[Samba] How to fix mapping Administrator to root

adam_xu at adagene.com.cn adam_xu at adagene.com.cn
Wed Jun 5 07:37:15 UTC 2019

Hi Rowland ,

I used to manage file or folder permissions using administrator account in Windows Client. So how could I do this task if the administrator can't do this after I mapped it to root in fileserver and remove it's uidNumber in ADUC? should I create another user in Domain Adams"? 


yours Adam
From: Rowland penny via samba
Date: 2019-06-05 15:13
To: samba
Subject: Re: [Samba] How to fix mapping Administrator to root
On 05/06/2019 03:22, adam_xu--- via samba wrote:
> Hi sambalist,
> I set up a new test environment to test the problem. still the same result. It seems that if I didn't give administrator a uidNumber in unix attributes and only map this user to root. it can manage the share folder in fsmgmt.msc, but after I remove everyone's share permission and add share permissions to
> domain admins full control
> domain users RW
> then, the administrator could not access the share except $IPC.
> I excute "smbstatus -b" in the file server. it shows that
> PID     Username     Group        Machine                                   Protocol Version  Encryption           Signing
> ----------------------------------------------------------------------------------------------------------------------------------------
> 7796    root         root (ipv4: SMB2_10           -                    -
> seems after administrator mapped to root, it's primary group is root. so it lose the share folder since I have "hide unreadable = yes" in smb.conf.
> Does any one knows why the administrator's primary group is not "domain admins" ? is this a bug or i missing  something import config?
I suggest you take this up with Microsoft, it is they that set 
Administrator's primary group to '513', which is the RID for 'Domain Users'
I now fully understand your problem, the cause is a defect between your 
seat and the keyboard ;-)
You NEVER use Administrator on a Unix client as a normal user. If you 
need to log onto a Unix client, use 'root' or sudo. Administrator is the 
Windows admin, root is the Unix admin user and just as you wouldn't try 
to directly use root on Windows, you do not try to directly use 
Administrator on Unix.
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list