[Samba] winbind: How to map Administrator to "root" on AD member server
Fred F
frederik.vogelsang at gmail.com
Fri Feb 14 16:53:23 MST 2014
Hi,
I am running a pure Samba 4.1+ AD environment (on the server side). There
is one AD DC running Samba 4.1 and two member servers (running Samba 4.1 as
well).
I have provisioned the domain with support for the rfc2307 AD schema. On
the DC the UIDs are assigned automatically to AD users by Samba, which is
great. I am also storing the assigned UIDs in the Active Directory as
uidNumber (gidNumber for groups).
On the member servers I am using the AD idmap backend with rfc2307 support:
> idmap config *:backend = tdb
> idmap config *:range = 3500000 - 3600000
> idmap config MYDOMAIN:backend = ad
> idmap config MYDOMAIN:schema_mode = rfc2307
> idmap config MYDOMAIN:range = 0 - 3500000
> winbind nss info = rfc2307
This is working great for normal users and groups, but I am struggling with
some special accounts, such as "Administrator". On the DC Samba
automatically assigned the uid/gid "0" to the account, which is fine for
me. Now I also need this mapping on the member servers, as storage may be
shared across the servers, so the UIDs need to stay the same.
So I assigned the uidNumber "0" to the "Administrator" account in the AD,
but unfortunately the member server cannot resolve the account's SID to a
uid (on the AD DC this is working!). What am I doing wrong?
Thanks in advance,
Frederik
More information about the samba
mailing list