Juan Ignacio
2022-Nov-28 15:40 UTC
[Samba] Migrate and Update (Samba 4.1 ADDC to Samba Latest Version on different Server).
I'm on a windows client, logged in with the OURDOMAIN\administrator
account.
The content of /etc/samba/user.map
!root = OURDOMAIN\Administrator
The smb.conf.
[global]
log file = /var/log/samba/%m.log
log level = 1
realm = OURDOMAIN.ORG
security = ADS
server role = member server
username map = /etc/samba/user.map
workgroup = OURDOMAIN
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config kennedy : backend = rid
idmap config kennedy : range = 10000-9999999
On unix.
I checked the shares with smbclient and i got Invalid Token
root at memberdc:/etc/samba# smbclient -L \\\\10.20.1.55 -U administrator
Password for [OURDOMAIN\administrator]:
session setup failed: NT_STATUS_INVALID_TOKEN
if i do the same with other domain user i got the shares correctly.
smbclient -L \\\\10.20.1.55 -U pepito
Password for [OURDOMAIN\pepito]:
Sharename Type Comment
--------- ---- -------
sharetest Disk
test Disk
IPC$ IPC IPC Service (Samba 4.17.3-Debian)
SMB1 disabled -- no workgroup available
El lun, 28 nov 2022 a las 12:39, Juan Ignacio (<juan.ignacio.pazos at
gmail.com>)
escribi?:
> I'm on a windows client, logged in with the OURDOMAIN\administrator
> account.
>
> The content of /etc/samba/user.map
>
> !root = OURDOMAIN\Administrator
>
> The smb.conf.
>
> [global]
> log file = /var/log/samba/%m.log
> log level = 1
> realm = OURDOMAIN.ORG
> security = ADS
> server role = member server
> username map = /etc/samba/user.map
> workgroup = OURDOMAIN
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
> idmap config kennedy : backend = rid
> idmap config kennedy : range = 10000-9999999
>
>
> On unix.
>
> I checked the shares with smbclient and i got Invalid Token
>
> root at memberdc:/etc/samba# smbclient -L \\\\10.20.1.55 -U administrator
> Password for [KENNEDY\administrator]:
> session setup failed: NT_STATUS_INVALID_TOKEN
>
> if i do the same with other domain user i got the shares correctly.
>
> smbclient -L \\\\10.20.1.55 -U pepito
> Password for [OURDOMAIN\pepito]:
>
> Sharename Type Comment
> --------- ---- -------
> sharetest Disk
> test Disk
> IPC$ IPC IPC Service (Samba 4.17.3-Debian)
> SMB1 disabled -- no workgroup available
>
>
> El lun, 28 nov 2022 a las 12:26, Rowland Penny via samba (<
> samba at lists.samba.org>) escribi?:
>
>>
>>
>> On 28/11/2022 15:18, Juan Ignacio wrote:
>> > I am having some problems accessing the shares of the new member
server.
>> > I can access the shares with my domain account but cannot access
them
>> > with the administrator account.
>>
>>
>> How are you trying to connect as Administrator ?
>>
>> What is in your username map ?
>>
>> You should have:
>>
>> !root = OURDOMAIN\Administrator
>>
>> This should then map Administrator to root when you connect from
Windows.
>>
>> Never use Administrator on a Linux machine, use root or sudo.
>>
>> Rowland
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>
Juan Ignacio
2022-Nov-28 15:47 UTC
[Samba] Migrate and Update (Samba 4.1 ADDC to Samba Latest Version on different Server).
I'm on a windows client, logged in with the OURDOMAIN\administrator
account.
The content of /etc/samba/user.map
!root = OURDOMAIN\Administrator
The smb.conf.
[global]
log file = /var/log/samba/%m.log
log level = 1
realm = OURDOMAIN.ORG
security = ADS
server role = member server
username map = /etc/samba/user.map
workgroup = OURDOMAIN
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config ourdomain: backend = rid
idmap config ourdomain: range = 10000-9999999
On unix.
I checked the shares with smbclient and i got Invalid Token
root at memberdc:/etc/samba# smbclient -L \\\\10.20.1.55 -U administrator
Password for [OURDOMAIN\administrator]:
session setup failed: NT_STATUS_INVALID_TOKEN
if i do the same with other domain user i got the shares correctly.
smbclient -L \\\\10.20.1.55 -U pepito
Password for [OURDOMAIN\pepito]:
Sharename Type Comment
--------- ---- -------
sharetest Disk
test Disk
IPC$ IPC IPC Service (Samba 4.17.3-Debian)
SMB1 disabled -- no workgroup available
El lun, 28 nov 2022 a las 12:40, Juan Ignacio (<juan.ignacio.pazos at
gmail.com>)
escribi?:
> I'm on a windows client, logged in with the OURDOMAIN\administrator
> account.
>
> The content of /etc/samba/user.map
>
> !root = OURDOMAIN\Administrator
>
> The smb.conf.
>
> [global]
> log file = /var/log/samba/%m.log
> log level = 1
> realm = OURDOMAIN.ORG
> security = ADS
> server role = member server
> username map = /etc/samba/user.map
> workgroup = OURDOMAIN
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
> idmap config kennedy : backend = rid
> idmap config kennedy : range = 10000-9999999
>
>
> On unix.
