[Samba] Permissions issue on domain member server (samba as an appliance)

Rowland Penny rpenny at samba.org
Sat Oct 28 07:09:01 UTC 2023

On Fri, 27 Oct 2023 16:14:52 -0400
Greg Dickie <greg at justaguy.ca> wrote:

> Hey Rowland,
> Hmmm. I may have misunderstood. I don't believe it explicitly said to
> do that but I took it as that. Should I create a local Administrator
> account instead?

The whole idea behind the user map on a Unix domain member is to map
the Domain Administrator account (RID 500) to the Unix user 'root'.
When you do something on Windows as 'Administrator' is done on Unix as

I would never use 'Administrator' directly on Unix and here is why:

I use the 'rid' idmap backend and if I run 'getent passwd
administrator', I get:


As you can see 'Administrator' has the ID '10500', which makes it a
normal Unix user with no special powers. However, from Windows via
Samba, the 'Administrator' ID is set to '0' by the user map and I hope
you realise what other Unix user has the ID '0'.

If you haven't realised yet, no, do not create a local Administrator,
for one thing, you already have one :-)


More information about the samba mailing list