[Samba] Permission Denied

Rowland penny rpenny at samba.org
Mon Dec 7 17:12:05 UTC 2015

On 07/12/15 16:51, Ole Traupe wrote:
>>> drwxrwxr-x  2 root domain admins
>>> does not work an a member server without the user mapping or a bit 
>>> different rights.
>>> So set Adminstrator:"domain admins" on this folder OR use the user 
>>> mapping.
>> This would mean that you would have to give Administrator a 
>> uidNumber, breaking the link between 'root' and 'Administrator'. Not 
>> saying this is a bad idea, just that you should be aware of it.
>> Rowland
> Just reading this accidentally and finding out that "id Administrator" 
> gives "id: Administrator: No such user" on all my machines, including 
> DCs, and member servers where I explicitly mapped Administrator to 
> root. Looking into ADUC, it turns out that Administrator has a uid: 
> "0". Does that mean that I did this at some point (can't remember it). 
> Any bad consequences, if I take NIS settings back for Administrator?
> Ole

There are two ways of mapping Administrator:
A) user a 'username map' line in smb.conf on a domain member, this will 
point to a file similar to this:
       !root = SAMDOM\Administrator SAMDOM\administrator
     This will map the windows 'Administrator' to the Unix user 'root' 
and you will be able to alter ACLs on Samba Unix
     shares from windows.

B) Give Administrator a uidNumber, This would then make Administrator a 
normal Unix user, so you would have to ensure that s/he had the required 
permissions to change ACLs on a Samba Unix share from windows.

You pays your money and make your own choice which to use.

You can, at any time, remove anything that you have done to 
Administrator and go back to Standard.


More information about the samba mailing list