[Samba] administrator on a samba file server

[Rowland penny]

On 05/11/2019 12:50, Frédéric Goudal via samba wrote:
> Hello,
>
> I have the following problem and I don’t find any documentation :
>
> I have an Active Directory domain.
> I have setup a samba server, that I want to use as a file server.
> The samba server has joined the domain, I use winbind and when I do a getent passwd <user> I have the correct informations for « standard » users.
> I use the uidNumber active directory attribute to the the uid of the user, this is working.
>
> What I want to do is to copy files from a windows file server to the new samba server without losing the acl on the files.
>
> To do that I guess I should use the domain administrator login to connect from the windows server to the samba server and than copy the files.
> But I can’t find any informations on how to connect as a domain administrator on the samba file server, and I guess the uid of the administrator should be 0 on the samba file server.
>
> I guess it’s a common problem, but I’m a bit lost.

By default on a Samba AD DC, Administrator is mapped to the Unix user 
'root' in idmap.ldb

To get the same mapping on a Unix domain member, you need to add 
something like this to smb.conf:

username map = /etc/samba/user.map

and create /etc/samba/user.map containing this:

!root = DOMAIN\Administrator

Where 'DOMAIN' is your workgroup name in uppercase.

You will need to set up the shares correctly, see here:

https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs

You will also need to set up your smb.conf correctly, so it will 
probably help if you post your present one.

Rowland