[Samba] How to fix mapping Administrator to root
adam_xu at adagene.com.cn
adam_xu at adagene.com.cn
Wed Jun 5 02:22:40 UTC 2019
Hi sambalist,
I set up a new test environment to test the problem. still the same result. It seems that if I didn't give administrator a uidNumber in unix attributes and only map this user to root. it can manage the share folder in fsmgmt.msc, but after I remove everyone's share permission and add share permissions to
domain admins full control
domain users RW
then, the administrator could not access the share except $IPC.
I excute "smbstatus -b" in the file server. it shows that
PID Username Group Machine Protocol Version Encryption Signing
----------------------------------------------------------------------------------------------------------------------------------------
7796 root root 192.168.42.144 (ipv4:192.168.42.144:54579) SMB2_10 - -
seems after administrator mapped to root, it's primary group is root. so it lose the share folder since I have "hide unreadable = yes" in smb.conf.
Does any one knows why the administrator's primary group is not "domain admins" ? is this a bug or i missing something import config?
Best,
yours Adam
From: adam_xu at adagene.com.cn
Date: 2019-06-04 08:27
To: Rowland penny; sambalist
Subject: Re: Re: [Samba] How to fix mapping Administrator to root
Hi Rowland ,
I have followed the wiki's step, the DNS works OK and I have use the fileserver for 2 years.
here's a share folder "IT"'s acl
getfacl IT/
# file: IT/
# owner: root
# group: domain\040admins
user::rwx
user:root:rwx
group::rwx
group:domain\040admins:rwx
group:it:rwx
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:group::---
default:group:domain\040admins:rwx
default:group:it:rwx
default:mask::rwx
default:other::---
and another user in "domain admins" group work fine. only the administrator maped to root can not access any share folder.
Best,
徐星亚
天演药业(苏州)有限公司
苏州工业园区星湖街218号生物纳米园C14幢4楼
邮编: 215123
电话: 86-512-8777-3585
From: Rowland penny via samba
Date: 2019-06-03 23:42
To: sambalist
Subject: Re: [Samba] How to fix mapping Administrator to root
On 03/06/2019 16:09, adam_xu at adagene.com.cn wrote:
> Hi Rowland,
>
> Yes. all users primary group is "domain users".
>
> my "domain admins" has a gidNumber.
>
Have you followed this:
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
Is DNS setup correctly ? and is it working ?
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list