[Samba] Administrator User Has no access to Remote File Server

ralph strebbing blackbirdralph at gmail.com
Mon Dec 6 20:45:42 UTC 2021

On Mon, Dec 6, 2021 at 3:34 PM Rowland Penny via samba
<samba at lists.samba.org> wrote:
> That isn't what I asked, but it possibly answers the question. If you
> use the winbind 'ad' backend, you must manually add RFC2307 attributes,
> nothing adds them automatically, so if you haven't added them, they
> will not be there. If you haven't added them yet, can I suggest you
> start at '10000' and adjust your 'idmap config' lines on the Unix
> domain members.
> After you have done the above, add 'min domain uid = 0' to your Unix
> domain members.
So on DC1, I need to add the following to the smb.conf:
# Default ID mapping configuration for local BUILTIN accounts
# and groups on a domain member. The default (*) domain:
# - must not overlap with any domain ID mapping configuration!
# - must use a read-write-enabled back end, such as tdb.
  idmap config * : backend = tdb
  idmap config * : range = 10000-17999
# - You must set a DOMAIN backend configuration
# idmap config for the SAMDOM domain
  idmap config DOMAIN : backend = ad
  idmap config DOMAIN : schema_mode = rfc2307
  idmap config DOMAIN : range = 900-5000
  idmap config DOMAIN : unix_nss_info = yes
Edited to your suggestion above of course.

Then, I add the line: min domain uid = 0 to the fileserver's smb.conf?


More information about the samba mailing list