[Samba] Root user shows up as "administrator"

Rowland penny rpenny at samba.org
Wed Feb 17 12:08:54 UTC 2021 

On 17/02/2021 11:56, Matthias Kühne | Ellerhold AG via samba wrote:
> Hey,
>
> sadly "net cache flush" did nothing.
>
> But this did the trick:
>
> systemctl restart nscd nslcd


Why are you using nscd (which you should not use with winbind) and nslcd ?

This has probably something to do with your problem

>
> root is root again! ~ 10 mins later root is Admin again. I checked again
> 40 mins later and voila - its root again.
>
> Somethings definitly not right here...


Very probably the nscd cache being read instead of the winbind cache

>
>
> I rechecked the other DCs:
>
> root at DC1# id DOMAIN\\administrator
> uid=10372(DOMAIN\administrator) gid=10072(DOMAIN\domain users)
> groups=10072(DOMAIN\domain users),3000004(DOMAIN\domain
> admins),100000519(DOMAIN\enterprise admins),100000520(DOMAIN\group
> policy creator owners),100000518(DOMAIN\schema
> admins),100000572(DOMAIN\denied rodc password replication
> group),3000009(BUILTIN\users),3000000(BUILTIN\administrators)
>
> The DC1 didnt pick up the removal of the UID! After clearing the cache
> (see above):
>
> root at DC1 # id AD-ELLERHOLD\\administrator
> uid=0(DOMAIN\administrator) gid=10072(DOMAIN\domain users)
> groups=10072(DOMAIN\domain users),3000004(DOMAIN\domain
> admins),100000519(DOMAIN\enterprise admins),100000520(DOMAIN\group
> policy creator owners),100000518(DOMAIN\schema
> admins),100000572(DOMAIN\denied rodc password replication
> group),3000009(BUILTIN\users),3000000(BUILTIN\administrators)
>
> # whoami
> DOMAIN\administrator
>
> WHAT? Oh no :/
>
> After a reboot of the machine:
>
> # id DOMAIN\\administrator
> uid=0(root) gid=0(root) groups=0(root)
> # whoami
> root
>
> Yay!
>
> Then I thought: Is running NSCD on a DC the problem? Should I disable
> it?


In my opinion, yes

>
> Same question(s) for a domain member!


I do hope you are not using nslcd on the Unix domain members

>
>
>
> Seems like nscd is the problem! It's confused that 2 users (root and
> DOMAIN\Administrator) have the same UID (0) and returns one at random
> (or something like that)? Is my suspicion correct?
>
> There is one sentence in
> https://wiki.samba.org/index.php/Samba_Member_Server_Troubleshooting to
> disable nscd completly.
>
> IBut there is no mention of nscd in
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member nor
> in
> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller
> . If I'm correct - could you please add a line in each of the HOW-TOs to
> disable nscd completly (or disable parts of it)?


Will do.

Rowland

More information about the samba mailing list