Le 21/11/2019 ? 15:15, Rowland penny via samba a ?crit?:> On 21/11/2019 14:00, Julien TEHERY via samba wrote: >>> Not entirely sure, but why does 'Administrator' own something on a >>> Unix machine, it should be 'root'. >>> >>> Rowland >>> >>> >> Even with root as owner or chmod777 on target directory result in the >> same error. >> >> I also tried to upload it from windows7 64 bits or win10 64 bits >> workstation, same result. >> >> >> So i tried with another user account which is domain administrator >> and has SePrintOperatorPrivileg. Same result. >> >> It's becoming very annoying as printing is at the heart of a very >> important project for us. >> >> >> >> > OK, I will try this a different way, what have you done to make > Administrator into a normal Unix user ? > > Is this on a DC or a Unix domain member ? > > Have you given Administrator a uidNumber attribute ? > > If it is a Unix domain member, are you using a username map in smb.conf > > RowlandIt 's on a samb4/cups domain member (not a DC) The administrator user is the one of the domain, not a local user: id administrator uid=10500(administrator) gid=10513(domain users) groups=10513(domain users),10500(administrator),10518(schema admins),10572(denied rodc password replication group),10519(enterprise admins),10520(group policy creator owners),10512(domain admins),70002(BUILTIN+users),70001(BUILTIN+administrators),744000513(Unix Group+domain users),744000520(Unix Group+group policy creator owners),744000572(Unix Group+denied rodc password replication group),744000518(Unix Group+schema admins),744000519(Unix Group+enterprise admins),744000512(Unix Group+domain admins) And in my smb.conf I have no username map, i only have idmapping like: ?? idmap config *:backend = tdb ?? idmap config *:range = 70001-80000 ?? idmap config MYDOMAIN:backend? = rid ?? idmap config MYDOMAIN:range? = 10000-70000
On 21/11/2019 14:33, Julien TEHERY via samba wrote:> Le 21/11/2019 ? 15:15, Rowland penny via samba a ?crit?: >> On 21/11/2019 14:00, Julien TEHERY via samba wrote: >>>> Not entirely sure, but why does 'Administrator' own something on a >>>> Unix machine, it should be 'root'. >>>> >>>> Rowland >>>> >>>> >>> Even with root as owner or chmod777 on target directory result in >>> the same error. >>> >>> I also tried to upload it from windows7 64 bits or win10 64 bits >>> workstation, same result. >>> >>> >>> So i tried with another user account which is domain administrator >>> and has SePrintOperatorPrivileg. Same result. >>> >>> It's becoming very annoying as printing is at the heart of a very >>> important project for us. >>> >>> >>> >>> >> OK, I will try this a different way, what have you done to make >> Administrator into a normal Unix user ? >> >> Is this on a DC or a Unix domain member ? >> >> Have you given Administrator a uidNumber attribute ? >> >> If it is a Unix domain member, are you using a username map in smb.conf >> >> Rowland > > It 's on a samb4/cups domain member (not a DC) > > The administrator user is the one of the domain, not a local user: > > > id administrator > > uid=10500(administrator) gid=10513(domain users) groups=10513(domain > users),10500(administrator),10518(schema admins),10572(denied rodc > password replication group),10519(enterprise admins),10520(group > policy creator owners),10512(domain > admins),70002(BUILTIN+users),70001(BUILTIN+administrators),744000513(Unix > Group+domain users),744000520(Unix Group+group policy creator > owners),744000572(Unix Group+denied rodc password replication > group),744000518(Unix Group+schema admins),744000519(Unix > Group+enterprise admins),744000512(Unix Group+domain admins) > > > And in my smb.conf I have no username map, i only have idmapping like: > > > ?? idmap config *:backend = tdb > ?? idmap config *:range = 70001-80000 > ?? idmap config MYDOMAIN:backend? = rid > ?? idmap config MYDOMAIN:range? = 10000-70000 > > > >OK, add this line to smb.conf: username map = /etc/samba/user.map Then create /etc/samba/user.map containing just this: !root = MYDOMAIN\Administrator Restart Samba This will map 'Administrator' to 'root', just like it is on a Samba AD DC. Rowland
Le 21/11/2019 ? 15:46, Rowland penny via samba a ?crit?:> On 21/11/2019 14:33, Julien TEHERY via samba wrote: >> Le 21/11/2019 ? 15:15, Rowland penny via samba a ?crit?: >>> On 21/11/2019 14:00, Julien TEHERY via samba wrote: >>>>> Not entirely sure, but why does 'Administrator' own something on a >>>>> Unix machine, it should be 'root'. >>>>> >>>>> Rowland >>>>> >>>>> >>>> Even with root as owner or chmod777 on target directory result in >>>> the same error. >>>> >>>> I also tried to upload it from windows7 64 bits or win10 64 bits >>>> workstation, same result. >>>> >>>> >>>> So i tried with another user account which is domain administrator >>>> and has SePrintOperatorPrivileg. Same result. >>>> >>>> It's becoming very annoying as printing is at the heart of a very >>>> important project for us. >>>> >>>> >>>> >>>> >>> OK, I will try this a different way, what have you done to make >>> Administrator into a normal Unix user ? >>> >>> Is this on a DC or a Unix domain member ? >>> >>> Have you given Administrator a uidNumber attribute ? >>> >>> If it is a Unix domain member, are you using a username map in smb.conf >>> >>> Rowland >> >> It 's on a samb4/cups domain member (not a DC) >> >> The administrator user is the one of the domain, not a local user: >> >> >> id administrator >> >> uid=10500(administrator) gid=10513(domain users) groups=10513(domain >> users),10500(administrator),10518(schema admins),10572(denied rodc >> password replication group),10519(enterprise admins),10520(group >> policy creator owners),10512(domain >> admins),70002(BUILTIN+users),70001(BUILTIN+administrators),744000513(Unix >> Group+domain users),744000520(Unix Group+group policy creator >> owners),744000572(Unix Group+denied rodc password replication >> group),744000518(Unix Group+schema admins),744000519(Unix >> Group+enterprise admins),744000512(Unix Group+domain admins) >> >> >> And in my smb.conf I have no username map, i only have idmapping like: >> >> >> ?? idmap config *:backend = tdb >> ?? idmap config *:range = 70001-80000 >> ?? idmap config MYDOMAIN:backend? = rid >> ?? idmap config MYDOMAIN:range? = 10000-70000 >> >> >> >> > OK, add this line to smb.conf: > > username map = /etc/samba/user.map > > Then create /etc/samba/user.map containing just this: > > !root = MYDOMAIN\Administrator > > Restart Samba > > This will map 'Administrator' to 'root', just like it is on a Samba AD > DC. > > RowlandSame thing with username map.