[Samba] old ACL on member server

Rowland Penny rpenny at samba.org
Sun Oct 23 07:12:09 UTC 2022

On 22/10/2022 23:51, Nicolas Canonne via samba wrote:
> Hi Rowland,
> Sorry for the very long feed-back and thanks for your answers
> Issue was well with permissions on shares.
> New shares folders have be created with "SMB\Administrator":"SMB\domain 
> users" permissions

You appear to have a word missing from the sentence above, that word is 
'not', as in:

New shares folders have not to be created with "SMB\Administrator"

Never use Administrator on a Samba machine, you should be using a 
usermap to map Administrator to root, you should have this line in every 
Unix domain member smb.conf:

username map = /etc/samba/user.map

and /etc/samba/user.map should contain just this:

!root = SMB\Administrator

Administrator is automatically mapped to root in idmap.ldb on a Samba DC.

If you have any files/directories belonging to Administrator on any 
Samba machine, I suggest you follow the above and then 'chown' them to root.

> Then, old shared files have been copied to the new shares via Windows 
> client running Administrator account.
> Permissions on new shares are then valid.
> The trick is well to copy files, hoping this will help others.

No, the trick is to do it correctly in the first place.


More information about the samba mailing list