>
> I checked the shares with smbclient and i got Invalid Token
>
> root at memberdc:/etc/samba# smbclient -L \\\\10.20.1.55 -U administrator
> Password for [OURDOMAIN\administrator]:
> session setup failed: NT_STATUS_INVALID_TOKEN
>
> if i do the same with other domain user i got the shares correctly.
>
> smbclient -L \\\\10.20.1.55 -U pepito
> Password for [OURDOMAIN\pepito]:
>
> Sharename Type Comment
> --------- ---- -------
> sharetest Disk
> test Disk
> IPC$ IPC IPC Service (Samba 4.17.3-Debian)
> SMB1 disabled -- no workgroup available
>
> El lun, 28 nov 2022 a las 12:39, Juan Ignacio (<
> juan.ignacio.pazos at gmail.com>) escribi?:
>
>> I'm on a windows client, logged in with the OURDOMAIN\administrator
>> account.
>>
>> The content of /etc/samba/user.map
>>
>> !root = OURDOMAIN\Administrator
>>
>> The smb.conf.
>>
>> [global]
>> log file = /var/log/samba/%m.log
>> log level = 1
>> realm = OURDOMAIN.ORG
>> security = ADS
>> server role = member server
>> username map = /etc/samba/user.map
>> workgroup = OURDOMAIN
>> idmap config * : backend = tdb
>> idmap config * : range = 3000-7999
>> idmap config kennedy : backend = rid
>> idmap config kennedy : range = 10000-9999999
>>
>>
>> On unix.
>>
>> I checked the shares with smbclient and i got Invalid Token
>>
>> root at memberdc:/etc/samba# smbclient -L \\\\10.20.1.55 -U
administrator
>> Password for [KENNEDY\administrator]:
>> session setup failed: NT_STATUS_INVALID_TOKEN
>>
>> if i do the same with other domain user i got the shares correctly.
>>
>> smbclient -L \\\\10.20.1.55 -U pepito
>> Password for [OURDOMAIN\pepito]:
>>
>> Sharename Type Comment
>> --------- ---- -------
>> sharetest Disk
>> test Disk
>> IPC$ IPC IPC Service (Samba 4.17.3-Debian)
>> SMB1 disabled -- no workgroup available
>>
>>
>> El lun, 28 nov 2022 a las 12:26, Rowland Penny via samba (<
>> samba at lists.samba.org>) escribi?:
>>
>>>
>>>
>>> On 28/11/2022 15:18, Juan Ignacio wrote:
>>> > I am having some problems accessing the shares of the new
member
>>> server.
>>> > I can access the shares with my domain account but cannot
access them
>>> > with the administrator account.
>>>
>>>
>>> How are you trying to connect as Administrator ?
>>>
>>> What is in your username map ?
>>>
>>> You should have:
>>>
>>> !root = OURDOMAIN\Administrator
>>>
>>> This should then map Administrator to root when you connect from
Windows.
>>>
>>> Never use Administrator on a Linux machine, use root or sudo.
>>>
>>> Rowland
>>>
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>>
>>
Rowland Penny
2022-Nov-28 15:52 UTC
[Samba] Migrate and Update (Samba 4.1 ADDC to Samba Latest Version on different Server).
On 28/11/2022 15:40, Juan Ignacio wrote:> I'm on a windows client, logged in with the OURDOMAIN\administrator account. > > The content of /etc/samba/user.map > > !root = OURDOMAIN\Administrator > > The smb.conf. > > [global] > ? ? ? ? log file = /var/log/samba/%m.log > ? ? ? ? log level = 1 > ? ? ? ? realm = OURDOMAIN.ORG <http://OURDOMAIN.ORG> > ? ? ? ? security = ADS > ? ? ? ? server role = member server > ? ? ? ? username map = /etc/samba/user.map > ? ? ? ? workgroup = OURDOMAIN > ? ? ? ? idmap config * : backend = tdb > ? ? ? ? idmap config * : range = 3000-7999 > ? ? ? ? idmap config kennedy : backend = rid > ? ? ? ? idmap config kennedy : range = 10000-9999999 > > > On unix. > > I checked the shares with smbclient and i got Invalid Token > > root at memberdc:/etc/samba# smbclient -L \\\\10.20.1.55 -U administrator > Password for [OURDOMAIN\administrator]: > session setup failed: NT_STATUS_INVALID_TOKEN > > if i do the same with other domain user i got the shares correctly. > > ?smbclient -L \\\\10.20.1.55 -U pepito > Password for [OURDOMAIN\pepito]: > > ? ? ? ? Sharename ? ? ? Type ? ? ?Comment > ? ? ? ? --------- ? ? ? ---- ? ? ?------- > ? ? ? ? sharetest ? ? ? Disk > ? ? ? ? test ? ? ? ? ? ?Disk > ? ? ? ? IPC$ ? ? ? ? ? ?IPC ? ? ? IPC Service (Samba 4.17.3-Debian) > SMB1 disabled -- no workgroup available >NEVER use Administrator on a Unix machine. Administrator is the Windows administrator with thr RID '500', so with your DOMAIN low range it will have the Unix ID 10500, it is just a normal Unix user. However that isn't your real problem, try adding this line: min domain uid = 0 Restart Samba and try again, but only for test purposes, after that never use Administrator directly on Unix. Rowland