Bob of Donelson Trophy
2017-Jan-02 18:09 UTC
[Samba] retire first member server Administrator account complaint
I have been working towards retiring my first member server. (Sernet 4.2.14??) Moved all the user files, checked and double checked the ACL's and all seems good. My users redirect folders to my member servers with a GPO policy. I use roaming profiles (again via GPO) that have been confirmed as working properly against the newer member server (running Samba 4.5.3 from source.) Now, the Administrator . . . I am not sure if this is a Samba issue or a Windows issue. The latter, I suspect, but, I ask here first. When I turn off the first server and access the Administrator account to, for example, make any adjustments via ADUC. While the Administrator is signing into the "system" it is complaining about cannot access the "Desktop" from Mbr01 (hostname of first member server.) I see no indication via ADUC that the Administrator account is being redirected nor is it or has it ever (that I remember, first member server is almost three years old) used a roaming profile. I have always "left the Administrator account alone" as far any ADDC account changes like those done with regular users and/or test users. So, first question, is this a Samba4 DC issue or just a Windows (W10 & W7) client issue? -- _______________________________ Bob Wooden of Donelson Trophy
Rowland Penny
2017-Jan-02 19:02 UTC
[Samba] retire first member server Administrator account complaint
On Mon, 02 Jan 2017 12:09:19 -0600 Bob of Donelson Trophy via samba <samba at lists.samba.org> wrote:> I have been working towards retiring my first member server. (Sernet > 4.2.14??) Moved all the user files, checked and double checked the > ACL's and all seems good. > > My users redirect folders to my member servers with a GPO policy. I > use roaming profiles (again via GPO) that have been confirmed as > working properly against the newer member server (running Samba 4.5.3 > from source.) > > Now, the Administrator . . . I am not sure if this is a Samba issue > or a Windows issue. The latter, I suspect, but, I ask here first. > When I turn off the first server and access the Administrator account > to, for example, make any adjustments via ADUC. While the > Administrator is signing into the "system" it is complaining about > cannot access the "Desktop" from Mbr01 (hostname of first member > server.) > > I see no indication via ADUC that the Administrator account is being > redirected nor is it or has it ever (that I remember, first member > server is almost three years old) used a roaming profile. I have > always "left the Administrator account alone" as far any ADDC account > changes like those done with regular users and/or test users. > > So, first question, is this a Samba4 DC issue or just a Windows (W10 & > W7) client issue? >I cannot see this being a Samba problem, as I presume Administrator is only being mapped to root, either by a user.map in smb.conf on the Unix domain members or in idmap.ldb on a DC. The only thing that I can think of that might make it a Samba issue (and it is a tenuous link) is, does 'Administrator' have any attributes that point to the old domain member ? Rowland