[Samba] Migrate and Update (Samba 4.1 ADDC to Samba Latest Version on different Server).
Juan Ignacio
juan.ignacio.pazos at gmail.com
Mon Nov 28 15:47:19 UTC 2022
I'm on a windows client, logged in with the OURDOMAIN\administrator
account.
The content of /etc/samba/user.map
!root = OURDOMAIN\Administrator
The smb.conf.
[global]
log file = /var/log/samba/%m.log
log level = 1
realm = OURDOMAIN.ORG
security = ADS
server role = member server
username map = /etc/samba/user.map
workgroup = OURDOMAIN
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config ourdomain: backend = rid
idmap config ourdomain: range = 10000-9999999
On unix.
I checked the shares with smbclient and i got Invalid Token
root at memberdc:/etc/samba# smbclient -L \\\\10.20.1.55 -U administrator
Password for [OURDOMAIN\administrator]:
session setup failed: NT_STATUS_INVALID_TOKEN
if i do the same with other domain user i got the shares correctly.
smbclient -L \\\\10.20.1.55 -U pepito
Password for [OURDOMAIN\pepito]:
Sharename Type Comment
--------- ---- -------
sharetest Disk
test Disk
IPC$ IPC IPC Service (Samba 4.17.3-Debian)
SMB1 disabled -- no workgroup available
El lun, 28 nov 2022 a las 12:40, Juan Ignacio (<juan.ignacio.pazos at gmail.com>)
escribió:
> I'm on a windows client, logged in with the OURDOMAIN\administrator
> account.
>
> The content of /etc/samba/user.map
>
> !root = OURDOMAIN\Administrator
>
> The smb.conf.
>
> [global]
> log file = /var/log/samba/%m.log
> log level = 1
> realm = OURDOMAIN.ORG
> security = ADS
> server role = member server
> username map = /etc/samba/user.map
> workgroup = OURDOMAIN
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
> idmap config kennedy : backend = rid
> idmap config kennedy : range = 10000-9999999
>
>
> On unix.
>
> I checked the shares with smbclient and i got Invalid Token
>
> root at memberdc:/etc/samba# smbclient -L \\\\10.20.1.55 -U administrator
> Password for [OURDOMAIN\administrator]:
> session setup failed: NT_STATUS_INVALID_TOKEN
>
> if i do the same with other domain user i got the shares correctly.
>
> smbclient -L \\\\10.20.1.55 -U pepito
> Password for [OURDOMAIN\pepito]:
>
> Sharename Type Comment
> --------- ---- -------
> sharetest Disk
> test Disk
> IPC$ IPC IPC Service (Samba 4.17.3-Debian)
> SMB1 disabled -- no workgroup available
>
> El lun, 28 nov 2022 a las 12:39, Juan Ignacio (<
> juan.ignacio.pazos at gmail.com>) escribió:
>
>> I'm on a windows client, logged in with the OURDOMAIN\administrator
>> account.
>>
>> The content of /etc/samba/user.map
>>
>> !root = OURDOMAIN\Administrator
>>
>> The smb.conf.
>>
>> [global]
>> log file = /var/log/samba/%m.log
>> log level = 1
>> realm = OURDOMAIN.ORG
>> security = ADS
>> server role = member server
>> username map = /etc/samba/user.map
>> workgroup = OURDOMAIN
>> idmap config * : backend = tdb
>> idmap config * : range = 3000-7999
>> idmap config kennedy : backend = rid
>> idmap config kennedy : range = 10000-9999999
>>
>>
>> On unix.
>>
>> I checked the shares with smbclient and i got Invalid Token
>>
>> root at memberdc:/etc/samba# smbclient -L \\\\10.20.1.55 -U administrator
>> Password for [KENNEDY\administrator]:
>> session setup failed: NT_STATUS_INVALID_TOKEN
>>
>> if i do the same with other domain user i got the shares correctly.
>>
>> smbclient -L \\\\10.20.1.55 -U pepito
>> Password for [OURDOMAIN\pepito]:
>>
>> Sharename Type Comment
>> --------- ---- -------
>> sharetest Disk
>> test Disk
>> IPC$ IPC IPC Service (Samba 4.17.3-Debian)
>> SMB1 disabled -- no workgroup available
>>
>>
>> El lun, 28 nov 2022 a las 12:26, Rowland Penny via samba (<
>> samba at lists.samba.org>) escribió:
>>
>>>
>>>
>>> On 28/11/2022 15:18, Juan Ignacio wrote:
>>> > I am having some problems accessing the shares of the new member
>>> server.
>>> > I can access the shares with my domain account but cannot access them
>>> > with the administrator account.
>>>
>>>
>>> How are you trying to connect as Administrator ?
>>>
>>> What is in your username map ?
>>>
>>> You should have:
>>>
>>> !root = OURDOMAIN\Administrator
>>>
>>> This should then map Administrator to root when you connect from Windows.
>>>
>>> Never use Administrator on a Linux machine, use root or sudo.
>>>
>>> Rowland
>>>
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>>
>>
More information about the samba
mailing list