[Samba] More on sysvol maintenance
Luis Peromarta
lperoma at icloud.com
Wed May 24 15:48:22 UTC 2023
I never got this right… :(
Which option is safer ? This is a production environment. All users and groups have bid / guid numbers.
Will removing guid from domain admins break anything else ? I use my own username mad\Luis (domain admin) to do stuff on the domain and member servers. Most shares have full permission for domain admins. Will this break anything?
I also never got to properly work the user.map as in
username map = /usr/local/samba/etc/user.map
With content
!root = SAMDOM\Administrator
Is this needed for DCs also ?
Thanks Rowland for your patience.
On 24 May 2023 at 17:32 +0200, samba at lists.samba.org, wrote:
>
> Remove 'idmap_ldb:use rfc2307 = yes' from your DC's smb.conf , this will
> allow the DC to ignore the rfc2307 attributes (all of them) and Domain
> Admims will become a Windows group again (you will probably need to run
> 'net cache flush')
>
> Remove the gidNumber attribute from Domain Admins
More information about the samba
mailing list