[Samba] Migrate and Update (Samba 4.1 ADDC to Samba Latest Version on different Server).

Mon Nov 28 16:11:16 UTC 2022

I didn't log into unix directly, I logged on a windows machine.
The problem is I needed the administrator account to manage some gpos and
move the files from one member server to another and rewrite the
permissions, timestamp and file ownership on windows.
If I write a file on the member it shows as root what seems correct for me
because I don't want anyone accessing that share right now.
At least until I finish migrating the files.

Administrator is the Windows
> administrator with thr RID '500', so with your DOMAIN low range it will
> have the Unix ID 10500, it is just a normal Unix user.
>

How can I know that?

We are not mapping administrator to root?

OURDOMAIN\administrator is not equal to root and the uid=0?

Sorry im trying to understand better.

El lun, 28 nov 2022 a las 12:53, Rowland Penny via samba (<
samba at lists.samba.org>) escribió:

>
>
> On 28/11/2022 15:40, Juan Ignacio wrote:
> > I'm on a windows client, logged in with the OURDOMAIN\administrator
> account.
> >
> > The content of /etc/samba/user.map
> >
> > !root = OURDOMAIN\Administrator
> >
> > The smb.conf.
> >
> > [global]
> >          log file = /var/log/samba/%m.log
> >          log level = 1
> >          realm = OURDOMAIN.ORG <http://OURDOMAIN.ORG>
> >          security = ADS
> >          server role = member server
> >          username map = /etc/samba/user.map
> >          workgroup = OURDOMAIN
> >          idmap config * : backend = tdb
> >          idmap config * : range = 3000-7999
> >          idmap config kennedy : backend = rid
> >          idmap config kennedy : range = 10000-9999999
> >
> >
> > On unix.
> >
> > I checked the shares with smbclient and i got Invalid Token
> >
> > root at memberdc:/etc/samba# smbclient -L \\\\10.20.1.55 -U administrator
> > Password for [OURDOMAIN\administrator]:
> > session setup failed: NT_STATUS_INVALID_TOKEN
> >
> > if i do the same with other domain user i got the shares correctly.
> >
> >   smbclient -L \\\\10.20.1.55 -U pepito
> > Password for [OURDOMAIN\pepito]:
> >
> >          Sharename       Type      Comment
> >          ---------       ----      -------
> >          sharetest       Disk
> >          test            Disk
> >          IPC$            IPC       IPC Service (Samba 4.17.3-Debian)
> > SMB1 disabled -- no workgroup available
> >
>
> NEVER use Administrator on a Unix machine. Administrator is the Windows
> administrator with thr RID '500', so with your DOMAIN low range it will
> have the Unix ID 10500, it is just a normal Unix user.
> However that isn't your real problem, try adding this line:
>
> min domain uid = 0
>
> Restart Samba and try again, but only for test purposes, after that
> never use Administrator directly on Unix.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>