Faleschini
> IT Manager @ Nord Est Systems srl
> ----------------------------------------
> m: +39 335 6055225 | skype: falegalizeit
>
>
Try removing the uidNumber from the Administrator, my Administrator does 
not have a uidNumber and everything just seems to work. Mapping 
Administrator to root in a file read by smb.conf is a much better idea.

Rowland

More information about the samba mailing list