[Samba] How to fix mapping Administrator to root
Rowland penny
rpenny at samba.org
Mon Jun 3 12:21:05 UTC 2019
On 03/06/2019 12:38, adam_xu at adagene.com.cn wrote:
> Thanks, Rowland , 'net cache flush' solved my problem. but I found
> that I can't access any share in \\myshare.
> some related configurations in my smb,conf
> ....
> access based share enum = yes
Having the above means your shares will only be accessible to users that
have read or write permissions on the shares
> hide unreadable = yes
The above requires the user has read permissions on the shares.
>
> username map = /etc/samba/user.map
>
> I can't see any share folder of my fileserver in fsmgmt.msc. and I
> run "smbstatus -b"
> PID Username Group Machine Protocol
> Version Encryption Signing
> ----------------------------------------------------------------------------------------------------------------------------------------
> 5936 root root 192.168.42.144
> (ipv4:192.168.42.144:61733) SMB2_10 - -
> seems that the administor is not in "Domain admins" group. since I
> have grant "Domain Admins" the "SeDiskOperatorPrivilege" privielges.
> So I can's acess any share folder useing the Administrator account.
> so what should I do, could you give me a suggestion,
Try checking in idmap.ldb on a DC, you should find something like this:
dn: CN=S-1-5-21-xxxxxxxxxx-yyyyyyyyyy-zzzzzzzzzz-500
cn: S-1-5-21-xxxxxxxxxx-yyyyyyyyyy-zzzzzzzzzz-500
objectClass: sidMap
objectSid: S-1-5-21-xxxxxxxxxx-yyyyyyyyyy-zzzzzzzzzz-500
type: ID_TYPE_UID
xidNumber: 0
distinguishedName: CN=S-1-5-21-xxxxxxxxxx-yyyyyyyyyy-zzzzzzzzzz-500
This is what maps 'Administrator' to UID '0' (root)
If it isn't there, try restarting the DC.
By default, 'Administrator' is a member of 'Domain Admins'
Rowland
> ------------------------------------------------------------------------
More information about the samba
mailing list