[Samba] Migrate and Update (Samba 4.1 ADDC to Samba Latest Version on different Server).
Rowland Penny
rpenny at samba.org
Mon Nov 28 15:52:12 UTC 2022
On 28/11/2022 15:40, Juan Ignacio wrote:
> I'm on a windows client, logged in with the OURDOMAIN\administrator account.
>
> The content of /etc/samba/user.map
>
> !root = OURDOMAIN\Administrator
>
> The smb.conf.
>
> [global]
> log file = /var/log/samba/%m.log
> log level = 1
> realm = OURDOMAIN.ORG <http://OURDOMAIN.ORG>
> security = ADS
> server role = member server
> username map = /etc/samba/user.map
> workgroup = OURDOMAIN
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
> idmap config kennedy : backend = rid
> idmap config kennedy : range = 10000-9999999
>
>
> On unix.
>
> I checked the shares with smbclient and i got Invalid Token
>
> root at memberdc:/etc/samba# smbclient -L \\\\10.20.1.55 -U administrator
> Password for [OURDOMAIN\administrator]:
> session setup failed: NT_STATUS_INVALID_TOKEN
>
> if i do the same with other domain user i got the shares correctly.
>
> smbclient -L \\\\10.20.1.55 -U pepito
> Password for [OURDOMAIN\pepito]:
>
> Sharename Type Comment
> --------- ---- -------
> sharetest Disk
> test Disk
> IPC$ IPC IPC Service (Samba 4.17.3-Debian)
> SMB1 disabled -- no workgroup available
>
NEVER use Administrator on a Unix machine. Administrator is the Windows
administrator with thr RID '500', so with your DOMAIN low range it will
have the Unix ID 10500, it is just a normal Unix user.
However that isn't your real problem, try adding this line:
min domain uid = 0
Restart Samba and try again, but only for test purposes, after that
never use Administrator directly on Unix.
Rowland
More information about the samba
mailing list