ralph strebbing
2021-Dec-06  20:56 UTC
[Samba] Fwd: Administrator User Has no access to Remote File Server
Forwarding due to not hitting Reply-All: On Mon, Dec 6, 2021, 3:52 PM Rowland Penny <rpenny at samba.org> wrote:> > NO, you must add RFC2307 attributes (uidNumber, gidNumber, uid etc) to > your user & group objects in AD >The '3000000' numbers found on a Samba AD DC are not RFC2307 >attributes, they are 'xidNumber' attributes (the starting 'x' is not a >wildcard) and they are only found on a Samba AD DC.Oh! Well then yes, the users and groups do have RFC2307 attributes, I made sure they were added when we moved from the old NT4 domain. I did not (per the wiki) add the UID to the Administrator user however. It remains to be unset. Ralph
Rowland Penny
2021-Dec-06  21:03 UTC
[Samba] Fwd: Administrator User Has no access to Remote File Server
On Mon, 2021-12-06 at 15:56 -0500, ralph strebbing via samba wrote:> Forwarding due to not hitting Reply-All: > On Mon, Dec 6, 2021, 3:52 PM Rowland Penny <rpenny at samba.org> wrote: > > NO, you must add RFC2307 attributes (uidNumber, gidNumber, uid etc) > > to > > your user & group objects in AD > > The '3000000' numbers found on a Samba AD DC are not RFC2307 > > attributes, they are 'xidNumber' attributes (the starting 'x' is > > not a > > wildcard) and they are only found on a Samba AD DC. > > Oh! Well then yes, the users and groups do have RFC2307 attributes, I > made sure they were added when we moved from the old NT4 domain. > I did not (per the wiki) add the UID to the Administrator user > however. It remains to be unset.Good, never give Administrator a uidNumber attribute, it just becomes a normal user, just try adding 'min domain uid = 0' to the smb.conf on the Unix Domain members and restart Samba. If that does not work, please define 'Administrator user has no access' Rowland