On 05/11/2019 12:50, Fr?d?ric Goudal via samba wrote:> Hello,
>
> I have the following problem and I don?t find any documentation :
>
> I have an Active Directory domain.
> I have setup a samba server, that I want to use as a file server.
> The samba server has joined the domain, I use winbind and when I do a
getent passwd <user> I have the correct informations for ? standard ?
users.
> I use the uidNumber active directory attribute to the the uid of the user,
this is working.
>
> What I want to do is to copy files from a windows file server to the new
samba server without losing the acl on the files.
>
> To do that I guess I should use the domain administrator login to connect
from the windows server to the samba server and than copy the files.
> But I can?t find any informations on how to connect as a domain
administrator on the samba file server, and I guess the uid of the administrator
should be 0 on the samba file server.
>
> I guess it?s a common problem, but I?m a bit lost.
By default on a Samba AD DC, Administrator is mapped to the Unix user
'root' in idmap.ldb
To get the same mapping on a Unix domain member, you need to add
something like this to smb.conf:
username map = /etc/samba/user.map
and create /etc/samba/user.map containing this:
!root = DOMAIN\Administrator
Where 'DOMAIN' is your workgroup name in uppercase.
You will need to set up the shares correctly, see here:
https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs
You will also need to set up your smb.conf correctly, so it will
probably help if you post your present one.
Rowland