Hi!. I've already read that really useful notebook. Thanks for it.
Sadly, I couldn't find any differences.
All seems work OK without "username map" but as soon as I map
OURDOM\Administrator to root v?a "username map",? I lost
"Sessions" and
"Open files" in RSAT, so I would like to know if I miss something
without that mapping.
Does RSAT sessions and Open Files work with YOURDOM\Administrator mapped
to root in your infraestructure?
Thanks.
Ing Iv?n L?pez
Sistemas - ENRESS
El 28/5/24 a las 14:38, Luis Peromarta via samba
escribi?:> Hola Iv?n,
>
> Good that you use MJT repo, but you probably don?t need it, bookworm back
ports provides the same version these days.
>
> http://samba.bigbird.es/doku.php?id=samba:installing-from-backports
>
>
https://buildd.debian.org/status/package.php?p=samba&suite=bookworm-backports
>
>
> Regarding your member server, may I suggest you check out my notes, based
on official samba wiki:
>
> http://samba.bigbird.es/doku.php?id=samba:file-server
>
> Also for your ACLs:
>
> http://samba.bigbird.es/doku.php?id=samba:configuring-shares
>
> Un saludo,
>
> LP
> On May 28, 2024 at 18:09 +0100, Ivan Lopez via samba<samba at
lists.samba.org>, wrote:
>> Hi, people. I hope you are doing well
>>
>> Could you help me please?. I've a question about "username
map" in SAMBA
>> File Servers
>>
>> We have DCs and File Servers based on Samba? 4.19.6? (from MJT
>> repositoryhttp://www.corpit.ru/mjt/packages/samba bookworm/samba-4.19/
>> ) running over Debian 12.5.
>>
>> When we were configuring file servers, we've followed first the
guide
>> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member.
>> There, it is advised:
>>
>> /You should map the domain Administrator account to the local root
>> account on a Unix domain member. Configuring the mapping allows the
>> domain Administrator to execute file operations as root on the Unix
>> domain member/
>>
>> /Add the following parameter to the [global] section of your smb.conf
file:
>> username map = /usr/local/samba/etc/user.map
>> Create the /usr/local/samba/etc/user.map file with the following
content:
>> !root = SAMDOM\Administrator/
>>
>> /If you are using samba v4.13.14 or later you will also need to add the
>> following to allow mapping to the root user: min domain uid = 0/
>>
>> Actually, our user.map file contains:
>>
>> /!root = OURDOM\Administrator OURDOM\administrator Administrator
>> administrator/
>>
>> After the server was joined, we used
>> https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs.
>> Shares could be configured and used correctly.
>>
>> But, with? "/username map"/ option setted, RSAT
"Sessions" and "Open
>> Files"? stop working saying "You don't have permissions
to view the list
>> ...." (the message was translated from spanish). However, we can
manage
>> shares' permissions v?a RSAT without any problem. By the way, RSAT
runs
>> in windows 10 PC and the user who runs it is logged in as
>> OURDOM\administrator.? Shares can be accessed by clients as they
should.
>>
>> In the File Server's log we can see:
>>
>> /2024/05/27 14:09:59.132155,? 3]
>> source3/rpc_server/rpc_server.c:261(ncacn_terminate_connection)
>> ? ncacn_terminate_connection: Terminating connection - 'dcesrv:
>> NT_STATUS_CONNECTION_DISCONNECTED'
>> [2024/05/27 14:10:03.953721,? 1]
>> source3/rpc_server/srvsvc/srv_srvsvc_nt.c:1639(_srvsvc_NetSessEnum)
>> *Enumerating sessions only allowed for administrators*
>> [2024/05/27 14:10:03.984777,? 3]
>> source3/rpc_server/rpc_server.c:261(ncacn_terminate_connection)/
>>
>> When we disable "username map" option, RSAT behaves as it
should.
>> Besides that, we can manage and access the shares without problems, so
>> the question is:
>>
>> What kind of file operations (or operations in general) could be
>> affected without that mapping, considering that que manage file
>> permissions using windows ACLs and access the shares via SAMBA and
>> Windows only?
>>
>> Thanks in advance.
>>
>> Best Regards.
>>
>> --
>> Ing Iv?n L?pez
>> Sistemas - ENRESS
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:https://lists.samba.org/mailman/options/samba