mail at rhizomatic-nomad.net
2023-Nov-27 18:45 UTC
[Samba] Mapping the Domain Administrator Account to the Local root User
The user rights I've granted, but this "min domain uid = 0? parameter seems to be important and is not documented in the Samba wiki. After adding it I can access the files and administrate the fileserver as wanted. Sinni On 27.11.2023 19:05:29, Luis Peromarta via samba wrote:> Also, did you grant users rights to manage services in Member Servers ? > > http://samba.bigbird.es/doku.php?id=samba:server-privileges > > LP > On Nov 27, 2023 at 19:02 +0100, Luis Peromarta via samba <samba at lists.samba.org>, wrote: > > Looks like your root mapping isn?t working. > > > > Did you add "min domain uid = 0? to smb.conf ? > > > > See 'Mapping the AD Administrator user to ?root?' : > > > > http://samba.bigbird.es/doku.php?id=samba:file-server > > > > On Nov 27, 2023 at 18:58 +0100, mail--- via samba <samba at lists.samba.org>, wrote: > > > Hello, > > > > > > recently I've "updated" an AD member file server to an up-to-date Debian > > > 12, following the wiki page Setting_up_Samba_as_a_Domain_Member. Some > > > years ago I did the same with a Debian 10 VM, of which I used the data > > > disks in the new fileserver. It uses the "rid" backend, acl and is > > > configured via RSAT tools. > > > > > > Either I didn't follow the wiki page in the "Mapping the Domain > > > Administrator Account to the Local root User" part or it was not yet > > > existent years ago when I've configured the Debian 10 Samba. > > > > > > Anyways, in the actual configuration I used the username map as it's > > > part of the wiki. But then, I wasn't able to access the Samba member > > > fileserver with the computer management to check/change the permissions of my > > > shares, as the computer management didn't get access to the fileserver. > > > And, ironically, the Administrator user was also not able to access > > > their home files ("normal" users on the contrary were able to do this). > > > While the login process itself worked and the "gpresult /r" signalised, > > > that the process worked for users and administrators. > > > > > > After commenting out the "username map" parameter I've gained access to the > > > fileserver via "computer management" again and the administrator can > > > access their (redirected) folders and files again. > > > > > > While it's nice that it's working again, I wonder why and in which cases > > > the mapping is necessary? > > > > > > All the best > > > Sinni > > > > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: https://lists.samba.org/mailman/options/samba > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Luis Peromarta
2023-Nov-27 18:47 UTC
[Samba] Mapping the Domain Administrator Account to the Local root User
Glad to hear it?s working. The min uid setting is documented in the Samba Wiki in the ?troubleshooting member server? page I think. LP On 27 Nov 2023 at 18:46 +0000, mail at rhizomatic-nomad.net, wrote:> > The user rights I've granted, but this "min domain uid = 0? parameter > seems to be important and is not documented in the Samba wiki.