I'm currently trying to get a Samba 4.3.4 DC added to an existing AD domain
with one Server 2008 and one 2008R2 controller. I'm having an issue here
that seems to be related the fact that, in the default Winbind mapping,
Administrator gets UID 0. I am not currently using any POSIX extensions inside
the AD LDAP, I'm just having Winbind use LDB/TDB to map the UIDs. For
whatever reason, administrator gets UID 0. With this configuration I seem to be
able to hit the "sysvol" share on this DC as any user except
administrator, but with the domain\administrator account I get an error in
Windows that "the parameter is incorrect."
So, my two questions are:
- How do I map the domain\administrator account to a UID other than 0.
- If this isn't possible in this config, is there a way around "the
parameter is incorrect" error?
I'm running Samba 4.3.4 (compiled myself from sources) on CentOS 7.
I've disabled SELinux at this point. I tried using the "samba-tool
ntacl sysvolreset" utility to fix permissions on the sysvol tree, and that
has added some ACL entries, but has not resolved the above error.
Thanks,
Nick
=This e-mail may contain SEAKR Engineering (SEAKR) Confidential and Proprietary
Information. If this message is not intended for you, you are strictly
prohibited from using this message, its contents or attachments in any way. If
you have received this message in error, please delete the message from your
mailbox. This e-mail may contain export-controlled material and should be
handled accordingly.