mail at rhizomatic-nomad.net
2023-Nov-27 17:57 UTC
[Samba] Mapping the Domain Administrator Account to the Local root User
Hello, recently I've "updated" an AD member file server to an up-to-date Debian 12, following the wiki page Setting_up_Samba_as_a_Domain_Member. Some years ago I did the same with a Debian 10 VM, of which I used the data disks in the new fileserver. It uses the "rid" backend, acl and is configured via RSAT tools. Either I didn't follow the wiki page in the "Mapping the Domain Administrator Account to the Local root User" part or it was not yet existent years ago when I've configured the Debian 10 Samba. Anyways, in the actual configuration I used the username map as it's part of the wiki. But then, I wasn't able to access the Samba member fileserver with the computer management to check/change the permissions of my shares, as the computer management didn't get access to the fileserver. And, ironically, the Administrator user was also not able to access their home files ("normal" users on the contrary were able to do this). While the login process itself worked and the "gpresult /r" signalised, that the process worked for users and administrators. After commenting out the "username map" parameter I've gained access to the fileserver via "computer management" again and the administrator can access their (redirected) folders and files again. While it's nice that it's working again, I wonder why and in which cases the mapping is necessary? All the best Sinni
Luis Peromarta
2023-Nov-27 18:01 UTC
[Samba] Mapping the Domain Administrator Account to the Local root User
Looks like your root mapping isn?t working. Did you add "min domain uid = 0? to smb.conf ? See 'Mapping the AD Administrator user to ?root?' : http://samba.bigbird.es/doku.php?id=samba:file-server On Nov 27, 2023 at 18:58 +0100, mail--- via samba <samba at lists.samba.org>, wrote:> Hello, > > recently I've "updated" an AD member file server to an up-to-date Debian > 12, following the wiki page Setting_up_Samba_as_a_Domain_Member. Some > years ago I did the same with a Debian 10 VM, of which I used the data > disks in the new fileserver. It uses the "rid" backend, acl and is > configured via RSAT tools. > > Either I didn't follow the wiki page in the "Mapping the Domain > Administrator Account to the Local root User" part or it was not yet > existent years ago when I've configured the Debian 10 Samba. > > Anyways, in the actual configuration I used the username map as it's > part of the wiki. But then, I wasn't able to access the Samba member > fileserver with the computer management to check/change the permissions of my > shares, as the computer management didn't get access to the fileserver. > And, ironically, the Administrator user was also not able to access > their home files ("normal" users on the contrary were able to do this). > While the login process itself worked and the "gpresult /r" signalised, > that the process worked for users and administrators. > > After commenting out the "username map" parameter I've gained access to the > fileserver via "computer management" again and the administrator can > access their (redirected) folders and files again. > > While it's nice that it's working again, I wonder why and in which cases > the mapping is necessary? > > All the best > Sinni > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba