[Samba] retire first member server Administrator account complaint

Rowland Penny rpenny at samba.org
Mon Jan 2 19:02:28 UTC 2017

On Mon, 02 Jan 2017 12:09:19 -0600
Bob of Donelson Trophy via samba <samba at lists.samba.org> wrote:

> I have been working towards retiring my first member server. (Sernet
> 4.2.14??) Moved all the user files, checked and double checked the
> ACL's and all seems good. 
> My users redirect folders to my member servers with a GPO policy. I
> use roaming profiles (again via GPO) that have been confirmed as
> working properly against the newer member server (running Samba 4.5.3
> from source.) 
> Now, the Administrator . . . I am not sure if this is a Samba issue
> or a Windows issue. The latter, I suspect, but, I ask here first.
> When I turn off the first server and access the Administrator account
> to, for example, make any adjustments via ADUC. While the
> Administrator is signing into the "system" it is complaining about
> cannot access the "Desktop" from Mbr01 (hostname of first member
> server.) 
> I see no indication via ADUC that the Administrator account is being
> redirected nor is it or has it ever (that I remember, first member
> server is almost three years old) used a roaming profile. I have
> always "left the Administrator account alone" as far any ADDC account
> changes like those done with regular users and/or test users. 
> So, first question, is this a Samba4 DC issue or just a Windows (W10 &
> W7) client issue?

I cannot see this being a Samba problem, as I presume Administrator is
only being mapped to root, either by a user.map in smb.conf on the
Unix domain members or in idmap.ldb on a DC. The only thing that I can
think of that might make it a Samba issue (and it is a tenuous link)
is, does 'Administrator' have any attributes that point to the old
domain member ?


More information about the samba mailing list