[Samba] Ongoing internal DNS discrepancies: !root = SAMDOM\Administrator
Michael Tokarev
mjt at tls.msk.ru
Sat Feb 12 14:07:14 UTC 2022
12.02.2022 16:57, Patrick Goetz via samba wrote:
>
> I just noticed another DNS discrepancy involving the use of
>
> /etc/samba/smb.conf:
> -------------------
> [global]
> username map = /etc/samba/user.map
>
>
> archives at data2:/$ cat /etc/samba/user.map
> !root = SAMDOM\Administrator
>
> When this is set, the root user can just do stuff:
>
> root at samba-dc:~# samba-tool computer list
> IBS100$
I think you're mixing things here. root can do many samba-tool commands
on the DC just fine without any username.map. But some commands are
implemented by logging in to services over network instead of doing
stuff directly against files in /var/lib/samba/. This has nothing do
do with username.map.
Also, username.map works the other way around, - to map someone logged
as EA\Administrator to root, not to map root to EA\Administrator.
..
> root at samba-dc:~# samba-tool dns query samba-dc ea.linuxcs.com data2 A
> Password for [EA\root]:
Give it -U Administrator option. username.map does works other way around.
/mjt
More information about the samba
mailing list