> I'm facing the problem for a while.Yes, but what 'problem' ?> The problem that I can't get Administrator map to root on linux clients (and for security purpose we must change root password on each client)Here are the files below. Thank you much, Rapha?l --------------------------------------------- [global] workgroup = CHAPINS-TEST security = ADS realm = CHAPINS-TEST.ORG winbind refresh tickets = Yes vfs objects = acl_xattr map acl inherit = Yes store dos attributes = Yes dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab winbind use default domain = yes winbind offline logon = yes winbind enum users = yes winbind enum groups = yes load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes log file = /var/log/samba/%m.log log level = 1 # Default ID mapping configuration for local BUILTIN accounts # and groups on a domain member. The default (*) domain: # - must not overlap with any domain ID mapping configuration! # - must use a read-write-enabled back end, such as tdb. idmap config * : backend = tdb idmap config * : range = 3000-7999 # - You must set a DOMAIN backend configuration # idmap config for the CHAPINS-TEST domain idmap config CHAPINS-TEST : backend = rid idmap config CHAPINS-TEST : range = 10000-999999 # Template settings for login shell and home directory template shell = /bin/bash template homedir = /home/%U username map = /etc/samba/user.map ----------------------------------------- /etc/samba/user.map !root = CHAPINS-TEST\Administrator -------------------------------------------
On 03/01/2021 17:47, raphael grosjean via samba wrote:> The problem that I can't get Administrator map to root on linux clients (and for security purpose we must change root password on each client)The way that the username map works is this: You are logged into a Windows machine as Administrator and need to change the permissions on a Samba share. Administrator opens the shares properties tab and then attempts to change something on the share, at this point 'Administrator' is unknown to the Unix machine, but, because of the username map, 'Administrator' becomes 'root' and the changes are allowed, the password is never asked for. If you are attempting to do something else, then tell what you are attempting and I will tell you if it is possible. Rowland