[Samba] administrator account unknown on a DC member
Rowland Penny
rpenny at samba.org
Thu May 16 14:37:07 UTC 2024
On Thu, 16 May 2024 16:00:43 +0200
Nicolas Boissé via samba <samba at lists.samba.org> wrote:
> Hello
>
> On a DC member, I can see all AD users with "getent passwd" command,
> except the Administrator account.
>
> The administrator account has a UIDnumber (3002).
>
> my smb.conf :
>
> ...
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
> idmap config DOM:backend = ad
> idmap config DOM:schema_mode = rfc2307
> idmap config DOM:range = 10000-999999
> idmap config DOM:unix_nss_info = yes
> ...
>
> Any idea of what's wrong with it ?
>
You are using the 'ad' idmap backend and have given Administrator a
UidNumber attribute containing the number '3002'. This normally makes
Administrator a normal user, not an administrative user, but, in your
case, '3002' is in the default '*' range and beneath the 'DOM' range
start '10000', so it will be ignored.
To put it another way, if you could get it wrong, you got it wrong in
the right way ;-)
I suggest you remove the uidNumber (and any other RFC2307 attributes)
you added to Administrator, you do not use Administrator on Linux, you
use root.
Rowland
More information about the samba
mailing list