[Samba] Samba DC, Winbind, and Administrator Account

Nick Couchman nick.couchman at seakr.com
Mon Feb 8 00:07:03 UTC 2016


>>
>> So, my two questions are:
>> - How do I map the domain\administrator account to a UID other than 0.
> 
> You don't really want to change this, it maps 'Administrator' to the
> Unix 'root' user and this allows the changing of ACLs etc.
> 

Just because the Administrator user is a non-root user does not preclude it from changing ACLs.  It may preclude it from forcibly changing ACLs on files that account doesn't own, but this can be overcome at a share level using the "admin users" parameter.  I'd much rather the Windows Administrator *not* have any inherent elevated privileges on the Linux system just because it's mapped to UID 0.  I'd rather solve that another way.  But I'm a UNIX admin :-).

>> - If this isn't possible in this config, is there a way around "the parameter is
>> incorrect" error?
> 
> What filesystem are you using ? and do you have the 'attr' package
> installed ?
> 

Yes, attr is installed, and the filesystem is XFS, which supports extended attributes out of the box, no additional mount parameters required.

==
This e-mail may contain SEAKR Engineering (SEAKR) Confidential and Proprietary Information. If this message is not intended for you, you are strictly prohibited from using this message, its contents or attachments in any way. If you have received this message in error, please delete the message from your mailbox. This e-mail may contain export-controlled material and should be handled accordingly.



More information about the samba mailing list