Luis Peromarta
2023-Nov-27 18:01 UTC
[Samba] Mapping the Domain Administrator Account to the Local root User
Looks like your root mapping isn?t working. Did you add "min domain uid = 0? to smb.conf ? See 'Mapping the AD Administrator user to ?root?' : http://samba.bigbird.es/doku.php?id=samba:file-server On Nov 27, 2023 at 18:58 +0100, mail--- via samba <samba at lists.samba.org>, wrote:> Hello, > > recently I've "updated" an AD member file server to an up-to-date Debian > 12, following the wiki page Setting_up_Samba_as_a_Domain_Member. Some > years ago I did the same with a Debian 10 VM, of which I used the data > disks in the new fileserver. It uses the "rid" backend, acl and is > configured via RSAT tools. > > Either I didn't follow the wiki page in the "Mapping the Domain > Administrator Account to the Local root User" part or it was not yet > existent years ago when I've configured the Debian 10 Samba. > > Anyways, in the actual configuration I used the username map as it's > part of the wiki. But then, I wasn't able to access the Samba member > fileserver with the computer management to check/change the permissions of my > shares, as the computer management didn't get access to the fileserver. > And, ironically, the Administrator user was also not able to access > their home files ("normal" users on the contrary were able to do this). > While the login process itself worked and the "gpresult /r" signalised, > that the process worked for users and administrators. > > After commenting out the "username map" parameter I've gained access to the > fileserver via "computer management" again and the administrator can > access their (redirected) folders and files again. > > While it's nice that it's working again, I wonder why and in which cases > the mapping is necessary? > > All the best > Sinni > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Luis Peromarta
2023-Nov-27 18:05 UTC
[Samba] Mapping the Domain Administrator Account to the Local root User
Also, did you grant users rights to manage services in Member Servers ? http://samba.bigbird.es/doku.php?id=samba:server-privileges LP On Nov 27, 2023 at 19:02 +0100, Luis Peromarta via samba <samba at lists.samba.org>, wrote:> Looks like your root mapping isn?t working. > > Did you add "min domain uid = 0? to smb.conf ? > > See 'Mapping the AD Administrator user to ?root?' : > > http://samba.bigbird.es/doku.php?id=samba:file-server > > On Nov 27, 2023 at 18:58 +0100, mail--- via samba <samba at lists.samba.org>, wrote: > > Hello, > > > > recently I've "updated" an AD member file server to an up-to-date Debian > > 12, following the wiki page Setting_up_Samba_as_a_Domain_Member. Some > > years ago I did the same with a Debian 10 VM, of which I used the data > > disks in the new fileserver. It uses the "rid" backend, acl and is > > configured via RSAT tools. > > > > Either I didn't follow the wiki page in the "Mapping the Domain > > Administrator Account to the Local root User" part or it was not yet > > existent years ago when I've configured the Debian 10 Samba. > > > > Anyways, in the actual configuration I used the username map as it's > > part of the wiki. But then, I wasn't able to access the Samba member > > fileserver with the computer management to check/change the permissions of my > > shares, as the computer management didn't get access to the fileserver. > > And, ironically, the Administrator user was also not able to access > > their home files ("normal" users on the contrary were able to do this). > > While the login process itself worked and the "gpresult /r" signalised, > > that the process worked for users and administrators. > > > > After commenting out the "username map" parameter I've gained access to the > > fileserver via "computer management" again and the administrator can > > access their (redirected) folders and files again. > > > > While it's nice that it's working again, I wonder why and in which cases > > the mapping is necessary? > > > > All the best > > Sinni > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Apparently Analagous Threads
- Mapping the Domain Administrator Account to the Local root User
- Mapping the Domain Administrator Account to the Local root User
- Mapping the Domain Administrator Account to the Local root User
- Where samba store printer/driver information?
- Permissions issue on domain member server (samba as an appliance)