[Samba] How to fix mapping Administrator to root
Rowland penny
rpenny at samba.org
Mon Jun 3 14:44:49 UTC 2019
On 03/06/2019 15:29, adam_xu at adagene.com.cn wrote:
> Hi Rowland,
>
> I have checked that Adinistrator is a member of "Domain Admins" in ADUC.
> Base Permission of the share folder is 0770 and own is root and the
> groups is "domain admins" in linux.
> since "smbstatus -b" show that administrator's group is root. Is this
> related to my previous configuration? I once give a uidNumber to
> administrator.
I wouldn't think so, whilst Administrator is mapped to the user 'root'
in idmap.ldb and in your user.map on the Unix domain member, its primary
group is (like every other AD user) is Domain Users
>
> here's full contant in my smb.conf
> [global]
> security = ADS
> workgroup = NTBAOBEI
> realm = NTBAOBEI.COM
>
> log file = /var/log/samba/%m.log
> log level = 3 passdb:5 auth:5 winbind:5
>
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
> idmap config NTBAOBEI:backend = ad
> idmap config NTBAOBEI:schema_mode = rfc2307
> idmap config NTBAOBEI:range = 10000-999999
> idmap config NTBAOBEI:unix_nss_info = yes
>
> winbind use default domain = Yes
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind offline logon = yes
> winbind refresh tickets = yes
> access based share enum = yes
> hide unreadable = yes
>
> username map = /etc/samba/user.map
>
> load printers = no
> vfs objects = acl_xattr
> map acl inherit = yes
> store dos attributes = yes
> [IT]
> path = /srv/samba/IT/
> read only = no
>
>
> cat /etc/samba/user.map
> !root = NTBAOBEI\Administrator
>
There doesn't seem to be anything wrong there, are you sure that you
have followed this:
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
Does 'Domain Admins' have a gidNumber ?
Rowland
More information about the samba
mailing list