[Samba] winbind finds all domain users except Administrator
Rowland Penny
rpenny at samba.org
Tue Nov 14 09:35:21 UTC 2017
On Mon, 13 Nov 2017 23:15:15 +0100
Fabian Fritz <fabianfuture at web.de> wrote:
> I see. I know, the range is a bit odd, but I previously used NIS to
> get the Unix users from another machine. Now I'm updating to AD and
> don't use NIS anymore.Since I want to keep all the file ownerships (I
> use this solaris member as a file server), I had to map the domain
> users to that same range.
OK, hindsight is a wonderful thing, but starting the ID range at 100
isn't a good idea (for the reason I gave), but sometimes you have to.
>
>
> I used the Administrator to login to some Windows machine in the
> domain and was surprised when I got a ACCESS_DENIED when I tried to
> mount a network share there. So this only happens for Administrator?
> So I have to use one of the users in the domain admins group when I
> need to do administrative stuff on my windows machines and also need
> the shares?
If you use a user.map, Administrator becomes 'root' on Unix domain
members and root can do anything on a Unix domain member.
Try reading this:
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
If you have any questions after reading that, just ask ;-)
Rowland
More information about the samba
mailing list