[Samba] Migrate and Update (Samba 4.1 ADDC to Samba Latest Version on different Server).

Rowland Penny rpenny at samba.org
Mon Nov 28 16:44:19 UTC 2022

On 28/11/2022 16:11, Juan Ignacio wrote:
> I didn't log into unix directly, I logged on a windows machine.
> The problem is I needed the administrator account to manage some gpos 
> and move the files from one member server to another and rewrite the 
> permissions, timestamp and file ownership on windows.
> If I write a file on the member it shows as root what seems correct for 
> me because I don't want anyone accessing that share right now.
> At least until I finish migrating the files.
>     Administrator is the Windows
>     administrator with thr RID '500', so with your DOMAIN low range it will
>     have the Unix ID 10500, it is just a normal Unix user. 
> How can I know that?
> We are not mapping administrator to root?
> OURDOMAIN\administrator is not equal to root and the uid=0?
> Sorry im trying to understand better.

You are (or were) mapping Administrator to root, you had in smb.conf 
this line:

username map = /etc/samba/user.map

which should contain one line:

!root = OURDOMAIN\Administrator

This would, when Administrator connects via Samba have mapped the 
Windows user 'Administrator' to the Unix user 'root'
However, due to a recent change, any RID under '1000' is ignored unless 
you also set 'min uid = 0' in smb.conf

If you run 'getent passwd Administrator' on a Unix machine, you should 
get something like this:


This is using the 'rid' idmap backend.

As you can see, Unix knows 'Administrator by the ID '10500'. '10500' != 
'0' ('0' being the Unix ID for 'root')

Do not do anything directly on Unix as Administrator, If you want to use 
Administrator on Unix, use the 'root' user instead.

I hope this helps.


More information about the samba mailing list