adam_xu at adagene.com.cn
2019-Jun-03  15:09 UTC
[Samba] How to fix mapping Administrator to root
Hi Rowland, Yes. all users primary group is "domain users". my "domain admins" has a gidNumber. Best, yours Adam From: Rowland penny via samba Date: 2019-06-03 22:44 To: sambalist Subject: Re: [Samba] How to fix mapping Administrator to root On 03/06/2019 15:29, adam_xu at adagene.com.cn wrote:> Hi Rowland, > > I have checked that Adinistrator is a member of "Domain Admins" in ADUC. > Base Permission of the share folder is 0770 and own is root and the > groups is "domain admins" in linux. > since "smbstatus -b" show that administrator's group is root. Is this > related to my previous configuration? I once give a uidNumber to > administrator.I wouldn't think so, whilst Administrator is mapped to the user 'root' in idmap.ldb and in your user.map on the Unix domain member, its primary group is (like every other AD user) is Domain Users> > here's full contant in my smb.conf > [global] > security = ADS > workgroup = NTBAOBEI > realm = NTBAOBEI.COM > > log file = /var/log/samba/%m.log > log level = 3 passdb:5 auth:5 winbind:5 > > idmap config * : backend = tdb > idmap config * : range = 3000-7999 > idmap config NTBAOBEI:backend = ad > idmap config NTBAOBEI:schema_mode = rfc2307 > idmap config NTBAOBEI:range = 10000-999999 > idmap config NTBAOBEI:unix_nss_info = yes > > winbind use default domain = Yes > winbind enum users = Yes > winbind enum groups = Yes > winbind offline logon = yes > winbind refresh tickets = yes > access based share enum = yes > hide unreadable = yes > > username map = /etc/samba/user.map > > load printers = no > vfs objects = acl_xattr > map acl inherit = yes > store dos attributes = yes > [IT] > path = /srv/samba/IT/ > read only = no > > > cat /etc/samba/user.map > !root = NTBAOBEI\Administrator >There doesn't seem to be anything wrong there, are you sure that you have followed this: https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs Does 'Domain Admins' have a gidNumber ? Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
On 03/06/2019 16:09, adam_xu at adagene.com.cn wrote:> Hi Rowland, > > Yes. all users primary group is "domain users". > > my "domain admins" has a gidNumber. >Have you followed this: https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs Is DNS setup correctly ? and is it working ? Rowland
adam_xu at adagene.com.cn
2019-Jun-04  00:27 UTC
[Samba] How to fix mapping Administrator to root
Hi Rowland , I have followed the wiki's step, the DNS works OK and I have use the fileserver for 2 years. here's a share folder "IT"'s acl getfacl IT/ # file: IT/ # owner: root # group: domain\040admins user::rwx user:root:rwx group::rwx group:domain\040admins:rwx group:it:rwx mask::rwx other::--- default:user::rwx default:user:root:rwx default:group::--- default:group:domain\040admins:rwx default:group:it:rwx default:mask::rwx default:other::--- and another user in "domain admins" group work fine. only the administrator maped to root can not access any share folder. Best, 徐星亚 天演药业(苏州)有限公司 苏州工业园区星湖街218号生物纳米园C14幢4楼 邮编: 215123 电话: 86-512-8777-3585 From: Rowland penny via samba Date: 2019-06-03 23:42 To: sambalist Subject: Re: [Samba] How to fix mapping Administrator to root On 03/06/2019 16:09, adam_xu at adagene.com.cn wrote:> Hi Rowland, > > Yes. all users primary group is "domain users". > > my "domain admins" has a gidNumber. >Have you followed this: https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs Is DNS setup correctly ? and is it working ? Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba