[Samba] Can one set the owner of a folder to BUILTIN\Administrators?
rpenny at samba.org
Wed Feb 17 13:34:13 UTC 2016
On 17/02/16 13:14, L.P.H. van Belle wrote:
> If this is a DC.. and like me with config :
> idmap config * : range = 2000-9999
> getent group BUILTIN\\Administrators
> Looks like about the same problem.
That is what I get on a DC, but what you have to understand is, idmap on
a DC works differently from a domain member.
A domain member asks winbind for 'BUILTIN\Administrators' ID, this is
obtained from AD, assigned a local ID and stored in a .tdb file, the
number that is assigned is based on the low range in 'idmap config *:'
A DC is slightly different, IDs are stored in idmap.ldb and are based on
a range that starts at 3000000.
As far as I am aware, the idmap lines that you use on DC have no affect,
I know that 'windbind use default domain' did work on a 4.2.x DC, but I
think this was the only one of your lines that did. I will have to check
my test DC to find out.
More information about the samba