[Samba] Windows ACLs : problems

Rowland penny rpenny at samba.org
Mon Feb 24 09:34:25 UTC 2020


On 24/02/2020 08:52, Stefan G. Weichinger via samba wrote:
> Status:
>
> domain member server, Samba version 4.10.11-Debian
>
>
> 	username map = /etc/samba/samba_usermapping

I take it that samba_usermapping contains something like this:

!root = CUSTOMER\Administrator

> The share "QM" gives us issues when we edit ACLs via RSAT on windows DC.
>
> access denied
>
> Folder is owned by
>
> administrator:10513
>
So why does 'administrator' own the share and not root ?

If 'Administrator' is used on a Unix domain member, then 'Administrator' 
will only be like any other Unix user and will only be able to do what a 
normal user can.

Change the owner to 'root' and never use Administrator on a Unix domain 
member.

Rowland





More information about the samba mailing list