[Samba] Migrate and Update (Samba 4.1 ADDC to Samba Latest Version on different Server).

Juan Ignacio juan.ignacio.pazos at gmail.com
Mon Nov 28 15:47:19 UTC 2022 

 I'm on a windows client, logged in with the OURDOMAIN\administrator
account.

The content of /etc/samba/user.map

!root = OURDOMAIN\Administrator

The smb.conf.

[global]
        log file = /var/log/samba/%m.log
        log level = 1
        realm = OURDOMAIN.ORG
        security = ADS
        server role = member server
        username map = /etc/samba/user.map
        workgroup = OURDOMAIN
        idmap config * : backend = tdb
        idmap config * : range = 3000-7999
        idmap config ourdomain: backend = rid
        idmap config ourdomain: range = 10000-9999999


On unix.

I checked the shares with smbclient and i got Invalid Token

root at memberdc:/etc/samba# smbclient -L \\\\10.20.1.55 -U administrator
Password for [OURDOMAIN\administrator]:
session setup failed: NT_STATUS_INVALID_TOKEN

if i do the same with other domain user i got the shares correctly.

 smbclient -L \\\\10.20.1.55 -U pepito
Password for [OURDOMAIN\pepito]:

        Sharename       Type      Comment
        ---------       ----      -------
        sharetest       Disk
        test            Disk
        IPC$            IPC       IPC Service (Samba 4.17.3-Debian)
SMB1 disabled -- no workgroup available

El lun, 28 nov 2022 a las 12:40, Juan Ignacio (<juan.ignacio.pazos at gmail.com>)
escribió:

> I'm on a windows client, logged in with the OURDOMAIN\administrator
> account.
>
> The content of /etc/samba/user.map
>
> !root = OURDOMAIN\Administrator
>
> The smb.conf.
>
> [global]
>         log file = /var/log/samba/%m.log
>         log level = 1
>         realm = OURDOMAIN.ORG
>         security = ADS
>         server role = member server
>         username map = /etc/samba/user.map
>         workgroup = OURDOMAIN
>         idmap config * : backend = tdb
>         idmap config * : range = 3000-7999
>         idmap config kennedy : backend = rid
>         idmap config kennedy : range = 10000-9999999
>
>
> On unix.
>
> I checked the shares with smbclient and i got Invalid Token
>
> root at memberdc:/etc/samba# smbclient -L \\\\10.20.1.55 -U administrator
> Password for [OURDOMAIN\administrator]:
> session setup failed: NT_STATUS_INVALID_TOKEN
>
> if i do the same with other domain user i got the shares correctly.
>
>  smbclient -L \\\\10.20.1.55 -U pepito
> Password for [OURDOMAIN\pepito]:
>
>         Sharename       Type      Comment
>         ---------       ----      -------
>         sharetest       Disk
>         test            Disk
>         IPC$            IPC       IPC Service (Samba 4.17.3-Debian)
> SMB1 disabled -- no workgroup available
>
> El lun, 28 nov 2022 a las 12:39, Juan Ignacio (<
> juan.ignacio.pazos at gmail.com>) escribió:
>
>> I'm on a windows client, logged in with the OURDOMAIN\administrator
>> account.
>>
>> The content of /etc/samba/user.map
>>
>> !root = OURDOMAIN\Administrator
>>
>> The smb.conf.
>>
>> [global]
>>         log file = /var/log/samba/%m.log
>>         log level = 1
>>         realm = OURDOMAIN.ORG
>>         security = ADS
>>         server role = member server
>>         username map = /etc/samba/user.map
>>         workgroup = OURDOMAIN
>>         idmap config * : backend = tdb
>>         idmap config * : range = 3000-7999
>>         idmap config kennedy : backend = rid
>>         idmap config kennedy : range = 10000-9999999
>>
>>
>> On unix.
>>
>> I checked the shares with smbclient and i got Invalid Token
>>
>> root at memberdc:/etc/samba# smbclient -L \\\\10.20.1.55 -U administrator
>> Password for [KENNEDY\administrator]:
>> session setup failed: NT_STATUS_INVALID_TOKEN
>>
>> if i do the same with other domain user i got the shares correctly.
>>
>>  smbclient -L \\\\10.20.1.55 -U pepito
>> Password for [OURDOMAIN\pepito]:
>>
>>         Sharename       Type      Comment
>>         ---------       ----      -------
>>         sharetest       Disk
>>         test            Disk
>>         IPC$            IPC       IPC Service (Samba 4.17.3-Debian)
>> SMB1 disabled -- no workgroup available
>>
>>
>> El lun, 28 nov 2022 a las 12:26, Rowland Penny via samba (<
>> samba at lists.samba.org>) escribió:
>>
>>>
>>>
>>> On 28/11/2022 15:18, Juan Ignacio wrote:
>>> > I am having some problems accessing the shares of the new member
>>> server.
>>> > I can access the shares with my domain account but cannot access them
>>> > with the administrator account.
>>>
>>>
>>> How are you trying to connect as Administrator ?
>>>
>>> What is in your username map ?
>>>
>>> You should have:
>>>
>>> !root = OURDOMAIN\Administrator
>>>
>>> This should then map Administrator to root when you connect from Windows.
>>>
>>> Never use Administrator on a Linux machine, use root or sudo.
>>>
>>> Rowland
>>>
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>

More information about the samba mailing list