[Samba] RFC2307: Recommendations for mapping Administrator account

Fred F frederik.vogelsang at gmail.com
Wed Feb 7 20:37:06 UTC 2018


I provisioned a new domain with "--use-rfc2307" as I want to use the
"ad" idmap backend on my domain members.

I am thinking of mapping the "Administrator" account to UID 10000
(this is where my UID range for the domain will be starting), as the
account must be known to the domain members (otherwise I got funny
behavior).It seems a lot of people are mapping that account to root
(UID 0) though. Even the Samba Wiki mentions that. Is that such a good

I know that mapping the account to uidNumber=0 using RFC2307 AD attrs
will not work globally, as this is out of the idmap range. I could map
the account on each member locally using a custom username map, but I
was wondering if this is even desirable.

Does it have any implications on the Samba AD DC, if the Administrator
account has such a custom mapping? From what I understand the UID on
the DC will still be 0.


More information about the samba mailing list