[Samba] Samba DC, Winbind, and Administrator Account

Nick Couchman nick.couchman at seakr.com
Sat Feb 6 00:47:34 UTC 2016

I'm currently trying to get a Samba 4.3.4 DC added to an existing AD domain with one Server 2008 and one 2008R2 controller.  I'm having an issue here that seems to be related the fact that, in the default Winbind mapping, Administrator gets UID 0.  I am not currently using any POSIX extensions inside the AD LDAP, I'm just having Winbind use LDB/TDB to map the UIDs.  For whatever reason, administrator gets UID 0.  With this configuration I seem to be able to hit the "sysvol" share on this DC as any user except administrator, but with the domain\administrator account I get an error in Windows that "the parameter is incorrect."

So, my two questions are:
- How do I map the domain\administrator account to a UID other than 0.
- If this isn't possible in this config, is there a way around "the parameter is incorrect" error?

I'm running Samba 4.3.4 (compiled myself from sources) on CentOS 7.  I've disabled SELinux at this point.  I tried using the "samba-tool ntacl sysvolreset" utility to fix permissions on the sysvol tree, and that has added some ACL entries, but has not resolved the above error.


This e-mail may contain SEAKR Engineering (SEAKR) Confidential and Proprietary Information. If this message is not intended for you, you are strictly prohibited from using this message, its contents or attachments in any way. If you have received this message in error, please delete the message from your mailbox. This e-mail may contain export-controlled material and should be handled accordingly.

More information about the samba mailing list