[Samba] Root user shows up as "administrator"
abartlet at samba.org
Mon Feb 15 20:39:41 UTC 2021
On Mon, 2021-02-15 at 15:55 +0100, Matthias Kühne | Ellerhold AG via
> we're in the process of migrating our Open Directory to Samba 4.13
> Debian 10. Our setup will be 8 DCs (1 for each location + 1 primary)
> a few dozen more linux machines. Each of these machine should grant
> domain users rights to auth via SSH and samba. This should be true
> our DCs too! So I want to ssh my-domain-user at dc-1 and manage the
> Our test scenario worked really good (thx for such an awesome suite
> the how-tos in the wiki!) but there is a minor problem in our live
> Sometimes (when exactly idk!) if I switch to the root user via "su"
> "sudo -i" it wont display the "root" as active user but
> "DOMAIN\administrator". "whoami" spits out "DOMAIN\administrator",
> gives "uid=0(DOMAIN\administrator) gid=0(root) groups=0(root)".
> The administrator user has a UID (10372) but "id
> uid=0(DOMAIN\administrator) gid=10072(DOMAIN\domain users)
> groups=10072(DOMAIN\domain users),100000512(DOMAIN\domain
> admins),100000519(DOMAIN\enterprise admins),100000520(DOMAIN\group
> policy creator owners),100000518(DOMAIN\schema
> admins),100000572(DOMAIN\denied rodc password replication
The default idmap.ldb entries give UID 0 (root) to the administrator
user to ensure it can change all files.
I know some other developers disagree about the wisdom of this, but for
now that is what the code does.
This is probably trumping whatever you think is assigning UID 10372 to
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba
Samba Development and Support, Catalyst IT - Expert Open Source
More information about the samba