[Samba] How to fix mapping Administrator to root
adam_xu at adagene.com.cn
adam_xu at adagene.com.cn
Mon Jun 3 14:29:13 UTC 2019
Hi Rowland,
I have checked that Adinistrator is a member of "Domain Admins" in ADUC.
Base Permission of the share folder is 0770 and own is root and the groups is "domain admins" in linux.
since "smbstatus -b" show that administrator's group is root. Is this related to my previous configuration? I once give a uidNumber to administrator.
here's full contant in my smb.conf
[global]
security = ADS
workgroup = NTBAOBEI
realm = NTBAOBEI.COM
log file = /var/log/samba/%m.log
log level = 3 passdb:5 auth:5 winbind:5
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config NTBAOBEI:backend = ad
idmap config NTBAOBEI:schema_mode = rfc2307
idmap config NTBAOBEI:range = 10000-999999
idmap config NTBAOBEI:unix_nss_info = yes
winbind use default domain = Yes
winbind enum users = Yes
winbind enum groups = Yes
winbind offline logon = yes
winbind refresh tickets = yes
access based share enum = yes
hide unreadable = yes
username map = /etc/samba/user.map
load printers = no
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
[IT]
path = /srv/samba/IT/
read only = no
cat /etc/samba/user.map
!root = NTBAOBEI\Administrator
Best,
徐星亚
天演药业(苏州)有限公司
苏州工业园区星湖街218号生物纳米园C14幢4楼
邮编: 215123
电话: 86-512-8777-3585
From: Rowland penny via samba
Date: 2019-06-03 22:14
To: sambalist
Subject: Re: [Samba] How to fix mapping Administrator to root
On 03/06/2019 15:06, adam_xu at adagene.com.cn wrote:
> Hi Rowland,
>
> here's what in my idmap.ldb
> # record 39
> dn: CN=S-1-5-21-214324388-144513417-3129160214-500
> cn: S-1-5-21-214324388-144513417-3129160214-500
> objectClass: sidMap
> objectSid: S-1-5-21-214324388-144513417-3129160214-500
> type: ID_TYPE_UID
> xidNumber: 0
> distinguishedName: CN=S-1-5-21-214324388-144513417-3129160214-500
>the> It seems my administrator's group is root. that's the reaseon I can't
> see any share since I only give the share permission to "Domain
> Admins" with full control and "Domain users" with RW.
> I don't know why my 'Administrator' is not a member of 'Domain
> Admins' . any more suggestion, Rowland ?
>
Double check that Administrator isn't a member of 'Domain Admins' (it
should be) and if it isn't, add Administrator to 'Domain Admins'
You should set the base permissions as shown on the wikipage: '0770' &
root:<whatever group>, this should enable Administrator to see and/or
connect to the share.
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list