[Samba] Domain Administrator cannot map Samba Share from Windows 7

Matt Savin matt at tegers.com
Fri Jan 5 23:50:06 UTC 2018 

Hello Mark,

Problem #1: on Samba file server, which is a member of Samba Active
Directory domain, you may need to map Administrator account to root:
/etc/samba/smb.conf:
# user Administrator workaround, without it you are unable to set privileges
username map = /etc/samba/user.map

/etc/samba/user.map:
!root = SAMDOM\Administrator SAMDOM\administrator
or
!root = SAMDOM\Administrator SAMDOM\administrator Administrator
administrator

Problem #2: In SQL script, try to map network drive using domain
credentials of the user who has write permissions to the share (drawback:
you'll have to specify user password in the command), e.g.:
EXEC XP_CMDSHELL 'net use X: \\OHPRSstorage\Backups\SQLServerBackup
/user:SAMDOM\USERNAME USERPASSWORD'
After that use mapped drive in the script.

Regards,
Matt

On Fri, Jan 5, 2018 at 11:32 AM, Mark Foley via samba <samba at lists.samba.org
> wrote:

> I changed our Samba file server to be a member of the Active Directory
> domain. This way, domain
> users on Windows 7 workstations can map Samba shares with domain
> credentials automatically. That
> bit works fine.
>
> Problem #1:
>
> I use the Domain Administrator account (Administrator) as the main login
> account for the SQL
> Server host (also Windows 7).  I can still log into that host with the
> Administrator
> credentials, but I can no longer map Samba shares even though I enter the
> correct domain
> credentials.  I now get "Access is denied".  I can map the Samba shares on
> that host using the
> credentials of other domain users (actual users).
>
> I probably shouldn't have used that account in the first place, but I did.
> Is there a way
> around this or do I have create a new domain account for this purpose?
>
> Problem #2:
>
> In one of the SQL Server scripts, I have:
>
> SET @NetworkPath = '\\OHPRSstorage\Backups\SQLServerBackup\'
>
> which used to work before I changed OHPRSstorage (the Samba file server)
> to be a domain member
> and do AD authentication. This script is run as SQL Server user 'sa',
> which likely has no
> authorization to access the NetworkPath. I'm not even sure what userID it
> uses to try the
> access.
>
> Is there a way around this?
>
> Thanks, Mark
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list