# [Samba] Samba­4: "­MYDO­M\Administrator­" qui­te us­eless on a m

?icro MEGAS micromegas at mail333.com
Mon Oct 27 15:48:36 MDT 2014

> It is a bit more complicated than that, if you use a member server as
> you are doing, then yes, the underlying Unix machine has to know who
> your windows users are. You can use nlscd, sssd or winbind to do this,
> now if you use either of the last two, they can be set up in a way that
> they will be given a uidNumber automatically based on the users RID. If
> you give your users the required rfc2307 attributes, you can use any of
> the three and give your users individual home directory paths for
> instance, something that is not possible without using rfc2307. What I
> will say is, I think that it is better to use the rfc2307 attributes
> than not to.

Ok, my DC was provisioned with rfc2307 and has the NIS extensions. I am using
winbind with "ad" backend on my member server. But it's necessary to assign a
uid for every user in ADUC tool, so these users can access my shares on the
member server. I hope that's ok like that.

> This is a valid question and no the 'Administrator' is not useless on a
> memberserver, you need him (her ??) as a bridge to the root user from
> windows, this is what the smbmap is for, if you need to do something
> from windows on a Unix machine that only 'root' can do easily, then do
> it as 'root' via the smbmap. Just as you wouldn't really do much as the
> Administrator on windows (well you wouldn't login and run word all day
> long, for instance), you do not, as a rule, login as root on a Unix
> machine and carry out day to day operations.

Out of curiosity: what happens, when I don't use the "smbmap" feauture, but
I am logged in as MYDOM\it-admin1 ? That user is member of "Builtin\Domain Admins".