[Samba] How to fix mapping Administrator to root
adam_xu at adagene.com.cn
adam_xu at adagene.com.cn
Wed Jun 5 07:37:15 UTC 2019
Hi Rowland ,
I used to manage file or folder permissions using administrator account in Windows Client. So how could I do this task if the administrator can't do this after I mapped it to root in fileserver and remove it's uidNumber in ADUC? should I create another user in Domain Adams"?
Best,
yours Adam
From: Rowland penny via samba
Date: 2019-06-05 15:13
To: samba
Subject: Re: [Samba] How to fix mapping Administrator to root
On 05/06/2019 03:22, adam_xu--- via samba wrote:
> Hi sambalist,
>
> I set up a new test environment to test the problem. still the same result. It seems that if I didn't give administrator a uidNumber in unix attributes and only map this user to root. it can manage the share folder in fsmgmt.msc, but after I remove everyone's share permission and add share permissions to
> domain admins full control
> domain users RW
>
> then, the administrator could not access the share except $IPC.
>
> I excute "smbstatus -b" in the file server. it shows that
> PID Username Group Machine Protocol Version Encryption Signing
> ----------------------------------------------------------------------------------------------------------------------------------------
> 7796 root root 192.168.42.144 (ipv4:192.168.42.144:54579) SMB2_10 - -
>
> seems after administrator mapped to root, it's primary group is root. so it lose the share folder since I have "hide unreadable = yes" in smb.conf.
> Does any one knows why the administrator's primary group is not "domain admins" ? is this a bug or i missing something import config?
>
I suggest you take this up with Microsoft, it is they that set
Administrator's primary group to '513', which is the RID for 'Domain Users'
I now fully understand your problem, the cause is a defect between your
seat and the keyboard ;-)
You NEVER use Administrator on a Unix client as a normal user. If you
need to log onto a Unix client, use 'root' or sudo. Administrator is the
Windows admin, root is the Unix admin user and just as you wouldn't try
to directly use root on Windows, you do not try to directly use
Administrator on Unix.
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list