[Samba] Samba­4: "­MYDO­M\Administrator­" qui­te us­eless on a m

?icro MEGAS micromegas at mail333.com
Mon Oct 27 15:48:36 MDT 2014

> It is a bit more complicated than that, if you use a member server as 
> you are doing, then yes, the underlying Unix machine has to know who 
> your windows users are. You can use nlscd, sssd or winbind to do this, 
> now if you use either of the last two, they can be set up in a way that 
> they will be given a uidNumber automatically based on the users RID. If 
> you give your users the required rfc2307 attributes, you can use any of 
> the three and give your users individual home directory paths for 
> instance, something that is not possible without using rfc2307. What I 
> will say is, I think that it is better to use the rfc2307 attributes 
> than not to.

Ok, my DC was provisioned with rfc2307 and has the NIS extensions. I am using
winbind with "ad" backend on my member server. But it's necessary to assign a
uid for every user in ADUC tool, so these users can access my shares on the
member server. I hope that's ok like that.

> This is a valid question and no the 'Administrator' is not useless on a 
> memberserver, you need him (her ??) as a bridge to the root user from 
> windows, this is what the smbmap is for, if you need to do something 
> from windows on a Unix machine that only 'root' can do easily, then do 
> it as 'root' via the smbmap. Just as you wouldn't really do much as the 
> Administrator on windows (well you wouldn't login and run word all day 
> long, for instance), you do not, as a rule, login as root on a Unix 
> machine and carry out day to day operations.

Out of curiosity: what happens, when I don't use the "smbmap" feauture, but
I am logged in as MYDOM\it-admin1 ? That user is member of "Builtin\Domain Admins".
The user "it-admin1" can use for example the ADUC tool, create/modify
users, and so on... it seems that everything work fine, the only difference to
using "smbmap" feauture is that directories or files created with "it-admin1"
user have as owner=it-admin1. When I use the smbmap feauture the
owner=root. But both work fine, so do one really need smbmap?

More information about the samba mailing list