[Samba] member domain idmap config ad/rid

Rowland Penny rpenny at samba.org
Tue May 30 19:41:55 UTC 2017


On Tue, 30 May 2017 16:28:00 -0300
Elias Pereira <empbilly at gmail.com> wrote:

> root at fileserver:~# getfacl /home/dados/
> getfacl: Removing leading '/' from absolute path names
> # file: home/dados/
> # owner: root
> # group: domain\040admins
> user::rwx
> group::rwx
> other::---
> 
> Still with the same problem. No security tab on windows machine. :(
> 
> The "Administrator" and "Domain Admins" also need to have an unix
> attribute?
> 

Simple answer:
Administrator, No
Domain Admins, Yes

Long answer:

Administrator maps to 'root' through the user.map in smb.conf, so gets
'0'
If Domain Admins doesn't have a gidNumber (and you are using the 'ad'
backend), then it is unknown to the underlying OS.

Rowland



More information about the samba mailing list