[Samba] How to fix mapping Administrator to root

adam_xu at adagene.com.cn adam_xu at adagene.com.cn
Mon Jun 3 14:29:13 UTC 2019 

Hi Rowland,

I have checked that Adinistrator is a member of "Domain Admins" in ADUC.
Base Permission of the share folder is 0770 and  own is root  and the groups is "domain admins" in linux.
since "smbstatus -b" show that administrator's group is root. Is this related to my previous configuration? I once give a uidNumber to administrator.

here's full contant in my smb.conf
[global]
        security = ADS
        workgroup = NTBAOBEI
        realm = NTBAOBEI.COM

        log file = /var/log/samba/%m.log
        log level = 3 passdb:5 auth:5 winbind:5

        idmap config * : backend = tdb
        idmap config * : range = 3000-7999
        idmap config NTBAOBEI:backend = ad
        idmap config NTBAOBEI:schema_mode = rfc2307
        idmap config NTBAOBEI:range = 10000-999999
        idmap config NTBAOBEI:unix_nss_info = yes

        winbind use default domain = Yes
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind offline logon = yes
        winbind refresh tickets = yes
        access based share enum = yes
        hide unreadable = yes

        username map = /etc/samba/user.map

        load printers = no
        vfs objects = acl_xattr
        map acl inherit = yes
        store dos attributes = yes
[IT]
        path = /srv/samba/IT/
        read only = no


cat /etc/samba/user.map
!root = NTBAOBEI\Administrator

Best,


徐星亚
天演药业(苏州)有限公司
苏州工业园区星湖街218号生物纳米园C14幢4楼
邮编:  215123
电话:  86-512-8777-3585
 
From: Rowland penny via samba
Date: 2019-06-03 22:14
To: sambalist
Subject: Re: [Samba] How to fix mapping Administrator to root
On 03/06/2019 15:06, adam_xu at adagene.com.cn wrote:
> Hi Rowland,
>
> here's what in my  idmap.ldb
> # record 39
> dn: CN=S-1-5-21-214324388-144513417-3129160214-500
> cn: S-1-5-21-214324388-144513417-3129160214-500
> objectClass: sidMap
> objectSid: S-1-5-21-214324388-144513417-3129160214-500
> type: ID_TYPE_UID
> xidNumber: 0
> distinguishedName: CN=S-1-5-21-214324388-144513417-3129160214-500
>the> It seems my administrator's group is root. that's the reaseon I can't
> see any share since I  only give the share permission to "Domain 
> Admins" with full control and "Domain users" with RW.
> I don't know why  my 'Administrator'  is not a member of 'Domain 
> Admins' . any more suggestion, Rowland ?
>
Double check that Administrator isn't a member of 'Domain Admins' (it 
should be) and if it isn't, add Administrator to 'Domain Admins'
 
You should set the base permissions as shown on the wikipage: '0770' & 
root:<whatever group>, this should enable Administrator to see and/or 
connect to the share.
 
Rowland
 
 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list