[Samba] How to fix mapping Administrator to root
Rowland penny
rpenny at samba.org
Wed Jun 5 07:13:18 UTC 2019
On 05/06/2019 03:22, adam_xu--- via samba wrote:
> Hi sambalist,
>
> I set up a new test environment to test the problem. still the same result. It seems that if I didn't give administrator a uidNumber in unix attributes and only map this user to root. it can manage the share folder in fsmgmt.msc, but after I remove everyone's share permission and add share permissions to
> domain admins full control
> domain users RW
>
> then, the administrator could not access the share except $IPC.
>
> I excute "smbstatus -b" in the file server. it shows that
> PID Username Group Machine Protocol Version Encryption Signing
> ----------------------------------------------------------------------------------------------------------------------------------------
> 7796 root root 192.168.42.144 (ipv4:192.168.42.144:54579) SMB2_10 - -
>
> seems after administrator mapped to root, it's primary group is root. so it lose the share folder since I have "hide unreadable = yes" in smb.conf.
> Does any one knows why the administrator's primary group is not "domain admins" ? is this a bug or i missing something import config?
>
I suggest you take this up with Microsoft, it is they that set
Administrator's primary group to '513', which is the RID for 'Domain Users'
I now fully understand your problem, the cause is a defect between your
seat and the keyboard ;-)
You NEVER use Administrator on a Unix client as a normal user. If you
need to log onto a Unix client, use 'root' or sudo. Administrator is the
Windows admin, root is the Unix admin user and just as you wouldn't try
to directly use root on Windows, you do not try to directly use
Administrator on Unix.
Rowland
More information about the samba
mailing list