[Samba] Samba4: "MYDOM\Administrator" quite useless on a m
?icro MEGAS
micromegas at mail333.com
Mon Oct 27 15:48:36 MDT 2014
> It is a bit more complicated than that, if you use a member server as
> you are doing, then yes, the underlying Unix machine has to know who
> your windows users are. You can use nlscd, sssd or winbind to do this,
> now if you use either of the last two, they can be set up in a way that
> they will be given a uidNumber automatically based on the users RID. If
> you give your users the required rfc2307 attributes, you can use any of
> the three and give your users individual home directory paths for
> instance, something that is not possible without using rfc2307. What I
> will say is, I think that it is better to use the rfc2307 attributes
> than not to.
Ok, my DC was provisioned with rfc2307 and has the NIS extensions. I am using
winbind with "ad" backend on my member server. But it's necessary to assign a
uid for every user in ADUC tool, so these users can access my shares on the
member server. I hope that's ok like that.
> This is a valid question and no the 'Administrator' is not useless on a
> memberserver, you need him (her ??) as a bridge to the root user from
> windows, this is what the smbmap is for, if you need to do something
> from windows on a Unix machine that only 'root' can do easily, then do
> it as 'root' via the smbmap. Just as you wouldn't really do much as the
> Administrator on windows (well you wouldn't login and run word all day
> long, for instance), you do not, as a rule, login as root on a Unix
> machine and carry out day to day operations.
Out of curiosity: what happens, when I don't use the "smbmap" feauture, but
I am logged in as MYDOM\it-admin1 ? That user is member of "Builtin\Domain Admins".
The user "it-admin1" can use for example the ADUC tool, create/modify
users, and so on... it seems that everything work fine, the only difference to
using "smbmap" feauture is that directories or files created with "it-admin1"
user have as owner=it-admin1. When I use the smbmap feauture the
owner=root. But both work fine, so do one really need smbmap?
More information about the samba
mailing list