[Samba] Root user shows up as "administrator"

Andrew Bartlett abartlet at samba.org
Mon Feb 15 20:39:41 UTC 2021


On Mon, 2021-02-15 at 15:55 +0100, Matthias Kühne | Ellerhold AG via
samba wrote:
> Hello,
> 
> we're in the process of migrating our Open Directory to Samba 4.13
> in 
> Debian 10. Our setup will be 8 DCs (1 for each location + 1 primary)
> and 
> a few dozen more linux machines. Each of these machine should grant 
> domain users rights to auth via SSH and samba. This should be true
> for 
> our DCs too! So I want to ssh my-domain-user at dc-1 and manage the
> machine.
> 
> Our test scenario worked really good (thx for such an awesome suite
> and 
> the how-tos in the wiki!) but there is a minor problem in our live
> setup 
> now.
> 
> Sometimes (when exactly idk!) if I switch to the root user via "su"
> or 
> "sudo -i" it wont display the "root" as active user but 
> "DOMAIN\administrator". "whoami" spits out "DOMAIN\administrator",
> "id" 
> gives "uid=0(DOMAIN\administrator) gid=0(root) groups=0(root)".
> 
> The administrator user has a UID (10372) but "id
> DOMAIN\\administrator" 
> gives
> 
> uid=0(DOMAIN\administrator) gid=10072(DOMAIN\domain users) 
> groups=10072(DOMAIN\domain users),100000512(DOMAIN\domain 
> admins),100000519(DOMAIN\enterprise admins),100000520(DOMAIN\group 
> policy creator owners),100000518(DOMAIN\schema 
> admins),100000572(DOMAIN\denied rodc password replication 
> group),3000009(BUILTIN\users),3000000(BUILTIN\administrators)

The default idmap.ldb entries give UID 0 (root) to the administrator
user to ensure it can change all files.  

I know some other developers disagree about the wisdom of this, but for
now that is what the code does.

This is probably trumping whatever you think is assigning UID 10372 to
'administrator'.

Andrew Bartlett

-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba

Samba Development and Support, Catalyst IT - Expert Open Source
Solutions




More information about the samba mailing list