Luis Peromarta
2023-Nov-27 18:05 UTC
[Samba] Mapping the Domain Administrator Account to the Local root User
Also, did you grant users rights to manage services in Member Servers ? http://samba.bigbird.es/doku.php?id=samba:server-privileges LP On Nov 27, 2023 at 19:02 +0100, Luis Peromarta via samba <samba at lists.samba.org>, wrote:> Looks like your root mapping isn?t working. > > Did you add "min domain uid = 0? to smb.conf ? > > See 'Mapping the AD Administrator user to ?root?' : > > http://samba.bigbird.es/doku.php?id=samba:file-server > > On Nov 27, 2023 at 18:58 +0100, mail--- via samba <samba at lists.samba.org>, wrote: > > Hello, > > > > recently I've "updated" an AD member file server to an up-to-date Debian > > 12, following the wiki page Setting_up_Samba_as_a_Domain_Member. Some > > years ago I did the same with a Debian 10 VM, of which I used the data > > disks in the new fileserver. It uses the "rid" backend, acl and is > > configured via RSAT tools. > > > > Either I didn't follow the wiki page in the "Mapping the Domain > > Administrator Account to the Local root User" part or it was not yet > > existent years ago when I've configured the Debian 10 Samba. > > > > Anyways, in the actual configuration I used the username map as it's > > part of the wiki. But then, I wasn't able to access the Samba member > > fileserver with the computer management to check/change the permissions of my > > shares, as the computer management didn't get access to the fileserver. > > And, ironically, the Administrator user was also not able to access > > their home files ("normal" users on the contrary were able to do this). > > While the login process itself worked and the "gpresult /r" signalised, > > that the process worked for users and administrators. > > > > After commenting out the "username map" parameter I've gained access to the > > fileserver via "computer management" again and the administrator can > > access their (redirected) folders and files again. > > > > While it's nice that it's working again, I wonder why and in which cases > > the mapping is necessary? > > > > All the best > > Sinni > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
mail at rhizomatic-nomad.net
2023-Nov-27 18:45 UTC
[Samba] Mapping the Domain Administrator Account to the Local root User
The user rights I've granted, but this "min domain uid = 0? parameter seems to be important and is not documented in the Samba wiki. After adding it I can access the files and administrate the fileserver as wanted. Sinni On 27.11.2023 19:05:29, Luis Peromarta via samba wrote:> Also, did you grant users rights to manage services in Member Servers ? > > http://samba.bigbird.es/doku.php?id=samba:server-privileges > > LP > On Nov 27, 2023 at 19:02 +0100, Luis Peromarta via samba <samba at lists.samba.org>, wrote: > > Looks like your root mapping isn?t working. > > > > Did you add "min domain uid = 0? to smb.conf ? > > > > See 'Mapping the AD Administrator user to ?root?' : > > > > http://samba.bigbird.es/doku.php?id=samba:file-server > > > > On Nov 27, 2023 at 18:58 +0100, mail--- via samba <samba at lists.samba.org>, wrote: > > > Hello, > > > > > > recently I've "updated" an AD member file server to an up-to-date Debian > > > 12, following the wiki page Setting_up_Samba_as_a_Domain_Member. Some > > > years ago I did the same with a Debian 10 VM, of which I used the data > > > disks in the new fileserver. It uses the "rid" backend, acl and is > > > configured via RSAT tools. > > > > > > Either I didn't follow the wiki page in the "Mapping the Domain > > > Administrator Account to the Local root User" part or it was not yet > > > existent years ago when I've configured the Debian 10 Samba. > > > > > > Anyways, in the actual configuration I used the username map as it's > > > part of the wiki. But then, I wasn't able to access the Samba member > > > fileserver with the computer management to check/change the permissions of my > > > shares, as the computer management didn't get access to the fileserver. > > > And, ironically, the Administrator user was also not able to access > > > their home files ("normal" users on the contrary were able to do this). > > > While the login process itself worked and the "gpresult /r" signalised, > > > that the process worked for users and administrators. > > > > > > After commenting out the "username map" parameter I've gained access to the > > > fileserver via "computer management" again and the administrator can > > > access their (redirected) folders and files again. > > > > > > While it's nice that it's working again, I wonder why and in which cases > > > the mapping is necessary? > > > > > > All the best > > > Sinni > > > > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: https://lists.samba.org/mailman/options/samba > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Apparently Analagous Threads
- Mapping the Domain Administrator Account to the Local root User
- Mapping the Domain Administrator Account to the Local root User
- Mapping the Domain Administrator Account to the Local root User
- Where samba store printer/driver information?
- Where samba store printer/driver information?