[Samba] member domain idmap config ad/rid

[Elias Pereira]

>
> Simple answer:
> Administrator, No
> Domain Admins, Yes


Ok. It was already that way.

root at fileserver:/etc/samba# getent group
...
domain admins:x:10004:
domain users:x:10000:
dap:x:10003:
dti:x:10001:

For some reason with the administrator user is not working, I put my user
as domain admin and include him as a member of unix and now I can access
the security tab.

http://i.imgur.com/tNBj8dal.png

root at fileserver:/etc/samba# getent passwd elias.pereira
elias.pereira:*:10001:10000:Elias Pereira:/home/elias.pereira:/bin/sh
root at fileserver:/etc/samba# getent passwd administrator
root at fileserver:/etc/samba# getent passwd ADDC\administrator

In the *getent passwd administrator* nothing appears. According to your
explanation, it should contain the value "0" !?

What permissions that user.map file should have?

root at fileserver:/etc/samba# getfacl user.map
# file: user.map
# owner: root
# group: root
user::rw-
group::r--
other::r--


On Tue, May 30, 2017 at 4:41 PM, Rowland Penny via samba <
samba at lists.samba.org> wrote:

> On Tue, 30 May 2017 16:28:00 -0300
> Elias Pereira <empbilly at gmail.com> wrote:
>
> > root at fileserver:~# getfacl /home/dados/
> > getfacl: Removing leading '/' from absolute path names
> > # file: home/dados/
> > # owner: root
> > # group: domain\040admins
> > user::rwx
> > group::rwx
> > other::---
> >
> > Still with the same problem. No security tab on windows machine. :(
> >
> > The "Administrator" and "Domain Admins" also need to have an unix
> > attribute?
> >
>
> Simple answer:
> Administrator, No
> Domain Admins, Yes
>
> Long answer:
>
> Administrator maps to 'root' through the user.map in smb.conf, so gets
> '0'
> If Domain Admins doesn't have a gidNumber (and you are using the 'ad'
> backend), then it is unknown to the underlying OS.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>



-- 
Elias Pereira