samba - Mar 2014 - Administrator uid is 3000000 not 0 as root

Hello!
W alse have a problem when folders and files created as Administrator have owner
uid as 3000000 not 0 as, I understand, it must be. Because of this programs
can't define samba user name by uid.
I googled and saw that there are other people who had the same problem. The only
solution I found is to create one more user with uid 3000000 in addc but I
don't think it's the best way. So, can you advice us how to solve this
problem?

On Fri, 2014-03-21 at 00:05 +0400, ????????? ????????
wrote:
>  Hello!
> W alse have a problem when folders and files created as Administrator have
owner uid as 3000000 not 0 as, I understand, it must be. Because of this
programs can't define samba user name by uid.
> I googled and saw that there are other people who had the same problem. The
only solution I found is to create one more user with uid 3000000 in addc but I
don't think it's the best way. So, can you advice us how to solve this
problem?
> 
> 
Hi
You've set Administrator to uid 3000000 in AD? More likely, the 3000000
is derived from the SID S-1-5-32-544, set as builtin\administrators in
idmap.ldb. In that same db, Administrator with RID 500 is indeed set as
0.

My recommendation would be to set whatever uid you wish for all your
users in AD and always pull the information from there. This is effected
by adding the uidNumber attribute to the domain user. Windows doesn't
care what it is.

We may be able to help more if you can post more information such as
samba version and smb.conf.

HTH
Steve

????????? ???????? wrote:
>  Hello!
> W alse have a problem when folders and files created as Administrator have
owner uid as 3000000 not 0 as, I understand, it must be. Because of this
programs can't define samba user name by uid.
Administrator is a builtin on a Windows system. 
There is no domain equivalent, so you probably shouldn't
try to put one there.

The Administrators group is also a built-in local group on
windows with no Domain equivalent, However:

    SID: S-1-5-32-544
    Name: Administrators
    Description: A built-in group. After the initial installation of the
    operating system, the only member of the group is the Administrator
    account. When a computer joins a domain, the Domain Admins group is
    added to the Administrators group. When a server becomes a domain
    controller, the Enterprise Admins group also is added to the
    Administrators group.


---
So I think, what you are looking for is the Domain Admins group --- to 
enable
domain admin access, which "_should_" [not always automatic, in my 
experience]
have that put in each Administrators group on each machine.  From the
above text from a "Well-known SIDs" page on MS's website, the
Domain Admins
groups should automatically be added to the Administrators group on a
local machine when it joins a domain, but I have had to make that change
manually in most cases.

You can rename your linux root account to 'Administrator' if you are
really inclined to do so, but I'd suggest rename Administrator account on
client machines to 'root' if you want the names to be consistent.

If you create a 'Administrator' account in Samba, you'd have to
create
it as a Domain user -- and that will be different than the built-in
Administrator (they'll have different GUIDS).

Good luck...