[Samba] How to fix mapping Administrator to root

Rowland penny rpenny at samba.org
Wed Jun 5 07:13:18 UTC 2019

On 05/06/2019 03:22, adam_xu--- via samba wrote:
> Hi sambalist,
> I set up a new test environment to test the problem. still the same result. It seems that if I didn't give administrator a uidNumber in unix attributes and only map this user to root. it can manage the share folder in fsmgmt.msc, but after I remove everyone's share permission and add share permissions to
> domain admins full control
> domain users RW
> then, the administrator could not access the share except $IPC.
> I excute "smbstatus -b" in the file server. it shows that
> PID     Username     Group        Machine                                   Protocol Version  Encryption           Signing
> ----------------------------------------------------------------------------------------------------------------------------------------
> 7796    root         root (ipv4: SMB2_10           -                    -
> seems after administrator mapped to root, it's primary group is root. so it lose the share folder since I have "hide unreadable = yes" in smb.conf.
> Does any one knows why the administrator's primary group is not "domain admins" ? is this a bug or i missing  something import config?
I suggest you take this up with Microsoft, it is they that set 
Administrator's primary group to '513', which is the RID for 'Domain Users'

I now fully understand your problem, the cause is a defect between your 
seat and the keyboard ;-)

You NEVER use Administrator on a Unix client as a normal user. If you 
need to log onto a Unix client, use 'root' or sudo. Administrator is the 
Windows admin, root is the Unix admin user and just as you wouldn't try 
to directly use root on Windows, you do not try to directly use 
Administrator on Unix.


More information about the samba mailing list