[Samba] Migrate and Update (Samba 4.1 ADDC to Samba Latest Version on different Server).
Rowland Penny
rpenny at samba.org
Mon Nov 28 16:44:19 UTC 2022
On 28/11/2022 16:11, Juan Ignacio wrote:
> I didn't log into unix directly, I logged on a windows machine.
> The problem is I needed the administrator account to manage some gpos
> and move the files from one member server to another and rewrite the
> permissions, timestamp and file ownership on windows.
> If I write a file on the member it shows as root what seems correct for
> me because I don't want anyone accessing that share right now.
> At least until I finish migrating the files.
>
> Administrator is the Windows
> administrator with thr RID '500', so with your DOMAIN low range it will
> have the Unix ID 10500, it is just a normal Unix user.
>
>
> How can I know that?
>
> We are not mapping administrator to root?
>
> OURDOMAIN\administrator is not equal to root and the uid=0?
>
> Sorry im trying to understand better.
>
You are (or were) mapping Administrator to root, you had in smb.conf
this line:
username map = /etc/samba/user.map
which should contain one line:
!root = OURDOMAIN\Administrator
This would, when Administrator connects via Samba have mapped the
Windows user 'Administrator' to the Unix user 'root'
However, due to a recent change, any RID under '1000' is ignored unless
you also set 'min uid = 0' in smb.conf
If you run 'getent passwd Administrator' on a Unix machine, you should
get something like this:
administrator:*:10500:10513::/home/administrator:/bin/bash
This is using the 'rid' idmap backend.
As you can see, Unix knows 'Administrator by the ID '10500'. '10500' !=
'0' ('0' being the Unix ID for 'root')
Do not do anything directly on Unix as Administrator, If you want to use
Administrator on Unix, use the 'root' user instead.
I hope this helps.
Rowland
More information about the samba
mailing list