Alex Matthews
2013-May-31 11:56 UTC
[Samba] 'Administrator' account (UID 0) on Samba member of a Samba4 AD DC
Hi all,
I have a samba server as member of an AD DC.
In said AD DC there is the 'administrator' user which has the default
UID of 0 (the same as root)
from the ADDC:
# id administrator
uid=0(root) gid=513(SMC\Domain Users) groups=0(root),513(SMC\Domain
Users),3000005(SMC\Group Policy Creator Owners),3000009(SMC\Enterprise
Admins),512(SMC\Domain Admins),3000007(SMC\Schema Admins)
from the member server:
# id administrator
id: administrator: no such user
It also does not appear in wbinfo -u or getent passwd
The issue is that if I log on to a windows machine as the administrator
user I cannot access a share on the member server as it does not
authenticate.
my smb.conf is pretty simple:
[global]
workgroup = SMC
realm = internal.stmaryscollege.co.uk
netbios name = PVE-ARCH-S3-02
security = ADS
encrypt passwords = yes
server role = MEMBER SERVER
idmap config *:backend = tdb
idmap config *:range = 70001-80000
idmap config SMC:backend = ad
idmap config SMC:schema_mode = rfc2307
idmap config SMC:range = 0-40000
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
(Note: I changed the idmap config SMC:range to include '0' as I thought
this might encourage samba to idmap the root user... but no dice...)
Thanks,
Alex
steve
2013-May-31 12:12 UTC
[Samba] 'Administrator' account (UID 0) on Samba member of a Samba4 AD DC
On Fri, 2013-05-31 at 12:56 +0100, Alex Matthews wrote:> Hi all, > > I have a samba server as member of an AD DC. > In said AD DC there is the 'administrator' user which has the default > UID of 0 (the same as root) > from the ADDC: > > # id administrator > uid=0(root) gid=513(SMC\Domain Users) groups=0(root),513(SMC\Domain > Users),3000005(SMC\Group Policy Creator Owners),3000009(SMC\Enterprise > Admins),512(SMC\Domain Admins),3000007(SMC\Schema Admins) > > from the member server: > # id administrator > id: administrator: no such userMap it to root: [global] ... username map = /path/to/usermap ... with /path/to/usermap having something like: root = SMC\\administrator SMC\administrator (not sure about the backslashes so I've put both possibilities)