samba - Jan 2018 - Domain Administrator cannot map Samba Share from Windows 7

I changed our Samba file server to be a member of the Active Directory domain.
This way, domain
users on Windows 7 workstations can map Samba shares with domain credentials
automatically. That
bit works fine.

Problem #1: 

I use the Domain Administrator account (Administrator) as the main login account
for the SQL
Server host (also Windows 7).  I can still log into that host with the
Administrator
credentials, but I can no longer map Samba shares even though I enter the
correct domain
credentials.  I now get "Access is denied".  I can map the Samba
shares on that host using the
credentials of other domain users (actual users). 

I probably shouldn't have used that account in the first place, but I did.
Is there a way
around this or do I have create a new domain account for this purpose? 

Problem #2:

In one of the SQL Server scripts, I have:

SET @NetworkPath = '\\OHPRSstorage\Backups\SQLServerBackup\'

which used to work before I changed OHPRSstorage (the Samba file server) to be a
domain member
and do AD authentication. This script is run as SQL Server user 'sa',
which likely has no
authorization to access the NetworkPath. I'm not even sure what userID it
uses to try the
access.

Is there a way around this?

Thanks, Mark

Hello Mark,

Problem #1: on Samba file server, which is a member of Samba Active
Directory domain, you may need to map Administrator account to root:
/etc/samba/smb.conf:
# user Administrator workaround, without it you are unable to set privileges
username map = /etc/samba/user.map

/etc/samba/user.map:
!root = SAMDOM\Administrator SAMDOM\administrator
or
!root = SAMDOM\Administrator SAMDOM\administrator Administrator
administrator

Problem #2: In SQL script, try to map network drive using domain
credentials of the user who has write permissions to the share (drawback:
you'll have to specify user password in the command), e.g.:
EXEC XP_CMDSHELL 'net use X: \\OHPRSstorage\Backups\SQLServerBackup
/user:SAMDOM\USERNAME USERPASSWORD'
After that use mapped drive in the script.

Regards,
Matt

On Fri, Jan 5, 2018 at 11:32 AM, Mark Foley via samba <samba at
lists.samba.org
> wrote:
> I changed our Samba file server to be a member of the Active Directory
> domain. This way, domain
> users on Windows 7 workstations can map Samba shares with domain
> credentials automatically. That
> bit works fine.
>
> Problem #1:
>
> I use the Domain Administrator account (Administrator) as the main login
> account for the SQL
> Server host (also Windows 7).  I can still log into that host with the
> Administrator
> credentials, but I can no longer map Samba shares even though I enter the
> correct domain
> credentials.  I now get "Access is denied".  I can map the Samba
shares on
> that host using the
> credentials of other domain users (actual users).
>
> I probably shouldn't have used that account in the first place, but I
did.
> Is there a way
> around this or do I have create a new domain account for this purpose?
>
> Problem #2:
>
> In one of the SQL Server scripts, I have:
>
> SET @NetworkPath = '\\OHPRSstorage\Backups\SQLServerBackup\'
>
> which used to work before I changed OHPRSstorage (the Samba file server)
> to be a domain member
> and do AD authentication. This script is run as SQL Server user
'sa',
> which likely has no
> authorization to access the NetworkPath. I'm not even sure what userID
it
> uses to try the
> access.
>
> Is there a way around this?
>
> Thanks, Mark
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>