[Samba] administrator's unix attributes is missing

adam_xu at adagene.com.cn adam_xu at adagene.com.cn
Fri Apr 20 09:18:52 UTC 2018

Hello, Rowland. what I set in RSAT is:
nis domain "ntbaobei"
uid "10000"
login shell "/sbin/nologin"
home dir "/home/Administrator"
primary group "domain admins"

I never used user map beacuse everything worked ok before. I knew the "root" user can granting the SeDiskOperatorPrivilege Privilege.
Is there any changelog in samba 4.7.7 that disallow setting the administrator's unix attributes ?

just curious, everything works ok in my production env.

yours Adam
From: Rowland Penny via samba
Date: 2018-04-20 17:03
To: samba
Subject: Re: [Samba] administrator's unix attributes is missing
On Fri, 20 Apr 2018 15:48:43 +0800
adam_xu--- via samba <samba at lists.samba.org> wrote:
> Hello, everyone. I have set up a new samba AD DC in my experimental
> environment. Version 4.7.7 of sernet samba. Everything is Ok. and I
> set some user's unix attributes in a windows client wia RSAT. every
> user can be got in a linux domain member via "getent passwd", but the
> user administrator who has been set unix attributes can not be got in
> that linux domain member. here is the smb.conf file of the domain
> member. domain member's samba version is 4.6.2 in centos7.4. [global]
> security = ADS workgroup = NTBAOBEI realm = NTBAOBEI.com
What did you set in Administrators Unix attributes ?
Never mind, whatever you added, remove them, then add this to smb.conf:
    username map = /etc/samba/user.map
Now create '/etc/samba/user.map', with this line:
!root = NTBAOBEI\Administrator NTBAOBEI\administrator
Administrator administrator
Restart Samba, Administrator will now get mapped to 'root'
You will be able to login to the Unix domain member as 'Administrator',
but from windows you will be able to manage the shares.
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list