Rowland Penny
2023-Oct-28 07:09 UTC
[Samba] Permissions issue on domain member server (samba as an appliance)
On Fri, 27 Oct 2023 16:14:52 -0400 Greg Dickie <greg at justaguy.ca> wrote:> Hey Rowland, > > Hmmm. I may have misunderstood. I don't believe it explicitly said to > do that but I took it as that. Should I create a local Administrator > account instead? >The whole idea behind the user map on a Unix domain member is to map the Domain Administrator account (RID 500) to the Unix user 'root'. When you do something on Windows as 'Administrator' is done on Unix as 'root'. I would never use 'Administrator' directly on Unix and here is why: I use the 'rid' idmap backend and if I run 'getent passwd administrator', I get: administrator:*:10500:10513::/home/administrator:/bin/bash As you can see 'Administrator' has the ID '10500', which makes it a normal Unix user with no special powers. However, from Windows via Samba, the 'Administrator' ID is set to '0' by the user map and I hope you realise what other Unix user has the ID '0'. If you haven't realised yet, no, do not create a local Administrator, for one thing, you already have one :-) Rowland
Greg Dickie
2023-Oct-29 20:35 UTC
[Samba] Permissions issue on domain member server (samba as an appliance)
Hey Rowland, Sorry, I'm thick. I understand why you would not want to create a linux user called Administrator but then where will the credentials come from? In my AD, I do not have a user called Administrator. I guess I must have a user with RID 500 though, I'll look for that. Thanks for your help, Greg On Sat, Oct 28, 2023 at 3:09?AM Rowland Penny via samba < samba at lists.samba.org> wrote:> On Fri, 27 Oct 2023 16:14:52 -0400 > Greg Dickie <greg at justaguy.ca> wrote: > > > Hey Rowland, > > > > Hmmm. I may have misunderstood. I don't believe it explicitly said to > > do that but I took it as that. Should I create a local Administrator > > account instead? > > > > The whole idea behind the user map on a Unix domain member is to map > the Domain Administrator account (RID 500) to the Unix user 'root'. > When you do something on Windows as 'Administrator' is done on Unix as > 'root'. > > I would never use 'Administrator' directly on Unix and here is why: > > I use the 'rid' idmap backend and if I run 'getent passwd > administrator', I get: > > administrator:*:10500:10513::/home/administrator:/bin/bash > > As you can see 'Administrator' has the ID '10500', which makes it a > normal Unix user with no special powers. However, from Windows via > Samba, the 'Administrator' ID is set to '0' by the user map and I hope > you realise what other Unix user has the ID '0'. > > If you haven't realised yet, no, do not create a local Administrator, > for one thing, you already have one :-) > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- Greg Dickie just a guy 514-983-5400
Reasonably Related Threads
- Permissions issue on domain member server (samba as an appliance)
- Permissions issue on domain member server (samba as an appliance)
- Permissions issue on domain member server (samba as an appliance)
- Permissions issue on domain member server (samba as an appliance)
- Permissions issue on domain member server (samba as an appliance)