[Samba] Migrate and Update (Samba 4.1 ADDC to Samba Latest Version on different Server).
Juan Ignacio
juan.ignacio.pazos at gmail.com
Mon Nov 28 16:11:16 UTC 2022
I didn't log into unix directly, I logged on a windows machine.
The problem is I needed the administrator account to manage some gpos and
move the files from one member server to another and rewrite the
permissions, timestamp and file ownership on windows.
If I write a file on the member it shows as root what seems correct for me
because I don't want anyone accessing that share right now.
At least until I finish migrating the files.
Administrator is the Windows
> administrator with thr RID '500', so with your DOMAIN low range it will
> have the Unix ID 10500, it is just a normal Unix user.
>
How can I know that?
We are not mapping administrator to root?
OURDOMAIN\administrator is not equal to root and the uid=0?
Sorry im trying to understand better.
El lun, 28 nov 2022 a las 12:53, Rowland Penny via samba (<
samba at lists.samba.org>) escribió:
>
>
> On 28/11/2022 15:40, Juan Ignacio wrote:
> > I'm on a windows client, logged in with the OURDOMAIN\administrator
> account.
> >
> > The content of /etc/samba/user.map
> >
> > !root = OURDOMAIN\Administrator
> >
> > The smb.conf.
> >
> > [global]
> > log file = /var/log/samba/%m.log
> > log level = 1
> > realm = OURDOMAIN.ORG <http://OURDOMAIN.ORG>
> > security = ADS
> > server role = member server
> > username map = /etc/samba/user.map
> > workgroup = OURDOMAIN
> > idmap config * : backend = tdb
> > idmap config * : range = 3000-7999
> > idmap config kennedy : backend = rid
> > idmap config kennedy : range = 10000-9999999
> >
> >
> > On unix.
> >
> > I checked the shares with smbclient and i got Invalid Token
> >
> > root at memberdc:/etc/samba# smbclient -L \\\\10.20.1.55 -U administrator
> > Password for [OURDOMAIN\administrator]:
> > session setup failed: NT_STATUS_INVALID_TOKEN
> >
> > if i do the same with other domain user i got the shares correctly.
> >
> > smbclient -L \\\\10.20.1.55 -U pepito
> > Password for [OURDOMAIN\pepito]:
> >
> > Sharename Type Comment
> > --------- ---- -------
> > sharetest Disk
> > test Disk
> > IPC$ IPC IPC Service (Samba 4.17.3-Debian)
> > SMB1 disabled -- no workgroup available
> >
>
> NEVER use Administrator on a Unix machine. Administrator is the Windows
> administrator with thr RID '500', so with your DOMAIN low range it will
> have the Unix ID 10500, it is just a normal Unix user.
> However that isn't your real problem, try adding this line:
>
> min domain uid = 0
>
> Restart Samba and try again, but only for test purposes, after that
> never use Administrator directly on Unix.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list